Effective: August 18, 2020
Last modified: August 18, 2020
Nutrimedy’s Privacy Compliance Officer is Ashley Nialetz and they can be contacted at [email protected] for questions, concerns, compliance complaints or comments about the below privacy policy.
Nutrimedy, Inc. and its related companies ("Nutrimedy", "We", "Us", "Company") take your privacy seriously, and we want you to know how we collect, use, share, and protect your information. This Privacy Policy tells you what information we collect from visitors of websites, services and mobile applications (collectively, the "Services") owned and controlled by the Company and users of our Services, how we use that information, how we may share that information, how we protect your information, and your choices regarding your personal information.
PLEASE READ THIS POLICY CAREFULLY TO UNDERSTAND OUR POLICIES AND PRACTICES REGARDING YOUR INFORMATION AND HOW WE WILL TREAT IT. THIS POLICY APPLIES TO THE UNITED STATES OR CANADIAN USERS OF OUR SERVICE. IF YOU DO NOT AGREE WITH OUR POLICIES AND PRACTICES OR YOU ARE NOT A UNITED STATES OR CANADIAN USER, PLEASE DO NOT USE OUR SERVICES. BY ACCESSING OR USING THE SERVICES, YOU AGREE TO THIS PRIVACY POLICY.
Nutrimedy collects personal and non-personal information about you when you use the Services. We use your information for the following general purposes: providing products and services, billing, identification and authentication, improving the Services, contacting users and conducting research. When you open an Account (as such term is defined in our Terms of Use) through our Services, we ask for Personally Identifiable Information (as defined below) such as your name, email address and phone number. To access certain products and services from Nutrimedy, we may also ask you to provide contact and billing information, Personally Identifiable Information or Protected Health Information (as such terms are defined in the Health Insurance Portability and Accountability Act of 1996, as amended or the Personal Information Protection and Electronic Document Act of 2000 as applicable depending on location of the user). Nutrimedy only shares your Personally Identifiable Information or Protected Health Information when required to complete your transaction or to facilitate a consensual interaction between you and a provider through the Services. Personally Identifiable Information or Protected Health Information is only shared with third parties when the third party and Nutrimedy have a . Business Associate Agreement that covers those parties under the HIPAA compliant umbrella. We may aggregate certain information to develop statistics related to the use of the Services and, in doing so, we might combine information that we have about you with information we obtain from business partners or other companies. When we publish statistics based on aggregated information, those statistics will not contain any Personally Identifiable Information about you. Depending on the Services you use, we may also collect certain personal information, including personal foods, activities and body measurements. Recognizing the highly personal nature of this information, we take special precautions to protect such information.
Nutrimedy uses Stripe to process credit card transactions. You may choose to pay for the Services using Stripe. If you use Stripe to make a payment, we do not receive or store any credit card information. You may also choose to enter credit card information through the Services. If you provide your credit card information through the Services, we will store such information for the duration of the transaction until your credit card is charged and the requested product or service has been purchased. After the transaction is complete, we will delete your credit card number and expiration date from our database. For convenience, we may store your billing address for use during future transactions.
"Personal information" is information through which you can be personally identified, including any photographs you may upload. Personal Information that we collect may include your full name, and/or other payment information (if applicable), your email address, phone number, certain health information, or any other information or data that you provide when using our Services. We collect personal information you choose to provide to us, including through registrations, applications, surveys, chat sessions or other inquiries. We do not collect information that would identify you unless you choose to provide it to us. You can choose not to provide us with certain information, but please be aware that may impact the Services provided to you.
"General information" is information we obtain automatically from your connection, interaction with our Services and the use of Cookies and other technologies. General information does not identify you personally. For instance, we do not identify your name from your Internet browser address, but we use it to compile statistics about users of our Services and preferences of our visitors. General information we collect when you use our Services may include but is not limited to the domain and host from which you access the Internet, the Internet protocol address of the computer you are using ("IP Address"), the browser software you are using, the operating system you are using, the date and time that you access our Services, the specific pages you visit at our Services, the number of visits you make to our Services, the number of visits to specific pages you make using our Services and products or services viewed at our Services.
"Cookies" are small pieces of information which our Services store on your computer and can later retrieve. Cookies cannot be read by a service other than the one that sets the cookie. We use cookies to enhance the use of our Services.
Nutrimedy respects your privacy and will not sell your personal information to third parties. We may use your personal information to provide Services to you, respond to your inquiries, provide information on products and services you request or have a representative contact you regarding our products or services. Unless you have otherwise opted out of receiving email communication from us, you agree by using our Services, to allow us to use your email for communication and provision of Services consistent with this Privacy Policy.
