Privacy Policy – Community Wellness Collaborative

Effective Date: February 18, 2021

Introduction
Community Wellness Collaborative is a California not-for-profit corporation
(“Collaborative” “us,” “we,” or “our”) respects the privacy concerns of our patients,
customers, donors, visitors, volunteers, board members, and all users of our website,
https://communitywellness.org, centers, and all other products and services
(collectively, the “Services”).  We are committed to protecting and respecting your
privacy.  This Privacy Policy (the “Privacy Policy”) and any other documents referred to
in it sets forth the basis on which any personal data we collect from you, or that you
provide to us, in connection with the Services will be processed by us. We are providing
this Privacy Policy so that you can better understand how we collect, use, and share
information that is gathered using our Services.
We may change provisions of this Policy from time to time and will indicate when
changes have been made by revising the date at the top of this Policy.  We encourage
you to review the Policy whenever you access the Services to make sure that you
understand our practices.  If we make material changes to this Policy, we will provide
you with additional notice.
It’s important that you read the following carefully to understand our practices.  Please
also review the Terms and Conditions at https://communitywellness.orgterms-
conditions/.  If you are a patient of ours and we are processing personal information on
your behalf, please review the accompanying HIPAA policies at
https://communitywellness.orghipaa-notice/. If you have any questions or unresolved
privacy concerns, please contact us at info@communitywellness.org.
Data Protection Across the Globe
Data protection laws vary among countries, with some providing more protection than
others. Regardless of where your information is processed, we apply common
protections described in this policy. These protections align with well-known standards
such as ISO 27001:2017 and others.
Information that We Collect
Information that you provide to us:  We may collect information that you provide
when using our Services, such as when you:  (1) create an account; (2) book an
appointment for our Services; (3) participate in events or promotions; (4) send questions
or comments via email or live chat; (5) interact with our receptionists, practitioners,
volunteers, or customer support team; (6) apply for a job with us online; (7) fill out
surveys; or (8) otherwise communicate with us through or about our Services.  The
types of personal information that you provide may include your name, email address,
telephone number, mailing address, credit card information, and other contact or

identifying information that you choose to provide. We store, process, and maintain files
and content that you create and/or upload using our Services, as well as other data
related to your account in order to provide the Services to you.
We do not store any credit card information we receive except as necessary to
complete and satisfy our rights and obligations with regard to such transaction, billing
arrangement, and/or as otherwise authorized by you.
Information about use of our Services:  Our servers automatically collect usage
information about your use of the Services, including the webpages visited, number of
log-ins, data displayed or clicked on, actions taken, your language preference, and
other login information. We may collect automated error reports in the case of software
malfunctions, which may contain some or all of the information in your account and
content and may be reviewed to help resolve problems with the Services.
If you participate in a video conference with us, we may record the session and retain
the recordings.  We will notify you first that the session is being recorded so that you
can choose not to participate.  If you participate in a training or course, we may collect
completion data.
We collect information from the device and application you use to access our Services.
Device data mainly means your IP address, operating system version, device type,
device ID/MAC address, system and performance information, and browser type. If you
are on a mobile device we also collect the UUID for that device.
We use a variety of technologies to collect this information, such as first party and third
party cookies and tracking services that employ cookies and page tags (also known as
web beacons). This data includes usage and user statistics. Emails sent by
Collaborative or by users through our Services also include page tags that allow the
sender to collect information about who opened those emails and clicked on links in
them. We provide more information on cookies below and in our Cookie Notice.
Like most websites today, our web servers keep log files that record data each time a
device accesses those servers. The log files contain data about the nature of each
access, including originating IP addresses, internet service providers, the files viewed
on our site (e.g., HTML pages, graphics, etc.), operating system versions, device type
and timestamps.
If you arrive at Collaborative from an external source (such as a link on another website
or in an email), we record information about the source that referred you to us.
Information from third parties and integration partners:  We may obtain personal
information from third parties and combine such information with the information that we
collect through our Services and such information may be used for the purposes
described in the “How We Use the Information We Collect” section below.  For example:

