INTRODUCTION

EHNOTE and its affiliates (“EHNOTE,” “we,” “our,” or “us”) respect and are committed to protecting your privacy. This U.S. State Privacy Law Supplemental Notice (the “Supplement”) supplements our Privacy Policy and describes the types of information EHNOTE may collect about you when you use our products and services, including:

  • Our website (ehnote.com) and affiliated domains (collectively, the “Sites”),
  • Our mobile applications (the “Apps”),
  • Our cloud-based or on-premise electronic health record (EHR) systems and related practice management platforms,
  • Our reminder and text message services,
  • Our patient engagement tools, including messaging systems, and
  • Any other online or offline EHNOTE-provided services (collectively, the “Services”).

If you are a resident of California, Colorado, Delaware, New Jersey, or Oregon, this Supplement may apply to you. Please read it in conjunction with our Privacy Policy. Capitalized terms not defined in this Supplement have the meanings provided in the Privacy Policy.

SCOPE

This Supplement describes your rights and our practices under the following laws:

  • The California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”) (Civil Code Section 1798.100, et seq.),
  • The Colorado Privacy Act,
  • The Delaware Personal Data Privacy Act,
  • The New Jersey Data Privacy Act, and
  • The Oregon Consumer Privacy Act

(collectively referred to as the “Applicable U.S. State Privacy Laws”).

This Supplement outlines rights and obligations regarding your Personal Information (defined below) that are in addition to those described in our Privacy Policy. These additional rights apply only to eligible residents of the above-listed states. In the event of a conflict between this Supplement and the Privacy Policy regarding your Personal Information, this Supplement will govern for those eligible residents.

DEFINITION OF PERSONAL INFORMATION

For the purposes of this Supplement, “Personal Information” (also referred to as “personal data”) means information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

Personal Information does not include:

  • Publicly available information from government records;
  • De-identified or aggregated consumer information;
  • Information excluded from the scope of Applicable U.S. State Privacy Laws, including but not limited to:
    • Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA). Please direct all PHI-related requests to your healthcare provider;
    • Information governed by the California Confidentiality of Medical Information Act; and
    • Clinical trial data or other human subject research data.

For additional information on how we collect, use, and share Personal Information generally, please refer to our Privacy Policy.

Categories of Personal Information We Collect

We have collected the following categories of Personal Information from consumers within the last twelve (12) months, as defined by Applicable U.S. State Privacy Laws:

Category Examples
Identifiers

This category may include your name, alias, postal address, IP address, email address, account name, unique personal identifier, and other similar identifiers.

Under Applicable U.S. State Privacy Laws, a “unique identifier” or “unique personal identifier” means a persistent identifier that can be used to recognize a consumer, a family, or a device linked to a consumer or family over time and across different services. This may include: device identifiers; Internet Protocol (IP) addresses; cookies, beacons, pixel tags, and mobile ad identifiers; customer numbers, user aliases, or pseudonyms; and telephone numbers or other persistent/probabilistic identifiers.

Personal Information Categories Listed in the California Customer Records Act (Cal. Civ. Code § 1798.80(e)) Internet or Other Similar Network Activity

This category may include your name, physical address, telephone number, and financial account details, such as banking or payment card information. Some of this information may also be included in other categories listed below.

This category may include your browsing history, search history, and information about your interaction with our websites, mobile applications, or advertisements.

Commercial Information

This category may include your credit or debit card details and other financial data, product or service purchase history, equipment or device orders, and any related transactional information.

Biometric Information

This category may include voice recordings, from which a biometric identifier (such as a voiceprint) may be extracted. These identifiers may be used to recognize or authenticate a user and may contain personally identifying characteristics.

