PRIVACY POLICY

SECTION 1: YHB PRIVACY PRACTICES - DATA COLLECTION, USE, & SHARING  

This is the Privacy Notice of Your Hormone Balance LLC (“YHNB”), whose registered office is

14000 NW Pheasant Dr., McMinnville, OR 97128.

 

1. IMPORTANT NOTICE

 

YHB provides laboratory services that are designed to help patients and their providers identify and assess their state of health through the use of laboratory testing, while delivering these results in a safe and secure manner (collectively “Services”).

 

YHB respects your privacy. This Privacy Notice sets out how YHB collects and processes your personal data when you access and use our Services, including the site www.yourhormonebalance.com (the “Site”). This Privacy Notice also provides certain information that is legally required and lists certain of your rights in relation to your personal data under applicable law.

 

Certain sections of this Privacy Notice may apply only to residents of the U.S. (“U.S. Only”), while other sections apply only to residents outside of the U.S. (“Outside the U.S.”). We identify those sections accordingly. Sections not otherwise designated or not otherwise superseded by a country-specific statement apply globally. Additionally, we may amend this Privacy Notice from time to time and encourage you to check our Privacy Notice regularly to understand how we may process your Personal Data.

 

2. INFORMATION ABOUT DATA TYPES AND USE

 

2.1. Data Types

 

This Privacy Notice relates to personal data about you and your interaction with our Services. “Personal Data” is information that can be used to identify you, directly or indirectly, alone, or together with other information. Personal Data includes such things as: your full name, email address, phone number, mailing address and certain cookie &/or network identifiers. YHB collects, uses, and discloses Personal Data as outlined in this Privacy Policy, including to operate and improve the products offered our customers; for internal advertising and marketing purposes; and to provide you, the customer the Services you have requested.

 

2.2. How We Collect Data

 

We collect Data when you use or interact with our Site and Services, including when you register with us, browse our products online, or make purchases from us. This Personal Data may include name, address, phone number, username and password, email address, date of birth, location data, and payment information.

 

We collect Personal Data when you communicate with us or sign up to receive promotional materials, sign up for webinars or request other general information.

 

YHB does not purchase or otherwise obtain data about you from third-party sources to help us provide and improve the Services and for marketing and advertising.

 

We may collect certain Personal Data using cookies and other technologies, such as web beacons, device IDs, geolocation, HTML5 local storage, Flash cookies, and IP addresses. We specifically use browser cookies for different purposes, including cookies that are strictly necessary for functionality and cookies that are used for personalization, performance/analytics, and advertising. Our Use of Cookies section contains more information and options to control or opt-out of certain data collection or uses.

 

Users Under 18 Years of Age: If you become aware that an individual under 18 years of age has provided us with Personal Data without parental consent, please contact us at info@yourhormonebalance.com. If we become aware that an individual under 18 has provided us with Personal Data without parental consent, we will take steps to remove the data as permitted by law.

 

2.3. Why We Collect and Process Your Personal Data

 

We need to process certain of your Personal Data in order to fulfill our contractual obligations to you and to provide you with the Services. Where we ask for your consent to process your Personal Data, you have the right to withdraw such consent as described in this Privacy Notice. Please note, however, we may be unable to provide you certain Services that require the use of Personal Data.

 

Please note that even where your consent would otherwise be required, we may nevertheless process your Personal Data in accordance with our legitimate interests under applicable law, as described in this Privacy Notice.

 

2.4. How We Disclose Personal Data

 

We may disclose your Personal Data as described in this Privacy Notice, including:

 

To Service Providers and Vendors

 

With business partners and vendors to effectively deliver our laboratory Services to our providers and patients. For example, an EHR (electronic health record) provider who delivers test results directly to health care providers and patients, on our behalf.

 

For Advertising and Marketing

 

YHB does not share or sell any personal information to third party companies to be used for external marketing purposes. YHB does not host third party or interest-based advertising on our Sites. For more information on how data is disclosed for advertising see Advertising and Analytics section of this Privacy Notice.

 

For Legal Compliance, Law Enforcement, and Public Safety Purposes

 

As permitted by law, with law enforcement, government or regulatory bodies, lawful authorities, or other authorized third parties in order to comply with laws, regulators, court orders, matters of national security or other legal obligations or to assist in an investigation, to protect and defend our rights and property, or the rights or safety of third parties, to enforce our Terms of Use, this Privacy Notice, or agreements with third parties, or for crime-prevention purposes.

 

Actual or Contemplated Sale, Acquisition, or Reorganization

 

At some future date, YHB may in connection with a contemplated reorganization or an actual reorganization of our business, in connection with financing, a sale, acquisition or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction.

 

3. USE OF COOKIES

 

The Site uses cookies to improve user experience.