 You give permission to those third parties to share your information with us or
where you have made that information publicly available online.
 You create or log into your account through a third-party social networking site or
one of our integration partners, we will have access to certain information from
that service such as your name and account information.
 If you purchase our Services, we may receive information from our third-party
payment processors.
 We may collect information from unaffiliated third parties so that we can better
understand you and provide you with information and offers that may interest
you.
How We Use the Information We Collect
Use of Information: We may use the personal information collected through our
Services to:
 Operate and improve our Services;
 Send you advertising or promotional materials;
 Provide and deliver the Services you request, process transactions, and send
you related information;
 Send you notices, updates, security alerts, and support and administrative
messages;
 Respond to your comments, questions, and requests and provide you with
requested customer support;
 Monitor and evaluate trends, usage, and activities in connection with our
Services;
 Secure our systems, prevent fraud, and help us to protect the security of your
account;
 Prevent, detect, and investigate potentially prohibited or illegal activities and to
enforce our terms and policies;
 Personalize and improve the Services, and provide content, communications, or
features that match users interests; and
 Link or combine with other information we obtain from third parties to help
understand your needs and provide you with better service.
We reserve the right at all times to review your content and information to help resolve
problems with our software or Services, or to ensure that you remain in compliance with
our Terms and Conditions https://communitywellness.orgterms-conditions/ and other
policies.
Information we may share:  We will never “sell” your personal information (as that
term is defined in the California Consumer Privacy Act).  However, we may share your
personal information with third parties as follows:
 Service Providers:  We use other companies, agents, or contractors to perform
services on our behalf or to assist us with the provision of services to you.  For

example, we engage service providers to provide marketing, advertising,
communications, payment processing, infrastructure and IT services, to
customize, personalize, and optimize our Services, to process payment
transactions, to provide customer service, and to analyze and enhance data.
While providing such services, these service providers may have access to your
personal information.  These service providers have agreed to maintain the
confidentiality, security, and integrity of the personal information that they obtain
from us and we do not authorize them to use or disclose your personal
information except in connection with providing their services.
 Protection of Collaborative and others:  Collaborative and its service providers
may disclose and otherwise use your personal information where we or they
reasonably believe such disclosure is needed to (i) satisfy and applicable law,
regulation, legal process, or governmental request; (ii) enforce applicable terms
of use, including investigation of potential violations; (iii) detect, prevent, or
otherwise address illegal or suspected illegal activity, security, or technical
issues; or (d) protect against harm to the rights, property, safety of Collaborative,
our users, or the public, as required or permitted by law.
 Business transfers:  In connection with any reorganization, restructuring, merger,
or sale, or other transfer of assets, we will transfer information, including personal
information, provided that the receiving party agrees to respect your privacy in a
manner that is consistent with our Privacy Policy.
 With Your Consent:  We may share your personal information when we have
your consent.
Whenever in the course of sharing information, we transfer personal information to
countries within the European Economic Area or other regions with comprehensive data
protection laws, we will ensure that the information is transferred in accordance with this
Privacy Policy and as permitted by the applicable laws on data protection.
Advertising and analytics services provider by others:  We may allow others to
provide analytics services and display advertisements for our Services.  These
providers (for example, Google Analytics) may use cookies, web beacons, device
identifiers, and other tracking technologies that collect information about your use of our
Services.  This information may be used by us and others to determine the popularity of
our Services, deliver advertising and content targeted to your interests in the Services,
and on other websites, apps, and other services, and to better understand your online
activity.  You can find out more about this practice or opt out of your web browsing
activity for interest-based advertising purposes by visiting https://aboutads.info/choices.
You can opt out of Google Analytics by visiting
https://tools.google.com/dlpage/gaoptout.
Where We Store Your Personal Data
Data Storage:  All data that you provide to use through our Services is stored on our
secure servers located in the U.S.  Any payment transactions will be encrypted using
SSL technology; all payment data is stored by our payment processors.  Where we