How We Collect Your Personal Information

We collect each of the categories of your Personal Information listed above in one or more of the following ways:

  1. Directly from You
    We collect Personal Information when you contact us (e.g., via forms you complete on our Sites or Apps, or information you provide when visiting our offices).
  2. Automatically through Usage of the Services
    We automatically collect Personal Information about you when you use the Services, such as usage data and information about your electronic devices. This is done through standard Internet technologies, including cookies, web beacons, and locally stored objects.
    You can manage your cookie preferences by using the “Cookie Settings” link at the bottom of our Sites' homepage. Additionally, you may typically manage or reject cookies via your browser settings by following your browser’s instructions (usually found under “settings,” “help,” “tools,” or “edit”). For more details, visit this link on cookies .
    Please note that third-party cookies, such as those used by advertising networks, are subject to the privacy policies of those third parties, not ours. We do not control how third parties use cookies or other automated technologies.
  3. From Other Sources
    We may also collect Personal Information from other sources, including publicly available databases, data aggregators, marketing companies, and other third parties in accordance with applicable law. For example, if you request information from us on a third-party website, your contact information may be sent to us by that website. We are not responsible for the privacy practices or actions of third parties.

How We Use Your Personal Information

We may use the Personal Information described above for one or more of the following business or commercial purposes:

  1. Provide You with Information and Fulfill Your Requests
    We use your Personal Information to verify your identity or provide the information, products, and services you request. For example, we respond to your questions, offer demos of the Services, or collect your information for security and visitor management purposes when you visit our offices.
  2. Enhance Your Experience
    We use your Personal Information to personalize and improve your experience with our Sites and Services. This includes tailoring content through targeted advertising and remembering your preferences.
  3. Improve the Services
    Your Personal Information helps us improve the content and functionality of our Services, ensuring a better user experience.
  4. In the Event of a Business Transaction
    If we undergo a business transition such as a merger, acquisition, divestiture, restructuring, or sale of all or part of our assets, we may use or disclose your Personal Information in connection with such transactions.
  5. For Legal Purposes
    We may use your Personal Information to investigate or prevent fraud, criminal activity, or harm, or when otherwise required by law, regulation, subpoena, court order, or similar legal process. This may also include protecting our rights or assets.
  6. As Described When Collected
    We may also use your Personal Information as otherwise described at the time of collection or as permitted under Applicable U.S. State Privacy Laws.

How We Disclose, Share, or Sell Your Personal Information

We may disclose your Personal Information to third parties for business or commercial purposes. In the past 12 months, we have disclosed Personal Information to the following categories of third parties:

  1. Internally
    We may disclose your Personal Information to our affiliates, business partners, employees, or others who need access to such information to assist with managing our business relationship with you.
  2. Service Providers and Contractors
    We may share your Personal Information with third-party service providers that assist with services such as email marketing, data analytics, hosting, and other services. These providers help us monitor, improve, and maintain the functionality of the Services.
  3. Advertisers and Advertising Networks
    We may use social media plug-ins, widgets, cookies, or other tools from third parties (like Facebook or other social media companies) to collect and share information. These third parties may use your Personal Information to serve personalized ads. Your interactions with these third parties are governed by their respective privacy policies.
  4. In the Event of a Business Transaction
    If we undergo a merger, acquisition, or sale of assets, we may disclose your Personal Information as part of the transaction.
  5. For Legal Purposes
    We may disclose your Personal Information to comply with legal obligations, such as a subpoena, court order, or similar legal process, or to investigate and prevent fraud or potential harm.
  6. With Your Consent
    We may share your Personal Information with third parties if you have authorized or consented to such disclosures.
  7. Other Disclosures
    We may also disclose your Personal Information for any other purpose disclosed when the information was provided to us.

Do We Sell Your Personal Information?

We do not sell your Personal Information for profit. However, certain activities, such as sharing data with advertisers or using cookies for targeted ads, may be considered “sales” or “sharing” under Applicable U.S. State Privacy Laws. In the past 12 months, we have engaged in these activities in relation to your Personal Information.

We do not knowingly sell or share the Personal Information of consumers under 16 years of age.

Categories of Personal Information Disclosed for Business or Commercial Purposes

Below, we describe the categories of Personal Information we may disclose, as well as the business or commercial purposes for which we disclose them. In some cases, such disclosures may be considered a "sale" or "sharing" under Applicable U.S. State Privacy Law, particularly in relation to targeted advertising.