 

A “cookie” is a small text file that a web server stores in browser software. A browser sends cookies to a server when the browser makes a connection to the server (for example, when requesting a web page from the same domain that created the cookie). The purpose of cookies is to remember the browser over time and distinguish one browser instance (or user) from all others. Some cookies and other technologies may serve to recall Personal Data previously indicated by a web user. Most browsers allow you to control cookies, including whether or not to accept them, and how to remove them. Cookies can remember login information, preferences, and shopping cart contents. Other cookies, often placed by our partners or other third parties, are used for analytics, marketing, or advertising.

 

Cookies, as well as other tracking technologies, such as HTML5 local storage, Local Shared Objects (such as “Flash” cookies), web beacons, and similar mechanisms, may record information such as Internet domain and host names; Internet protocol (IP) addresses; browser software and operating system types; clickstream patterns; and dates and times that our Site is accessed.

 

Cookies used for analytics may use non-Personal Data that is not directly linked to you. We use analytics technologies to improve our Site and Services.

 

Users are advised that if they wish to deny the use and saving of cookies from the Site on to their computer’s hard drive, they should take necessary steps within their web browser’s settings to block all cookies from the Site and its external serving vendors. Please note that if you choose to erase or block your cookies, you will need to re-enter your original user ID and password to gain access to certain parts of the Site. For information on how to disable cookies, refer to your browser’s documentation.

 

4. ADVERTISING AND ANALYTICS

 

Interest-based advertising is advertising that is targeted to you based on your web browsing and app usage over time. We utilize various types of de-identified information to enable interest-based advertising. You have the option to restrict the use of information for interest-based advertising and to opt-out of receiving interest-based ads.

 

As an alternative, you can also elect to block browser cookies from first parties (such as those from our website) and browser cookies from third parties (such as advertisers) by using the cookie blocking options built into your browser software. If you block browser cookies, some parts of our website may not function correctly. Also, blocking cookies will not stop third-parties from collecting IP address, data stored in "Flash" cookies, and certain other types of technical information that may uniquely identify your browser.

 

5. SOCIAL NETWORK WIDGETS

 

Our Site may include social network sharing widgets that may provide information to their associated social networks or third-parties about your interactions with our web pages that you visit, even if you do not click on or otherwise interact with the plug-in or widget. Information is transmitted from your browser and may include an identifier assigned by the social network or third party, information about your browser type, operating system, device type, IP address, and the URL of the web page where widget appears. If you use social network tools or visit social networking sites, you should read their privacy disclosures, to learn what information they collect, use, and share.

 

6. DE-IDENTIFIED OR ANONYMIZED DATA

 

We may create de-identified or anonymous data from Personal Data by excluding data components (such as your name, email address, or linkable tracking ID) that makes the data personally identifiable to you or through obfuscation or through other means. Our use of anonymized data is not restricted by this Privacy Notice.

 

7. DATA RETENTION

 

We will retain your Personal Data for as long as long as you maintain an account or as otherwise necessary to provide you the Services. We will also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

 

Where we no longer need to process your Personal Data for the purposes set out in this Privacy Notice, we will delete your Personal Data from our systems.

 

Where permissible, we will also delete your Personal Data upon your request, as further described in the Data Subject Access, Modification, and Deletion Rights section of this Privacy Notice.

 

8. STORAGE OF PERSONAL DATA

 

YHB and our associated Services and systems may be stored on servers in the United States. If you are located outside of the United States, please be aware that Personal Data we collect will be processed and stored in the United States, a jurisdiction in which the data protection and privacy laws may not offer the same level of protection as those in the country where you reside or are a citizen.

 

By using our Services and/or submitting your Personal Data, you agree to the transfer, storage, and/or processing of your Personal Data in the United States.

 

9. SECURITY SAFEGUARDS AND LINKS TO OTHER WEBSITES

 

We implement appropriate technical and organizational safeguards to protect against unauthorized or unlawful processing of Personal Data and against the accidental loss, destruction, or damage of Personal Data. Please be advised, however, that we cannot fully eliminate security risks associated with the storage and transmission of Personal Data.

 

This Privacy Notice only applies to our Site. Our Site or Services may provide a link or otherwise provide access to another website, mobile application, or Internet location (collectively “Third-Party Sites”). We provide these links merely for your convenience. We have no control over, do not review, and are not responsible for Third-Party Sites, their content, or any goods or services available through the Third-Party Sites. Our Privacy Policy does not apply to Third-Party Sites, and any data you provide to Third-Party Sites, you provide at your own risk. We encourage you to review the privacy policies of any Third-Party Sites with which you choose to interact.

 

SECTION 2: FOR EU INDIVIDUALS - GENERAL DATA PROTECTION REGULATION

 

1. YOUR RIGHTS UNDER GDPR (OUTSIDE THE U.S.)

 

Residents in the European Union are entitled to certain rights with respect to personal information that we hold about them under the General Data Protection Regulation (GDPR):

 

• Right of access and portability. The right to obtain access to your personal information, along with certain related information, and to receive that information in a commonly used format and to have it transferred to another data controller;

 

• Right to rectification. The right to obtain rectification of your personal information without undue delay where that personal information is inaccurate or incomplete;

 

• Right to erasure. The right to obtain the erasure of your personal information without undue delay in certain circumstances, such as where the personal information is no longer necessary in relation to the purposes for which it was collected or processed;

 

• Right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal information in certain circumstances, such as where the accuracy of the personal information is contested by you, for a period enabling us to verify the accuracy of that personal information; and

 

• Right to object. The right to object, on grounds relating to your particular situation, to the processing of your personal information, and to object to processing of your personal information for direct marketing purposes, to the extent it is related to such direct marketing.

 

2. LEGAL BASIS FOR PROCESSING (OUTSIDE THE U.S.)

 

We collect and process your personal data for a variety of different purposes which are set out in further detail in SECTION 1 of this privacy notice.

 

In some cases, we will ask for your consent so that we may process your Personal Data. However, in certain circumstances, applicable data protection laws allow us to process your Personal Data without needing to obtain your consent. In the U.S., you typically provide consent when you receive notice of this Privacy Notice. This section addresses the legal basis for processing your Personal Data if you reside outside the U.S.

 

2.1. Processing Personal Data Where Consent Not Obtained

 

In certain cases, separate consent is not required, including:

 

·      For the performance of a contract.

 

·      To perform our contractual obligations to you, including our fulfilling orders or purchases you have made, contacting you in relation to any issues with your order or use of the Services, in relation to the provision of the Services, or where we need to provide your Personal Data to our service providers related to the provision of the Services.

 

·      To comply with legal obligations.

 

·      To comply with laws, regulators, court orders, or other legal obligations, or pursuant to legal process.

 

·      Legitimate Interests.

 

·      To operate our business and provide the Services, other than in performing our contractual obligations to you for YHB’s “legitimate interests” for the purposes of applicable law, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Legitimate interests may include:

 

o   To communicate with you regarding the Services, including to provide you important notices regarding changes to our Terms and to address and respond to your requests, inquiries, and complaints.

o   To send you surveys in connection with our Services.

o   To assist in the investigation of suspected illegal or wrongful activity, and to protect and defend our rights and property, or the rights or safety of third parties.

o   To develop, provide, and improve our Services.

o   To enforce our Terms of Use or this Privacy Notice, or agreements with third parties.

 

2.2. Matters That May Require Consent

 

In cases where we are not already authorized to process the Personal Data under applicable law, we may ask for your consent to process your Personal Data, including:

 

·      Marketing: We may ask for your consent to contact you by telephone, SMS, post and/or email about other offers, products, promotions, developments or services which we think may be of interest to you and for other marketing purposes.

 

·      Research: We may ask for your consent to use your Personal Data for research purposes.

 

·      Cookies: The Site uses cookies to improve user experience.

 

2.3. Withdrawing Your Consent

 

You may at any time withdraw the consent you provide for the processing of your Personal Data for the purposes set forth in this Privacy Notice by contacting us at info@yourhormonebalance.com provided that we are not required by applicable law or professional standards to retain such information.

 

If you want to stop receiving future marketing messages and materials, you can do so by clicking the “unsubscribe” or “opt-out” link included in our email marketing message.

 

3. DATA SUBJECT ACCESS, MODIFICATION, AND DELETION RIGHTS (OUTSIDE THE U.S.)

 

YHB acknowledges the right of access by EU individuals to obtain, review for correction and request deletion of their Personal Data. Additionally, they have the right to request confirmation from us as to whether or not we are processing their Personal Data. To make such a request, please contact YHB at: info@yourhormonebalance.com to initiate this process.

 

4. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY (OUTSIDE THE U.S.)

 

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.  

 

If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases, our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

 

5. CONTACT US

 

For questions regarding this Privacy Notice, please contact us at: info@yourhormonebalance.com.

 

SECTION 3: PRIVACY SHIELD FRAMEWORKS

 

1. Privacy Shield for Data Transferred to the United States from the EU/Switzerland

 

Your Hormone Balance, LLC complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland transferred to the United States pursuant to Privacy Shield. Your Hormone Balance, LLC has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

 

For a description of our data handling practices, please refer to SECTION 1 of this privacy notice.

 

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, YHB LLC is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.

 

Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to info@yourhormonebalance.com. If requested to remove data, we will respond within a reasonable timeframe.

 

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to info@yourhormonebalance.com.

 

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

 

YHB’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, YHB remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless YHB proves that it is not responsible for the event giving rise to the damage.

 

2. Privacy Shield Complaints

 

In compliance with the Privacy Shield Principles, Your Hormone Balance, LLC commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact YHB LLC at: info@yourhormonebalance.com.