have given you (or where you have chosen) a password that enables you to access
your account and the Services, you are responsible for keeping this password
confidential.  We recommend that you not share your password and that you change it
frequently.
Data Security:  Collaborative takes reasonable measures to protect your personal
information and your content from loss, misuse, and unauthorized access, disclosure,
modification, and destruction and to ensure that your content remains protected and
available to you.  Unfortunately, the transmission of data via the internet is not
completely secure and although we do our best to protect your personal data, we
cannot guarantee the security of your data transmitted through the Services.  All
transmissions are at your own risk. Contact info@communitywellness.org to receive a
copy.
Data Retention:  Collaborative stores the information we collect for as long as
necessary for the purpose for which it was originally collected and in compliance with
our legal obligations.  The retention periods applied by Collaborative comply with
applicable legislation then in effect, namely:
 For data relating to your account, such data will not be retained beyond your
request that your account be deleted.
 For transactional data relating to your purchases, such data is kept for the entire
period of our contractual relationship, then in accordance with legal obligations
and applicable statute of limitations periods.  Please note that this data does not
include payment card information, which is processed by our third-party payment
processors and not Collaborative.
 For data collected based on your consent to receive marketing communications,
we will use the data until you withdraw your consent or applicable law requires
that such data is no longer used.
 For data collected in connection with your requests or questions, such data is
kept for the period necessary to process and reply to your request or question.
 When cookies or other trackers are placed on your computer, they may be
retained for a period of 12 months.
We may retain certain information for legitimate business purposes or as required by
law.
Third Parties
Third-parties who provide and/or publish content via our Services shall be deemed the
data controllers for any personal data contained in the content uploaded by any such
party to the Services (“Third-Party Content”) and any other personal data processed in
relation to such Third-Party Content. This Privacy Policy only concerns the processing
for which Collaborative is the data controller. If you have any questions regarding
personal data contained in Third-Party Content, please contact the third-party provider
responsible for such Third Party Content.

Children Age 16 and Under
Collaborative’s Services is not directed at children under the age of 16 and we never
knowingly collect personal information from children.  We recognize the special
obligation to protect personally identifiable information obtained from children age 13
and under. IF YOU ARE 16 YEARS OLD OR YOUNGER, THE COMPANY REQUESTS
THAT YOU NOT SUBMIT ANY PERSONALLY IDENTIFIABLE INFORMATION TO
THE SITE OR TO COLLABORATIVE UNLESS IT IS IN RELATION TO PROVIDING
OUR SERVICES AS AGREED TO BY THAT CHILD’S PARENT OR LEGAL
GUARDIAN.
Collaborative nonetheless encourages parents to go online with their kids. Here are a
few tips to help make a child’s online experience safer:
 Teach kids never to give personal information, unless supervised by a parent or
responsible adult. Includes name, address, phone, school, etc.
 Know the sites your kids are visiting and which sites are appropriate.
 Look for Website privacy policies. Know how your child’s information is treated.
 Check out the FTC’s site for more tips on protecting children's privacy online.
How We Use “Cookies” and Other Tracking
Technologies
We use cookies, which are pieces of information that a website transfers to an
individual’s computer hard drive for record keeping purposes, and similar tracking
technologies on our website and when providing our Services.  Cookies make using our
website easier by, among other things, saving your passwords and preferences for you.
These cookies are restricted for use only on our website, and do not transfer any
personal information to any other party.  For more information about how we use these
technologies, including a list of other companies that place cookies on our website, a list
of cookies that we place when we power a customer’s business, and an explanation of
how you can opt out certain types of cookies, please see our Cookie Notice.
Your Choices and Rights
You have several options with respect to your personal information, as follows:
 You may terminate your use of the Services at any time.  However, please note
that Collaborative may still process your personal information as a service
provider to our customers if your personal data.
 If you have created an account, you may at any time access, edit, or delete your
personal information.  Please note that even if you delete information from your
account, or deactivate your account, we may retain certain information as
required by law or for legitimate business purposes.  We may also retain cached
or archived copies of your information for a certain period of time.

 You may opt out of receiving promotional emails, text messages, or mail from
Collaborative by visiting your user settings via the “Edit Your Preferences” or
“Completely Unsubscribe” link in any promotional email.  If you opt out, we may
still send you transactional or relationship messages, such as emails about your
account or updates to our Services.
 If you do not have a user account and wish to delete your email address or other
personal information that you might have provided through your use of our
Services and/or any other services, please email us at:
info@communitywellness.org with the words “Delete My Information” in the
subject line.
Malware/Spyware/Viruses
We do not knowingly permit the use of malware, spyware, viruses, and/or other similar
types of software.
Links to External Sites
Our Services may, from time to time, contain links to and from third party websites, such
as partners, affiliates, and advertisers.  If you follow a link to any external website, it will
have its own privacy policy and we are not responsible for the content or practices of
such third party websites or their policies. We are also not responsible for any
information that you might share with such linked websites. You should refer to each
website’s respective privacy policy and practices before you submit any personal
information.
Data Posted on Social Media Pages
Collaborative community members may have the ability to post content to one or more
Collaborative social media pages. You should be aware that when you voluntarily
disclose personal information in any forum, that information can be collected and used
by others and may result in unsolicited messages from other people. You are
responsible for the personal information you choose to submit in these instances.
Please take care when using these media platforms.
Transfer of Information Across National Borders:
For users located outside the jurisdiction of the United States, Collaborative operates
and processes data in the United States. Information we collect from you will be
processed in the United States, and by using this website you acknowledge and
consent to the processing of your data in the United States.  The United States has not
received a finding of “adequacy” from the European Union under Article 41 of the
GDPR. We collect and transfer to the U.S. personal data only with your consent; to
perform a contract with you; or to fulfill a compelling legitimate interest of ours in a
manner that does not outweigh your rights and freedoms. If we transfer your personal
information to other countries, we will protect that data as described in this Policy or in

