SECTION 1: YHB PRIVACY PRACTICES - DATA COLLECTION, USE, & SHARING
This is the Privacy Notice of Your Hormone Balance LLC (“YHNB”), whose registered office is
14000 NW Pheasant Dr., McMinnville, OR 97128.
1. IMPORTANT NOTICE
YHB provides laboratory services that are designed to help patients and their providers identify and assess their state of health through the use of laboratory testing, while delivering these results in a safe and secure manner (collectively “Services”).
YHB respects your privacy. This Privacy Notice sets out how YHB collects and processes your personal data when you access and use our Services, including the site www.yourhormonebalance.com (the “Site”). This Privacy Notice also provides certain information that is legally required and lists certain of your rights in relation to your personal data under applicable law.
Certain sections of this Privacy Notice may apply only to residents of the U.S. (“U.S. Only”), while other sections apply only to residents outside of the U.S. (“Outside the U.S.”). We identify those sections accordingly. Sections not otherwise designated or not otherwise superseded by a country-specific statement apply globally. Additionally, we may amend this Privacy Notice from time to time and encourage you to check our Privacy Notice regularly to understand how we may process your Personal Data.
2. INFORMATION ABOUT DATA TYPES AND USE
2.1. Data Types
2.2. How We Collect Data
We collect Data when you use or interact with our Site and Services, including when you register with us, browse our products online, or make purchases from us. This Personal Data may include name, address, phone number, username and password, email address, date of birth, location data, and payment information.
We collect Personal Data when you communicate with us or sign up to receive promotional materials, sign up for webinars or request other general information.
YHB does not purchase or otherwise obtain data about you from third-party sources to help us provide and improve the Services and for marketing and advertising.
Users Under 18 Years of Age: If you become aware that an individual under 18 years of age has provided us with Personal Data without parental consent, please contact us at firstname.lastname@example.org. If we become aware that an individual under 18 has provided us with Personal Data without parental consent, we will take steps to remove the data as permitted by law.
2.3. Why We Collect and Process Your Personal Data
We need to process certain of your Personal Data in order to fulfill our contractual obligations to you and to provide you with the Services. Where we ask for your consent to process your Personal Data, you have the right to withdraw such consent as described in this Privacy Notice. Please note, however, we may be unable to provide you certain Services that require the use of Personal Data.
Please note that even where your consent would otherwise be required, we may nevertheless process your Personal Data in accordance with our legitimate interests under applicable law, as described in this Privacy Notice.
2.4. How We Disclose Personal Data
We may disclose your Personal Data as described in this Privacy Notice, including:
To Service Providers and Vendors
With business partners and vendors to effectively deliver our laboratory Services to our providers and patients. For example, an EHR (electronic health record) provider who delivers test results directly to health care providers and patients, on our behalf.
For Advertising and Marketing
YHB does not share or sell any personal information to third party companies to be used for external marketing purposes. YHB does not host third party or interest-based advertising on our Sites. For more information on how data is disclosed for advertising see Advertising and Analytics section of this Privacy Notice.
For Legal Compliance, Law Enforcement, and Public Safety Purposes
Actual or Contemplated Sale, Acquisition, or Reorganization
At some future date, YHB may in connection with a contemplated reorganization or an actual reorganization of our business, in connection with financing, a sale, acquisition or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction.
A “cookie” is a small text file that a web server stores in browser software. A browser sends cookies to a server when the browser makes a connection to the server (for example, when requesting a web page from the same domain that created the cookie). The purpose of cookies is to remember the browser over time and distinguish one browser instance (or user) from all others. Some cookies and other technologies may serve to recall Personal Data previously indicated by a web user. Most browsers allow you to control cookies, including whether or not to accept them, and how to remove them. Cookies can remember login information, preferences, and shopping cart contents. Other cookies, often placed by our partners or other third parties, are used for analytics, marketing, or advertising.
Cookies, as well as other tracking technologies, such as HTML5 local storage, Local Shared Objects (such as “Flash” cookies), web beacons, and similar mechanisms, may record information such as Internet domain and host names; Internet protocol (IP) addresses; browser software and operating system types; clickstream patterns; and dates and times that our Site is accessed.