We may also use your personal information to update you on special offers related to our products or services, improve our products and services, provide product announcements or information regarding health topics, deliver other information we believe you will find most relevant, and useful and in any other way we may describe when you provide the information or to which you consent. We may occasionally contact you to gather customer service information to help us determine how we can improve our services and products to better meet your needs. We may also de-identify and/or aggregate your data for various business purposes including product, service and program development and improvement. De-identified data, in individual or aggregated form, may also be used for research purposes both internally by Nutrimedy or with research partners and other third parties for the advancement of clinical and scientific knowledge.
This policy does not apply to personal information we collect from other sources. That information is governed by the agreement between us and the source of the data. We may combine or cross-reference your personal information with general information or other information we may have acquired about you or may acquire about you through other sources, including offline sources of information to help further customize the information, products or services we provide to you.
We use the general information we collect from you to help us understand and analyze users of our Services, including generating aggregate statistics about Services used. This data can then be used to tailor our Services’ content, deliver a better experience for our users. We may also collect, aggregate and maintain anonymous information about the visitors of our Services. We may further share such aggregate, non-identifiable information with business partners, sponsors and other third parties.
If you invite family, friends or other third parties to be part of your team or join your chat sessions with your nutritionist, they will have access to the information shared during that session. You should also be aware that certain features within our Services may allow for group chat sessions or public forums. By inviting any third parties to join your chat sessions or participating in group sessions or public forums, you consent to the disclosure of your personal information, including information about your health and any health conditions to the other participants. We cannot control whether or how these participants will use your personal information or if they will subsequently disclose it. If you do not consent to the disclosure of this information to these third parties, you should not invite them to join your team or participate in the group sessions or other public forums.
From time to time, we may use third parties to provide products, services or otherwise support our business or collaborate with third parties with respect to development, promotion or other business activities related to a particular product or service. As a result, we may disclose personal information that we collect or you provide to contractors, service providers and other third parties solely for purposes of providing the services as outlined above; provided such third parties have agreed to comply with this Privacy Policy or substantially equivalent terms. We may also disclose personal information to our subsidiaries and affiliates; to a third party in connection with a merger, divestiture, restructuring, reorganization, dissolution, sale or transfer of some or all of our assets or other similar corporate transactions or in connection with a bankruptcy, liquidation or similar proceeding.
We may also release your personal information to third parties as required by law, when we believe disclosure is necessary to comply with a legal or regulatory requirements, judicial proceeding, court order or legal process served on us, to protect the safety, rights or property of patients, customers, the public or the Company or defend the Company and its officers, directors, employees, attorneys, agents, contractors and partners, in connection with any legal action, claim, or dispute.
Except as set forth in this Privacy Policy or as specifically agreed to by you, we will not sell or rent your personal information to third parties.
We seek to safeguard the security of your personal information and have implemented reasonable security measures consistent with accepted practices in the healthcare industry to protect the confidentiality of your personal information and limit access to it. We have put in place a variety of information security measures to protect your personal information, including encryption technology, such as Secure Sockets Layer (SSL), to protect your personal information during data transport and at rest. However, despite our efforts to protect your personal information, there is always some risk that an unauthorized third party may find a way around our security systems or that transmissions of your personal information over the Internet will be intercepted. Unfortunately, we cannot guarantee the absolute security of your personal information, nor can we guarantee that information that you provide will not be intercepted while being transmitted to us over the Internet. Therefore, we urge you to also take every precaution to protect your personal information when you are on the Internet or using the Services.
Except as otherwise stated in this Privacy Policy, we do not sell, trade, rent or otherwise share for marketing purposes your personal information with third parties without your authorization. We do share personal information with vendors who are performing services for the Company, such as the servers for our email communications who are provided access to the user's email address for purposes of sending emails from us. Those vendors use your personal information only at our direction and in accordance with our Privacy Policy. We will not disclose your personal information to anyone other than our employees and those third-parties with whom we have a business relationship. In general, the personal information you provide to us is used to help us communicate with you. For example, we use personal information to contact users in response to questions, solicit feedback from users, provide technical support, and inform users about promotional offers. In general, we use non-personal information to help us improve the Service and customize the user experience. We also aggregate non-personal information in order to track trends and analyze use patterns on the Site. This Privacy Policy does not limit in any way our use or disclosure of non-personal information and we reserve the right to use and disclose such non- personal information to our partners, advertisers and other third parties at our discretion. By agreeing to this Privacy Policy you consent to Nutrimedy sharing your Personally Identifiable Information or Protected Health Information to complete a transaction, to facilitate a consensual interaction between you and a provider through the Services, or share informations with third parties with which Nutrimedy has a Business Associate Agreement in place. Except as described in this Privacy Policy or as specifically agreed to by you, Nutrimedy will not disclose any Personally Identifiable Information it gathers from you through the Services. We may only release Personally Identifiable Information to third parties to comply with valid legal requirements such as a law, regulation, search warrant, subpoena or court order or, as deemed necessary in Nutrimedy’s discretion, to protect the legal or property rights of Nutrimedy’s, a user or third party, or to prevent personal injury. In the event that we are legally compelled to disclose your Personally Identifiable Information to a third party, we will attempt to notify you unless doing so might, in our reasonable estimation, violate a law, rule, regulation or court order.