our agreement with you and take steps, where necessary, to ensure that international
transfers comply with applicable laws.
Your California Privacy Rights:
Please review the “California Supplemental Privacy Notice” below which is incorporated
as part of this Policy for California residents only.
Residents of the European Economic Area
We provide the representations and information in this section in compliance with
European privacy laws, in particular the European General Data Protection Regulation
(GDPR). If you are a visitor from the European Territories (including the European
Economic Area, Switzerland, and the United Kingdom), our legal basis for collecting and
using the personal data described above will depend on the personal information
concerned and the specific context in which we collect it.
We will normally collect personal data from you where the processing is in our legitimate
interests. In some cases we may collect, and process personal data based on consent.
EU data subjects have certain rights with respect to your personal data that we collect
and process. We respond to all requests we receive from individuals in the EEA wishing
to exercise their data protection rights in accordance with applicable data protection
laws.
 Access, Correction or Deletion. You may request access to, correction of, or
deletion of your personal data.
 Objection. You may object to processing of your personal data where we are
relying on a legitimate interest (or those of a third party) and there is something
about your particular situation which makes you want to object to processing on
this ground as you feel it impacts on your fundamental rights and freedoms. You
also have the right to object where we are processing your personal data for
direct marketing purposes and may do so using the options provided in this
Policy. In some cases, we may demonstrate that we have compelling legitimate
grounds to process your information which override your rights and freedoms.
 Restriction. You have the right to ask us to suspend the processing of your
personal data in the following scenarios: (a) if you want us to establish the data's
accuracy; (b) where our use of the data is unlawful but you do not want us to
erase it; (c) where you need us to hold the data even if we no longer require it as
you need it to establish, exercise or defend legal claims; or (d) you have objected
to our use of your data but we need to verify whether we have overriding
legitimate grounds to use it.
 Portability. You have the right to request the transfer of your personal data to
you or to a third party. We will provide to you, or a third party you have chosen,
your personal data in a structured, commonly used, machine-readable format.
Note that this right only applies to automated information which you initially

provided consent for us to use or where we used the information to perform a
contract with you.
 Withdraw Consent. If we have collected and processed your personal data with
your consent, you can withdraw your consent at any time. Withdrawing your
consent will not affect the lawfulness of any processing we conducted prior to
your withdrawal, nor will it affect processing of your personal data conducted in
reliance on lawful processing grounds other than consent.
 File a complaint. You have the right to file a complaint with a supervisory
authority about our collection and processing of your personal data. To file a
request or act on one of your rights, please contact us at the contact details
provided below. You will not have to pay a fee to access your personal data (or
to exercise any of the other rights). However, we may charge a reasonable fee if
your request is clearly unfounded, repetitive or excessive. Alternatively, we may
refuse to comply with your request in these circumstances.
To submit a request regarding your European Privacy Rights, please see the
instructions at the end of this Privacy Policy. We may need to request specific
information from you to help us confirm your identity and ensure your right to access
your personal data (or to exercise any of your other rights). This is a security measure
to ensure that personal data is not disclosed to any person who has no right to receive
it. We may also contact you to ask you for further information in relation to your request
to speed up our response. We try to respond to all legitimate requests within one month.
Occasionally it may take us longer than a month if your request is particularly complex
or you have made several requests. In this case, we will notify you and keep you
updated.
 Sending an email to info@communitywellness.org
If you are a resident of the European Economic Area and have a data privacy concern
that we are unable to resolve, you have the right to file a complaint/inquiry with the data
privacy authority where you reside.  For contact details of your local Data Protection
Authority, please see:  https://ec.europa.eu/justice/article-29/structure/data-protection-
authorities/index_en.htm
Do Not Track Disclosure
Regulatory agencies such as the U.S. Federal Trade Commission have promoted the
concept of Do Not Track as a mechanism to permit Internet users to control online
tracking activity across websites through their browser settings. Since no industry
standard has been adopted, we currently do not process or comply with any web
browser’s “do-not-track” signal or other similar mechanism that indicates a request to
disable online tracking of individual users who visit the Collaborative website or use our
Services.
Changes to Our Privacy Policy