Category Business or Commercial Purpose Categories of Third Parties to Whom Personal Information was Disclosed That May Be Considered a “Sale/Sharing” or Targeted Advertising
Identifiers To provide you with personalized advertising and content Advertisers and advertising networks (as described above)
Internet or Other Similar Network Activity To provide you with personalized advertising and content Advertisers and advertising networks (as described above)

Global Opt-Out Signal

If you are accessing our website and have a valid opt-out preference signal enabled (e.g., the banking Global Privacy Control ), you will automatically be opted out of the sale or sharing of your information through your browser if required by law. To download and use a browser that supports the opt-out preference signal, please visit Global Privacy Control.

If you choose to use the opt-out preference signal, you will need to enable it for each supported browser or browser extension you use.

Your Rights and Choices under Applicable U.S. State Privacy Law

California Residents

Below is a summary of key privacy rights for California consumers and how to exercise those rights with us. Personal Information does not include Protected Health Information.

Right to Know

You have the right to request disclosure of the following about the Personal Information we collect about you:

  1. The categories of Personal Information collected.
  2. The categories of sources from which we collected your Personal Information.
  3. Our business or commercial purpose for collecting, selling, or sharing your Personal Information.
  4. The categories of third parties with whom we share your Personal Information
  5. The specific pieces of Personal Information we have collected about you (data portability request).

Right to Delete

You have the right to request deletion of your Personal Information that we have collected and retained, with certain exceptions. We may deny deletion requests under specific conditions, such as if the information is excluded under California Privacy Law or required to complete transactions.

Right to Correct Inaccurate Personal Information

You have the right to request correction of any inaccurate Personal Information we maintain about you.

Right to Opt-Out of the Sale or Sharing of Personal Information

If we sell or share Personal Information about you, as defined under California Privacy Law, you may opt out. To exercise this right, submit a request by writing to us at [email protected].

Reauthorization

To download and use a browser that supports the opt-out preference signal, please visit Global Privacy Control.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your rights. However, some features of our Services may be unavailable if you choose to exercise certain rights. We will not:

  1. Deny you goods or services.
  2. Charge you different prices or rates.
  3. Provide a different quality of goods or services.

Exercising Your Rights

You do not need to create an account to exercise your rights. You can submit requests through:

  1. Our email address: [email protected].
  2. By calling us at +1 (747) 222 6099

Requests may only be made by you, your authorized agent, or others with legal authorization (e.g., a parent, guardian, or attorney).

You can submit a Right to Know request only twice within a 12-month period.

Response Timing and Format

We will acknowledge receipt of your request within 10 days and respond within 45 days. If necessary, we may extend the timeline by an additional 45 days, for a total of 90 days.

Shine the Light (California Civil Code § 1798.83)

As a California resident, you have the right to request the names and addresses of third parties who have received Personal Information for direct marketing purposes. To request this information, please refer to the Contact Us section.

Additional Information for Residents of Other States

For residents of Colorado, Delaware, New Jersey, or Oregon, you may have additional rights regarding your Personal Information under state-specific privacy laws. These rights may include:

  1. Right to Know/Access - Confirm whether we process your Personal Information and access it in a portable format.
  2. Right to Delete– Request deletion of your Personal Information.
  3. Right to Correct– Request correction of inaccurate Personal Information.
  4. Right to Opt-Out– Opt-out of targeted advertising, the sale of information, and profiling that leads to significant decisions.
  5. Right to Appeal– Appeal decisions related to exercising your privacy rights.

Exercising Your Privacy Rights

You can submit requests by:

  1. Emailing us: [email protected]
  2. Calling us: +1 (747) 222 6099

Data Retention

We may retain your Personal Information for as long as necessary to fulfill the purposes described or as required by law. When no longer necessary, we will delete your data or anonymize it.

Changes to Our Privacy Notice or This Supplement

We may update this Supplement at any time. Changes will be effective as of the updated date. Please review this document regularly. If we make significant changes, we will notify you directly.

Contact Us

For more information or to exercise your rights, please contact us: