I. Introduction to Levo Health

Levo Health is a full-service advertising and marketing agency that helps brands connect with their customers using their own customer data, along with other licensed data, to improve customer interactions on multiple channels and devices.

Levo Health receives data from a variety of business partners, clients, and other companies that license data to us, or provide us data to facilitate our services. This information is referred to in this Levo Health Service Privacy Policy as “Service Data”.

In addition to the above, we also collect information when users visit our corporate website(s), including the one this Privacy Policy is posted on. We refer to this information as “Website Information,” and describe this information in a separate Privacy Policy.

II. The Types of Data We Collect & How We Source the Information

Levo Health “Service Data” includes the following:

Personal Information. We sometimes use or receive information that identifies people by name, address, or email, along with information about those people’s likely preferences, interests, or demographics. An example of this would be if we know that Sharon Johnson owns a home in a particular neighborhood, and is 43 years old. We obtain this data ourselves and through data licensors, and its source may be, for instance, census bureau data, public records, or data aggregators that collect or receive information from consumers, websites, or business transactions.

Passively Collected Information and Identifiers. This is information that we or our business partners collect passively through websites or mobile devices (or other devices) including cookie IDs, Apple mobile IDFA identifiers, Android mobile Advertising IDs, or unique identifiers tied to those identifiers. These identifiers generally identify or are linked to particular browsers and devices. We refer to all of these identifiers as “UIDs,” and they often are tied to particular browsers and mobile devices (or other devices, such as set-top boxes). (These UIDs in turn may be “synced” or linked across multiple online content providers, ad networks, and other service providers.) We describe these identifiers in more specific detail in Section V, titled Cookies, Pixels, and SDKs That We (or Our Business Partners) Use.” Sources from which we may obtain this data are data aggregators, mobile applications, and advertising networks.

Web and Mobile Log Data. Passively collected information we receive may also include a range of data about web and mobile logs and usage, such as the type of browser or device (or operating system) being used, an IP address (which may be associated with a computer device or a smart TV), a time-stamp, other information about a user’s device or browser, and information about whether and how a user viewed an ad or interacted with content or visited a particular website (sometimes referred to as “clickstream data”). Sources from which we may obtain this data are data aggregators, mobile applications, and advertising networks.

III. How We Use the Data

Generally, we use the Service Data we receive and collect in order to provide marketing, advertising, and analytics services to our customers, including various business partners. We describe our services generally below, and additional descriptions may be contained on this website.

Data “Onboarding” Services. We use Service Data to help our clients reach their own “CRM” lists – their proprietary “first-party” lists of their current and prospective customers – or other audiences, through third-party display media platforms. We often help marketers reach audiences representing these CRM lists (or other lists) by “onboarding” their offline data online for digital advertising purposes such as display advertising. When we do this, we often work with partners that de-identify this data and connect it in de-identified fashion to display media, or other marketing channels.

Enabling Cross-Channel Marketing. We may use Service Data to help marketers and other data platforms in “cross-channel” or “cross-device” marketing – analyzing, locating, and creating potential marketing “audiences” through multiple channels, e.g., web and mobile. For instance, we may link Service Data and UIDs to the same user (based on inferences we have made), so that a marketer can find and remarket to their same audiences through web-based, mobile, or other advertising channels.

Creating Data Segments. We also use our Service Data to create online, mobile, or other consumer audiences, represented by UIDs or personal information grouped together based on common interests or preferences (“Data Segments”). These Data Segments may identify a person or, when used online, a unique online identifier, as, for instance, enjoying sports, traveling, living in a middle-class neighborhood, or having children. This information may be leveraged by marketers for content personalization to send relevant and desired offers, coupons, and ads to their customers and others. We offer these Data Segments in different forms to marketers wishing to reach customers through online (e.g., web/mobile), email, and offline channels, often working with the types of partners we describe above.

Campaign Measurement and Market Research. We sometimes use the Service Data to help our clients measure the effectiveness of display or other media campaigns – for instance, to determine which types of ads are most likely to be seen, opened, or to lead to purchases, or to perform other market research.

Other Campaign and Data Services. We sometimes use our Service Data to provide other data and marketing services, such as verification, data or audience analytics, data modeling, or other services that may be described on this website.

Improving Our Products. We may use our Service Data to improve, analyze, and develop our own products and to analyze their effectiveness, or to work with a business partner or client to perform similar services. We also may use the Service Data for security-related or debugging purposes.

IV. How We Share Data with Third Parties

Levo Health may share any data it holds, including Service Data (described above) as follows:

Agents and Service Providers: We may share Service Data with agents and service providers who work on our behalf, or to help us provide services requested by our customers, and with our customers themselves. We may do so, for instance, for analytical purposes, to measure campaigns, or to inform future campaigns. We may do so to facilitate the sending of display media, or other requested services.

Partners: We may share Service Data (including Data Segments), with business and data partners to help provide more tailored advertising and for analytical purposes. These may include data compilers and resellers, advertising networks, or media platforms.

Affiliates, Parents, Subsidiaries and Successors: Levo Health may share some or all of the data in our possession with affiliated or subsidiary companies. We may also share any data with a successor in interest who purchases all or most of our assets, or in the course of any transaction leading to such an acquisition, i.e., during due diligence.

As Required by Law or to Protect Any Party: Levo Health may disclose data if we believe that such disclosure is necessary to (a) comply with relevant laws or to respond to subpoenas or warrants served on us, or (b) to protect or otherwise defend the rights, property or safety of Levo Health or any other party.

V. Cookies, Pixels, and SDKs That We (or Our Business Partners) Use

This section provides more information about cookies and similar technologies that we, our clients and their service providers, and our business partners may use, and how they work.

Cookies. Cookies are small text files that websites and other online services use to store information about users on users’ own computers. For instance, cookies are often used to store sign-in credentials and other preferences, so you don’t need to enter them upon returning to a website. Cookies also often store information to customize web viewing to a particular user. Cookies also often store UIDs tied to your particular computer or browser so that web services and third-party ad networks can recognize you across different websites over time. You may be able to configure your internet browser to advise you each time a cookie is being placed, and you may be able to refuse all or certain cookies altogether. However, if you refuse cookies (particularly first-party cookies), this may interfere with certain website operations that are optimized and customized to you and may interfere with other important functions of websites. Levo Health places cookies (and may allow third parties to place cookies) on our website. We also sometimes act as a “third-party” and deploy cookies (or sync with other cookies) placed on other websites or by other business parties. When we place these third-party cookies, they do not contain what we refer to as “personally identifiable information,” such as name, address, email address, or phone number, and we expire these cookies within 24 months (and often over a shorter time than that).

Pixels or Web Beacons. Pixels, sometimes called web “beacons,” may also communicate information from your internet browser to a web server. Pixels can be embedded in web pages, emails and even videos, allowing a web server to collect or read information from your browser, determine whether you have viewed particular web content or emails, or determine your IP address or the URL you are viewing content. We often work with business partners (who are themselves third-party providers) to provide our services, and these partners often set and access their own cookies, pixel tags, and use other technologies to interact with your device, which may have cookies with varying expiration periods. These partners also may collect various types of information, often in pseudonymous or de-identified form, about your browser, device, or browsing activities through these cookies.

Some of our partners use cookies to link to various de-identified information and identifiers that are derived from personal information, and inferred personal interests, preferences, or other demographic information. These partners use various de-identification techniques such as “hashing,” to obscure and make non-human readable personal identifiers. For instance, a hashed version of “[email protected]” might read as: “e37cda4da913332dc143a6a43174de8a9457697f.”

Mobile Identifiers and SDKs: We may also work with partners who use mobile “SDKs” (software development kits) to collect information about how users interact with mobile apps, platforms, and systems, including third-party ad networks. The SDK is computer code that app developers can include in their apps to enable ads to be shown, data to be collected, or to optimize or improve their apps in other ways. These SDKs may collect (and provide to us) information such as mobile identifiers (e.g., Apple IDFAs and Android Advertising IDs), and information about what apps a user engages with, mobile device information, and how users interact with ads. To avoid having ads tailored to you in this way on your mobile device, please follow the instructions in the below Section IX titled “Do Not Sell My Personal Information: Your Opt-Out Rights.”

VI. GDPR Compliance Statement

The General Data Protection Regulation (GDPR) is effective as of May 25, 2018 across all European Union (EU) member states. In short, if you process data about individuals in the context of selling goods or services to European citizens in any EU country, you must comply with GDPR.

At the bare minimum, the GDPR was drafted with the intended purpose of protecting all non-anonymized personal data (or personally identifiable information: PII). Any company (or organization) that stores or processes personal information about “natural persons” (individual human beings) who are “data subjects” under the Regulation — e.g., persons who reside in an EU state — must comply.

VII. Levo Health’s Policy Regarding EU Data, Protection & Security

It is our general policy not to deliberately accept for processing any personal data where an individual resides in any EU member country. Levo Health performs scans on data that we ingest from sources, partners, and clients designed to identify non-US postal and foreign email domains. In addition, we work with our partners and sources to inform us if they are ingesting any data from outside the US. Levo Health regularly cleanses its Identity graph to remove any linkages that are found to originate outside the United States.

VIII. CCPA Consumer Rights

At Levo Health, we take privacy and personal information very seriously. We are committed to complying with all applicable laws and regulations, including the California Consumer Privacy Act (“CCPA”) regulation. Levo Health views CCPA as an opportunity to further safeguard consumers’ rights by providing them with the data needed to make informed decisions regarding their personal information. This includes understanding and controlling how and why their personal information is collected, used, and disclosed.

In compliance with CCPA rules effective as of January 1, 2020, consumers who are California residents (as defined by the CCPA) have:

• The right to know what personal information is being collected about them and what the business purposes are for doing so
• The right to know to whom their personal information is being disclosed or sold to
• The right to opt-out of the sale of their personal information
• The right to access and request deletion of their personal information

Levo Health Service Data is subject to CCPA. Information regarding what type of data we collect, the source of the information, our business purposes for using the data, and to whom such information is disclosed or sold is detailed in Sections II-V of our Privacy Policy above, in accordance with CCPA requirements.

While we do not typically have direct interactions with consumers, Levo Health has made mechanisms available to support consumer requests for opt-outs, delete requests, and requests to know in accordance with CCPA requirements. Instructions to submit opt-out requests, delete requests, and/or right-to-know requests through our Website or our Toll-Free number may be referenced in Sections IX-XI of this Privacy Policy.

Non-discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits or imposing penalties.
• Provide you with a different level or quality of goods or services
• Suggest that you may receive a different price or rate for goods or services or a different level of goods or services.

CCPA Requirements for Minors
The CCPA includes special restrictions on the sale of children’s personal information. Businesses must obtain special “opt-in” consents for the sale of personal information if they wish to sell information related to minors under 13, or information of minors 13 to 16 years of age.

Levo Health does not knowingly accept, process, or sell any personal information related to minors.

IX. Do Not Sell My Personal Information: Your Opt-Out Rights

Some of our services involve the use of inferred user interests and preferences collected or employed across multiple websites, devices, or channels. These services are often referred to as a type of “Interest-Based Advertising” or “IBA,” and we provide a way for consumers to “opt-out” of these IBA services.

If you would like to opt-out of other third-party ad platforms and services (including some that we work with, and may have transferred data to previously), we recommend visiting the opt-out pages offered by the Network Advertising Initiative (the NAI), the Digital Advertising Alliance Web Choices Tool or the Digital Advertising Alliance CCPA Opt Out Tool. Opting out in this way will not prevent you from seeing ads. It will, however, generally prevent ads that are targeted to inferences made about your preferences based on your activity across websites and over time.

Permanent Opt-outs via Mobile Advertising IDs (MAIDs)
Apple assigns an “ID for Advertising” (IDFA) to each iOS device, and Google assigns an “Advertising ID” to all Android devices. Similar to how a cookie is leveraged for IBA on a web browser, these Mobile Advertising IDs (MAIDs) can be used to deliver ‘cross-app’ advertising ads to mobile applications to help inform your ad preferences.

If you would like to opt-out of this advertising, you can generally opt-out through your device “settings.”. Common device settings are as follows:

For Apple Devices: Apple users can opt-out of remarketing by enabling a device setting called “Limit Ad Tracking” (LAT), which restricts advertisers from using the IDFA for behavioral advertising. On your iOS or iPadOS device, you can enable Limit Ad Tracking by going to Settings > Privacy > Advertising and turning on Limit Ad Tracking. You may also reset your advertising ID by going to Settings > Privacy > Advertising > Reset advertising ID. You can reference further details on how to limit ad tracking on your iOS device here: IDFA Opt-Out.

For Android Devices: Similar to IDFA for Apple devices, Android users may opt-out of app-based tracking for IBA by opening the Google Settings app on your device, selecting Ads, and then selecting the option to opt-out of interest-based ads. You can learn more about how identifiers on mobile are used for advertising and receive instructions on how to opt out of mobile advertising on the Google Privacy & Terms.

Please note that these platforms control how these settings work, so the above may change, at their discretion. Likewise, if your device uses other platforms not described above, you should check the settings for those devices.

X. Delete Requests

In compliance with CCPA regulations, California residents have the right to request that Levo Health delete any personal data we may have collected from a Consumer. A delete request may be requested by calling our toll-free number (855) 234-0232.

Levo Health will confirm receipt of Delete Requests within ten days, including a brief description of how Levo Health will process the request.

We will complete processing your delete request within 45 days after receipt. If Levo Health cannot process the request within 45 days, we will notify you with an explanation of the delay, with an extension to not exceed an additional 45 days.

XI. Right to Access Personal Information

In compliance with CCPA regulation, California residents may request certain information with respect to the PII we (when we act as a “business” under the CCPA) store, process, or share with third parties for those third parties’ direct marketing purposes. This includes:

• The categories of personal information that have been collected
• The specific pieces of personal information that have been collected about that consumer

To exercise your rights, please submit a request by calling our toll-free number at (855) 234-0232.

We take security and privacy very seriously and take proactive measures to ensure we do not inadvertently disclose your personal information to an unauthorized third party. To securely verify your identity for all detailed Right to Access requests, we request a copy of a government issued ID as part of the required information (along with your name/address, email or MAID ID). If you do not have a government issued ID, please contact us at [email protected] to request alternate documentation options for identity verification.

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable customer request related to your personal information. You may only make a request for access twice in a 12-month period. The request must provide sufficient information that allows us to reasonably verify you are the person we collected personal information or an authorized representative. If you are an authorized agent, we may request additional proof as permitted by the CCPA, such as power of attorney. The scope will be limited to data from the 12-month period preceding the Consumer’s request.

Levo Health will confirm receipt of your Right to Access request within ten days, including a brief description of how Levo Health will process the request. This includes Levo Health’s verification process and the timing of when the consumer should expect a response.

We will respond to your verified request within 45 days. If we cannot verify your identity or authority to make the request and confirm the personal information that relates to you, we will notify you within 45 days as to why the request cannot be completed.

If Levo Health is unable to process the request within 45 days, and requires more time to do so, Levo Health will notify you with an explanation of the delay, with an extension to not exceed an additional 45 days.

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

XII. Sensitive Information, and Information Pertaining to Health Conditions

Levo Health does not offer for public use Data Segments containing or identifying sensitive health conditions or medical ailments, or regarding a person’s sexual orientation. This only applies to the data that Levo Health itself directly provides, however — our customers, data partners, ad networks, or other platforms with whom we work may use or make available their own distinct sets of data.

While Levo Health does not maintain sensitive data on health conditions or medical ailments, Levo Health may create or share Data Segments consisting of those with interests (such as reading) about health and wellness topics. Click here for a list of non-sensitive health-related segments.

XIII. Security and Data Integrity

Levo Health takes steps to help ensure that the data we possess is housed and transmitted securely. Levo Health has achieved and maintained System and Organization Controls (SOC) 2 Type 1, achieving compliance with the leading industry standards for customer data security. We use multiple types and layers of physical and electronic security, including firewall protections, encryption of data during transfer, and strict access controls to personal information. While neither we nor any platform can guarantee 100 percent safety from hacks or illegal intrusion, we make substantial efforts to ensure that this does not occur.

XIV. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to describe new types of data we collect or services we offer. If you are interested in our data collection, use, and sharing policies, we recommend that you check back to review these updates as they occur.

XV. International Users

Our Website Data is generally stored on servers in the United States. If you are accessing our website, or if you are located in another country (such as a nation within the European Union), you should know that the laws governing various types of data in the United States may be different or less protective than those of your own country. You may wish to consider that factor in deciding whether or not to opt-out of our services.

XVI. Data Retention

The service data we hold is not subject to any sector-specific data retention requirements. As described in Sections II-IV above, we process ‘Service Data’ for different purposes, and the length of time that we retain this data varies depending on the processing purpose, the type of data, and certain external factors.

• We retain raw, cookie-level data associated with our services for up to 12 months.
• Levo Health service cookies expire in 9 months, however additional user registration at an onboarding partner site may result in placement of a new cookie.
• Associations made through Mobile Identifiers expire 18 months after the last time you interact with a partner website or advertiser.
• All other offline data is retained as long as it is useful in our products.

Data may be deleted as space requires or in the normal course of business. Furthermore, we may delete personal data in response to a request from a user under applicable law, when requested to do so by our clients, or when contracts with our clients end. Generally, Client data obtained as part of our services is retained for up to 6 months following the termination of the relationship, unless the Client has requested a longer retention period.

Questions or Concerns

If you have questions or concerns about Levo Health’s privacy efforts or services, please get in touch with us at:

ATTN: Privacy Officer
Levo Healthcare Consulting, LLC
220 West 7th Avenue, Suite 210
Tampa, FL 33602

Or, you may email us at [email protected].