 

YHB has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.

 

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke “last resort” binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.   

 

SECTION 4: HIPAA PRIVACY PRACTICES

 

This notice describes how health information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

 

With your consent, the laboratory is permitted by federal privacy laws to make uses and disclosures of your health information for purposes of treatment, payment and health care operations. Protected health information is the information we create and obtain in providing our services to you. Such information may include documentation of your symptoms, test results, diagnoses, and treatment. It also includes billing documents related to those services.

 

Use of personal health information for treatment purposes: We may use your health information to provide laboratory test reports to you or your health care provider. We may disclose your health information to doctors, nurses, medical technicians, midwives, pharmacists or others who are involved with your care. For example: a nurse may call from your physician’s office to obtain test results on your physician’s behalf. We will release the requested information to the nurse.

 

Use of personal health information for payment purposes: We may use and disclose your health information for payment purposes, including determinations of eligibility and coverage utilization activities. For example: we may need to give your insurance company information about the tests performed in order to obtain payment.

 

Use of personal health information for health care operations: We obtain services from our insurers or other business associates such as quality assessment, quality improvement, outcome evaluation, protocol and guidelines development, training programs, credentialing, medical review, legal services and insurance. We will share information about you with such insurers or other business associates as necessary to obtain these services. For example: we may use your health information in the course of evaluating our customer service. In addition, we may remove information that identifies you from your health information so this deidentified information can be used for research purposes.

 

1. Your Rights Regarding Your Protected Health Information:

 

The health and billing records we maintain are the physical property of the laboratory. The information in it, however, belongs to you. You have a right to:

 

•      Receive a notice that tells you how your health information may be used and shared.

 

•      Decide if you want to give permission before your health information can be used or shared for certain purposes. However, we may not grant the request.

 

•      Ask that incorrect or incomplete information be removed or changed in your health records.

 

•      Ask that your information not be shared with certain people, groups or companies.

 

•      Ask to be contacted at different places or in different ways, such as through your office or by mail.

 

•      Ask to see and get a copy of your health information.

 

•      File complaints if you believe your health information was used or shared in such a way that is not allowed by law or you were not allowed to exercise your rights.

 

HIPAA provides an exemption 45 CFR §164.524(a)(1)(iii) in relation to CLIA (Clinical Laboratory Improvement Amendments) 42 CFR § 493.3(a)(2) as described below: CLIA certified laboratories that are also covered entities are not required to provide individuals with a right of access to or a right to inspect and obtain copies of their private health information if the disclosure of the information to the individual would be prohibited by CLIA. CLIA requires laboratories to release test results only to “authorized persons” and, if applicable, the individual responsible for using the test results and the laboratory that initially requested the test. “Authorized person” means an individual authorized under State law to order tests or receive test results or both.

 

2. Our Responsibilities:

 

The laboratory is required to:

•      Maintain the privacy of your health information as required by law;

 

•      Provide you with a notice of our duties and privacy practices as to the information we collect and maintain about you;

 

•      Abide by the terms of this Notice;

 

•      Notify you if we cannot accommodate a requested restriction or request; and

 

•      Accommodate your reasonable requests regarding methods to communicate health information with you.

 

We reserve the right to amend, change, or eliminate provisions in our privacy practices and access practices and to enact new provisions regarding the protected health information we maintain. If our information practices change, we will amend our Notice. You are entitled to receive a revised copy of the Notice by calling and requesting a copy of our Notice.

 

3. To Request Information or File a Complaint:

 

If you have questions, would like additional information, or want to report a problem regarding the handling of your information, you may contact us via e-mail at info@yourhormonebalance.com. Additionally, if you believe your privacy rights have been violated, you may file a written complaint by e-mail or mail to YHB. You may also file a complaint by:

 

•      Mail or e-mail it to the US Secretary of Health and Human Service

 

o   We cannot, and will not, require you to waive the right to file a complaint with the Secretary of Health & Human Services (HHS) as a condition of receiving services from the laboratory.

 

o   We cannot, and will not, retaliate against you for filing a complaint with the Secretary.

 

4. Other Disclosures and Uses Notification

 

•      We may disclose your protected health information for law enforcement purposes as required by law, such as when required by a court order, or in cases involving felony prosecutions, or to the extent an individual is in the custody of law enforcement.

 

•      Federal law allows us to release your protected health information to appropriate health oversight agencies or for health oversight activities.

 

•      We may contact you as part of our marketing efforts as permitted by applicable law.

 

•      Other uses and disclosures besides those identified in this Notice will be made only as otherwise authorized by law or with your written authorization and you may revoke the authorization as previously provided.

 

5. Contact Us

 

For questions regarding this Privacy Notice, please contact us at: info@yourhormonebalance.com.