We may update this Privacy Policy to reflect changes to our data practices.  If we make
any material changes we will notify you by email (sent to the email address specified in
your account) or by means of a notice on our website or in the Services prior to
becoming effective.  We encourage you to periodically review this page for the latest
data on our privacy practices.
Contact Information for Complaints or Concerns
We welcome your questions, comments, and requests regarding our Privacy Policy and
they should be addressed to info@communitywellness.org.  In the alternative you may
reach Collaborative support at 619-546-4806.  Our physical address is 3239 Adams
Avenue, San Diego, CA 92116
Your Acceptance of These Terms
By using our website or Services, you accept the policies and restrictions set forth in
this Privacy Policy. If you do not agree to this policy, please do not use the website or
the Services.

California Supplemental Privacy Notice
THIS SUPPLEMENT IS FOR CALIFORNIA RESIDENTS ONLY
This California Supplemental Privacy Notice (“California Privacy Notice”) supplements
the information contained in the Privacy Policy above and applies solely to visitors,
patients, users, and others who are residents of the State of California. This section
describes your rights under the California Consumer Privacy Act of 2018 (“CCPA”) and
other California laws. Any terms defined in the CCPA have the same meaning as when
used herein.
While we have set out the categories below as required by the CCPA, you can review
our Privacy Policy for examples and other information that describes our data collection
and use, which will not change under this notice.
What is the CCPA?
The CCPA is a California law that provides California residents certain rights to their
personal information.
California residents, called “consumers” in the CCPA, have the following rights:
 The right to request that we disclose certain information to you about our
collection and use of personal information over the past 12 months.
 The right to request that we delete any of your personal information that we
collect from you and retained, subject to certain exceptions.
 The right to opt-out of the sale of personal information by us.

 The right not to receive discriminatory treatment by us for exercising the privacy
rights conferred by the CCPA.
We will explain more about how to exercise these rights below.
When we talk about “personal information” under the CCPA, we mean information that
identifies, relates to, describes, is reasonably capable of being associated with, or could
reasonably be linked to, directly or indirectly, a particular consumer or household.
Personal information does not include publicly available information or information that
is de-identified or aggregate consumer information.  The CCPA does not apply to
personal information covered by certain sector-specific privacy laws, including the Fair
Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California
Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of
1994. It also doesn’t apply to health or medical information covered by the Health
Insurance Portability and Accountability Act of 1996 (HIPAA) and the California
Confidentiality of Medical Information Act (CMIA) or clinical trial data.
Scope of the California Privacy Notice.
Collaborative offers Services to be used by its patients and most of the personal
information we process is done at their direction. This California Privacy Notice only
describes our processing activities for data that we own and control.
This California Privacy Notice does not apply to personal information we collect from
employees or job applicants in their capacity as employees or job applicants. It also
does not apply to personal information we collect from employees, directors, officers, or
contractors in the course of our provision. Therefore, any responses pursuant to the
CCPA may exclude those categories of personal information.
Information We Have Collected About Consumers in the Preceding 12 Months.
All of the categories of personal information we collect about you (as detailed below)
come from the following categories of sources:
 You, including through your use of our Services;
 Automatically collected from you; and
 Third parties, such as when you give permission to social networks to share your
information with us or where you have made your personal information publicly
available online.
The following chart sets out the CCPA categories of personal information we have
collected from consumers within the last twelve (12) months.

Categories of Personal Information

We Collect

Categories of Third Parties with
Which We May Share that Information

Identifiers (such as name, address,
email address)

 Third parties (such as our service
providers and integration
partners)
 Our affiliate companies and
organizations
 Aggregators (such as analytics
services)

Commercial Information (such as
transaction data)

 Third parties (such as our service
providers)
 Our affiliate companies and
organizations
 Aggregators (such as analytics
services)

Financial Data (such as billing
information)

 Third parties (such as our service
providers and integration
partners)

Internet or Other Network or Device
Activity (such as browsing history or app
usage)

 Third parties (such as our service
providers and integration
partners)
 Aggregators (such as analytics
services)

Location Information (e.g. inferred from
your IP address)

 Third parties (such as our service
providers and integration
partners)
 Aggregators (such as analytics
services)

Professional or Employment-Related
Data (such as the name of your
employer)