Cookies used for analytics may use non-Personal Data that is not directly linked to you. We use analytics technologies to improve our Site and Services.
Users are advised that if they wish to deny the use and saving of cookies from the Site on to their computer’s hard drive, they should take necessary steps within their web browser’s settings to block all cookies from the Site and its external serving vendors. Please note that if you choose to erase or block your cookies, you will need to re-enter your original user ID and password to gain access to certain parts of the Site. For information on how to disable cookies, refer to your browser’s documentation.
4. ADVERTISING AND ANALYTICS
Interest-based advertising is advertising that is targeted to you based on your web browsing and app usage over time. We utilize various types of de-identified information to enable interest-based advertising. You have the option to restrict the use of information for interest-based advertising and to opt-out of receiving interest-based ads.
As an alternative, you can also elect to block browser cookies from first parties (such as those from our website) and browser cookies from third parties (such as advertisers) by using the cookie blocking options built into your browser software. If you block browser cookies, some parts of our website may not function correctly. Also, blocking cookies will not stop third-parties from collecting IP address, data stored in "Flash" cookies, and certain other types of technical information that may uniquely identify your browser.
5. SOCIAL NETWORK WIDGETS
Our Site may include social network sharing widgets that may provide information to their associated social networks or third-parties about your interactions with our web pages that you visit, even if you do not click on or otherwise interact with the plug-in or widget. Information is transmitted from your browser and may include an identifier assigned by the social network or third party, information about your browser type, operating system, device type, IP address, and the URL of the web page where widget appears. If you use social network tools or visit social networking sites, you should read their privacy disclosures, to learn what information they collect, use, and share.
6. DE-IDENTIFIED OR ANONYMIZED DATA
We may create de-identified or anonymous data from Personal Data by excluding data components (such as your name, email address, or linkable tracking ID) that makes the data personally identifiable to you or through obfuscation or through other means. Our use of anonymized data is not restricted by this Privacy Notice.
7. DATA RETENTION
We will retain your Personal Data for as long as long as you maintain an account or as otherwise necessary to provide you the Services. We will also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Where we no longer need to process your Personal Data for the purposes set out in this Privacy Notice, we will delete your Personal Data from our systems.
Where permissible, we will also delete your Personal Data upon your request, as further described in the Data Subject Access, Modification, and Deletion Rights section of this Privacy Notice.
8. STORAGE OF PERSONAL DATA
YHB and our associated Services and systems may be stored on servers in the United States. If you are located outside of the United States, please be aware that Personal Data we collect will be processed and stored in the United States, a jurisdiction in which the data protection and privacy laws may not offer the same level of protection as those in the country where you reside or are a citizen.
By using our Services and/or submitting your Personal Data, you agree to the transfer, storage, and/or processing of your Personal Data in the United States.
9. SECURITY SAFEGUARDS AND LINKS TO OTHER WEBSITES
We implement appropriate technical and organizational safeguards to protect against unauthorized or unlawful processing of Personal Data and against the accidental loss, destruction, or damage of Personal Data. Please be advised, however, that we cannot fully eliminate security risks associated with the storage and transmission of Personal Data.
SECTION 2: FOR EU INDIVIDUALS - GENERAL DATA PROTECTION REGULATION
1. YOUR RIGHTS UNDER GDPR (OUTSIDE THE U.S.)
Residents in the European Union are entitled to certain rights with respect to personal information that we hold about them under the General Data Protection Regulation (GDPR):
• Right of access and portability. The right to obtain access to your personal information, along with certain related information, and to receive that information in a commonly used format and to have it transferred to another data controller;
• Right to rectification. The right to obtain rectification of your personal information without undue delay where that personal information is inaccurate or incomplete;
• Right to erasure. The right to obtain the erasure of your personal information without undue delay in certain circumstances, such as where the personal information is no longer necessary in relation to the purposes for which it was collected or processed;
• Right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal information in certain circumstances, such as where the accuracy of the personal information is contested by you, for a period enabling us to verify the accuracy of that personal information; and
• Right to object. The right to object, on grounds relating to your particular situation, to the processing of your personal information, and to object to processing of your personal information for direct marketing purposes, to the extent it is related to such direct marketing.
2. LEGAL BASIS FOR PROCESSING (OUTSIDE THE U.S.)
We collect and process your personal data for a variety of different purposes which are set out in further detail in SECTION 1 of this privacy notice.
In some cases, we will ask for your consent so that we may process your Personal Data. However, in certain circumstances, applicable data protection laws allow us to process your Personal Data without needing to obtain your consent. In the U.S., you typically provide consent when you receive notice of this Privacy Notice. This section addresses the legal basis for processing your Personal Data if you reside outside the U.S.
2.1. Processing Personal Data Where Consent Not Obtained
In certain cases, separate consent is not required, including:
· For the performance of a contract.
· To perform our contractual obligations to you, including our fulfilling orders or purchases you have made, contacting you in relation to any issues with your order or use of the Services, in relation to the provision of the Services, or where we need to provide your Personal Data to our service providers related to the provision of the Services.
· To comply with legal obligations.
· To comply with laws, regulators, court orders, or other legal obligations, or pursuant to legal process.
· Legitimate Interests.
· To operate our business and provide the Services, other than in performing our contractual obligations to you for YHB’s “legitimate interests” for the purposes of applicable law, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Legitimate interests may include:
o To communicate with you regarding the Services, including to provide you important notices regarding changes to our Terms and to address and respond to your requests, inquiries, and complaints.
o To send you surveys in connection with our Services.
o To assist in the investigation of suspected illegal or wrongful activity, and to protect and defend our rights and property, or the rights or safety of third parties.
o To develop, provide, and improve our Services.
2.2. Matters That May Require Consent
In cases where we are not already authorized to process the Personal Data under applicable law, we may ask for your consent to process your Personal Data, including:
· Marketing: We may ask for your consent to contact you by telephone, SMS, post and/or email about other offers, products, promotions, developments or services which we think may be of interest to you and for other marketing purposes.
· Research: We may ask for your consent to use your Personal Data for research purposes.
2.3. Withdrawing Your Consent
You may at any time withdraw the consent you provide for the processing of your Personal Data for the purposes set forth in this Privacy Notice by contacting us at email@example.com provided that we are not required by applicable law or professional standards to retain such information.
If you want to stop receiving future marketing messages and materials, you can do so by clicking the “unsubscribe” or “opt-out” link included in our email marketing message.
3. DATA SUBJECT ACCESS, MODIFICATION, AND DELETION RIGHTS (OUTSIDE THE U.S.)
YHB acknowledges the right of access by EU individuals to obtain, review for correction and request deletion of their Personal Data. Additionally, they have the right to request confirmation from us as to whether or not we are processing their Personal Data. To make such a request, please contact YHB at: firstname.lastname@example.org to initiate this process.
4. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY (OUTSIDE THE U.S.)
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases, our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
5. CONTACT US
For questions regarding this Privacy Notice, please contact us at: email@example.com.
SECTION 3: PRIVACY SHIELD FRAMEWORKS
1. Privacy Shield for Data Transferred to the United States from the EU/Switzerland
For a description of our data handling practices, please refer to SECTION 1 of this privacy notice.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, YHB LLC is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to firstname.lastname@example.org. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to email@example.com.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
YHB’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, YHB remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless YHB proves that it is not responsible for the event giving rise to the damage.
2. Privacy Shield Complaints
In compliance with the Privacy Shield Principles, Your Hormone Balance, LLC commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact YHB LLC at: firstname.lastname@example.org.
YHB has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke “last resort” binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
SECTION 4: HIPAA PRIVACY PRACTICES
This notice describes how health information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
With your consent, the laboratory is permitted by federal privacy laws to make uses and disclosures of your health information for purposes of treatment, payment and health care operations. Protected health information is the information we create and obtain in providing our services to you. Such information may include documentation of your symptoms, test results, diagnoses, and treatment. It also includes billing documents related to those services.