 Third parties (such as our service
providers and integration
partners)
 Our affiliate companies and
organizations
 Aggregators (such as analytics
services)

Legally Protected Classifications (such
as gender and marital status)

 Third parties (such as our service
providers and integration
partners)
 Our affiliate companies and
organizations

Other Information that Identifies or Can
Be Reasonably Associated with You

 Third parties (such as our service
providers and integration
partners)
 Our affiliate companies and
organizations
 Aggregators (such as analytics
services)

‍The Purposes for Which Personal Information is Collected.
We may collect the personal information we collect for one or more of the following
business purposes:
 Providing our Services;
 For our operational purposes, and the operational purposes of our service
providers and integration partners;
 Improving our existing Services and developing new products and services (e.g.,
by conducting research to develop new products or services);
 Detecting, protecting against, and prosecuting security incidents and fraudulent
or illegal activity;
 Bug detection, error reporting, and activities to maintain the quality or safety of
our website and Services;
 Auditing consumer interactions on our site (for example, measuring ad
impressions);
 Short-term, transient use, such as customizing content that we or our service
providers display;
 Other uses that advance our commercial or economic interests, such as third
party advertising and communicating with you about relevant offers from third
party partners;
 To respond to law enforcement requests and as required by applicable law, court
order, or governmental regulations;
 To evaluate or conduct a merger, divestiture, restructuring, reorganization,
dissolution, or other sale or transfer of some or all of Collaborative's business or
assets, whether as a going concern or as part of bankruptcy, liquidation, or
similar proceeding, in which personal information held by Collaborative is among
the assets transferred; and
 As described to you when collecting your personal information or as otherwise
set forth in the CCPA.
Sale of Your Personal Information.
The CCPA defines a “sale” of personal information as the disclosure, sharing, or making
available of a consumer’s personal information by a business to another business or
third party for monetary or other valuable consideration.  It is not a sale if a consumer
uses or directs the business to intentionally disclose personal information or uses the
business to intentionally interact with a third party. Collaborative does not monetize your

personal information. We share certain information about your device and interaction
with our digital properties to enhance your experience with us and to engage in the
legitimate business purpose of advertising and marketing.
The CCPA requires businesses that “sell” personal information to provide California
residents the right to opt out from such sales. Collaborative does not “sell” your personal
information as we understand that term to be defined by the CCPA and its implementing
regulations. To the extent that you have taken the position that a website’s use of third-
party cookies or similar technology for advertising or analytics constitutes a “sale” under
the CCPA, you may consider Collaborative to have “sold” what the CCPA refers to as
“identifiers” (e.g. IP addresses), “internet or other electronic network activity information”
(e.g. information about an individual’s browsing activity on a Collaborative website), and
“commercial information” (e.g. the fact that a browser visited a webpage directed at
individuals considering purchasing Collaborative Services). Please refer to our Privacy
Policy above for more information, including how to exercise your rights to opt-out or
manage your cookie preferences.
Exercising Your California Privacy Rights.
Only you, or someone legally authorized to act on your behalf, may make a verifiable
consumer request related to your personal information. Agents must submit proof that
they have been authorized by the consumer to act on their behalf. Making a verifiable
consumer request does not require you to create an account with us. We will only use
personal information provided in a verifiable consumer request to verify the requestor’s
identity or authority to make the request.
We verify requests by sending a confirmation email to the requestor and by matching
the identifying information provided by the consumer to the personal information already
maintained by us. We cannot respond to your request or provide you with personal
information if we cannot: (i) verify your identity or authority to make the request; and (ii)
confirm the personal information relates to you. If we are unable to verify the identity of
a consumer to a sufficient degree of certainty, we will deny the request and explain the
reason for the denial.
If you would like further information regarding your legal rights under applicable law or
would like to exercise any of them, please contact us via info@communitywellness.org.
You may only make a verifiable request for access or data portability twice within a 12-
month period. California residents may exercise their California privacy rights by
submitting your request to info@communitywellness.org
If you wish to exercise any of these rights and do not have an account with us, please
contact us via: info@communitywellness.org and we will request additional information
to perform identity verification where possible.
Other California Privacy Rights.

In addition to the CCPA, the California Civil Code permits California residents with
whom we have an established business relationship to request that we provide you with
a list of certain categories of personal information that we have disclosed to third parties
for their direct marketing purposes during the preceding calendar year. To make such a
request, please contact us at info@communitywellness.org and mention that you are
making a “California Shine the Light” inquiry.