Use of personal health information for treatment purposes: We may use your health information to provide laboratory test reports to you or your health care provider. We may disclose your health information to doctors, nurses, medical technicians, midwives, pharmacists or others who are involved with your care. For example: a nurse may call from your physician’s office to obtain test results on your physician’s behalf. We will release the requested information to the nurse.
Use of personal health information for payment purposes: We may use and disclose your health information for payment purposes, including determinations of eligibility and coverage utilization activities. For example: we may need to give your insurance company information about the tests performed in order to obtain payment.
Use of personal health information for health care operations: We obtain services from our insurers or other business associates such as quality assessment, quality improvement, outcome evaluation, protocol and guidelines development, training programs, credentialing, medical review, legal services and insurance. We will share information about you with such insurers or other business associates as necessary to obtain these services. For example: we may use your health information in the course of evaluating our customer service. In addition, we may remove information that identifies you from your health information so this deidentified information can be used for research purposes.
1. Your Rights Regarding Your Protected Health Information:
The health and billing records we maintain are the physical property of the laboratory. The information in it, however, belongs to you. You have a right to:
• Receive a notice that tells you how your health information may be used and shared.
• Decide if you want to give permission before your health information can be used or shared for certain purposes. However, we may not grant the request.
• Ask that incorrect or incomplete information be removed or changed in your health records.
• Ask that your information not be shared with certain people, groups or companies.
• Ask to be contacted at different places or in different ways, such as through your office or by mail.
• Ask to see and get a copy of your health information.
• File complaints if you believe your health information was used or shared in such a way that is not allowed by law or you were not allowed to exercise your rights.
HIPAA provides an exemption 45 CFR §164.524(a)(1)(iii) in relation to CLIA (Clinical Laboratory Improvement Amendments) 42 CFR § 493.3(a)(2) as described below: CLIA certified laboratories that are also covered entities are not required to provide individuals with a right of access to or a right to inspect and obtain copies of their private health information if the disclosure of the information to the individual would be prohibited by CLIA. CLIA requires laboratories to release test results only to “authorized persons” and, if applicable, the individual responsible for using the test results and the laboratory that initially requested the test. “Authorized person” means an individual authorized under State law to order tests or receive test results or both.
2. Our Responsibilities:
The laboratory is required to:
• Maintain the privacy of your health information as required by law;
• Provide you with a notice of our duties and privacy practices as to the information we collect and maintain about you;
• Abide by the terms of this Notice;
• Notify you if we cannot accommodate a requested restriction or request; and
• Accommodate your reasonable requests regarding methods to communicate health information with you.
We reserve the right to amend, change, or eliminate provisions in our privacy practices and access practices and to enact new provisions regarding the protected health information we maintain. If our information practices change, we will amend our Notice. You are entitled to receive a revised copy of the Notice by calling and requesting a copy of our Notice.
3. To Request Information or File a Complaint:
If you have questions, would like additional information, or want to report a problem regarding the handling of your information, you may contact us via e-mail at email@example.com. Additionally, if you believe your privacy rights have been violated, you may file a written complaint by e-mail or mail to YHB. You may also file a complaint by:
• Mail or e-mail it to the US Secretary of Health and Human Service
o We cannot, and will not, require you to waive the right to file a complaint with the Secretary of Health & Human Services (HHS) as a condition of receiving services from the laboratory.
o We cannot, and will not, retaliate against you for filing a complaint with the Secretary.
4. Other Disclosures and Uses Notification
• We may disclose your protected health information for law enforcement purposes as required by law, such as when required by a court order, or in cases involving felony prosecutions, or to the extent an individual is in the custody of law enforcement.
• Federal law allows us to release your protected health information to appropriate health oversight agencies or for health oversight activities.
• We may contact you as part of our marketing efforts as permitted by applicable law.
• Other uses and disclosures besides those identified in this Notice will be made only as otherwise authorized by law or with your written authorization and you may revoke the authorization as previously provided.
5. Contact Us
For questions regarding this Privacy Notice, please contact us at: firstname.lastname@example.org.