Nutrimedy uses industry-standard encryption technology to protect your privacy. We limit access to personal information about you to employees who we believe reasonably need to come into contact with such information to provide products or services to you in order to do their jobs. We have physical, electronic and procedural safeguards that comply with federal regulations to protect personal information about you. It is important for you to protect against unauthorized access to your password and to your computer or device. It is your responsibility to sign off when you finish using a shared computer or device.
Nutrimedy may use third party vendors and hosting partners to provide the necessary hardware, software, networking, storage and related technology required to operate the Services. The Nutrimedy database is stored on secured servers specifically designed for management of Personally Identifiable Information and Protected Health Information. The Information stored on the server may be transferred to, and stored at, a destination outside of your home country. These destination countries may have different or less protective privacy laws than those in your home country. The Information may also be processed by any service providers appointed by us who operate outside of your home country and their staff, and/or our own staff based outside of your home country. By permitting us to collect your Information, You agree to this transfer, storing or processing outside your home country. Information transferred will be treated in accordance with this Notice.
To opt out, please do not provide your personal information to us, or after providing your personal information to us, please send written notification to us that you no longer wish to receive information and communications from us or otherwise share your personal information. With respect to the collection and use of general information, you have the ability to disable or manage the use of cookies on your computer using controls in your browser. However, you are not able to opt out of the uses of general information otherwise collected as set forth in this policy. Please note that certain features of the App may not be available when cookies are disabled. To learn more about how to manage cookies, visit http://www.allaboutcookies.org.
We are committed to protecting the privacy of children. The Children’s Online Privacy Protection Act ("COPPA") requires that we inform parents and legal guardians about how we collect, use and disclose personal information from children under the age of 13. Neither Nutrimedy nor any of its services or products are designed or intended to attract children under the age of 13. We do not collect Personally Identifiable Information from any person we actually know is under the age of 13. COPPA requires that we obtain the consent of parents or guardians before collecting, using or disclosing personal information from children under the age of 13. In compliance with COPPA, a parent or guardian may request to review, delete or stop the collection of personally identifiable information relating to their child or any child in their legal custody who is under the age of 13. Parents or guardians may review, delete or stop the collection of Personally Identifiable Information by contacting us by letter, phone or email using the contact information provided in this Privacy Policy. A parent or guardian may use the Services to establish an account for a minor. The parent or guardian is solely responsible for providing supervision of the minor’s use of the Services. The parent or guardian assumes full responsibility for ensuring that the registration information is kept secure and that the information submitted is accurate. The parent or guardian also assumes full responsibility for the interpretation and use of any information or suggestions provided through the Services for the minor. If a parent or guardian becomes aware that a child under 13 years old has provided personal information to us without their consent, please contact us at information listed under the Contact Us section below.
Please be aware that our website or services may have links to third-party websites that may collect personal information about you. When you click on one of these third-party links, you are entering another website for which we have no responsibility. This Privacy Policy does not cover the information practices or policies of such third-party websites. We encourage you to read the privacy policies of all such websites since their privacy policies may be materially different than our Privacy Policy.
In addition, we may rely on third-party advertisers, ad networks and ad servers to promote our Services. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about our users. This may include information about users' behavior on this and other Services to serve them interested-based (behavioral) advertising. No information you share within our Services will be shared with third-party advertisers. We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement, you should contact the responsible advertiser directly.
We reserve the right to modify the terms of this Privacy Policy at any time and in our sole discretion, without notice. When the Privacy Policy is changed, modified, and/or amended, the revised Privacy Policy will be posted on our website. Modifications will be effective immediately. You should visit this web page periodically to review the Privacy Policy. You accept any such modifications to this Privacy Policy by continued use of our Services after such modifications are made.
If you would like to update your personal information, delete your account, change your preferences or have any questions or concerns about your privacy, you may contact us at [email protected]. Please note that some information may remain in our records after deletion of your account, including any information or records we are legally obligated to retain.
----------------------
NOTICE OF PRIVACY PRACTICES
EFFECTIVE DATE: November 28, 2017
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
UNDERSTANDING YOUR HEALTH RECORD/INFORMATION
Each time you visit a hospital, physician, dentist, or other healthcare provider, a record of your visit is made. Typically, this record contains your symptoms, examination and test results, diagnoses, treatment, and a plan for future care or treatment. This information often referred to as your health or medical record, serves as a basis for planning your care and treatment and serves as a means of communication among the many health professionals who contribute to your care. Understanding what is in your record and how your health information is used helps you to ensure its accuracy, better understand who, what, when, where, and why others may access your health information, and helps you make more informed decisions when authorizing disclosure to others.
YOUR HEALTH INFORMATION RIGHTS
Unless otherwise required by law, your health record is the physical property of the healthcare practitioner or facility that compiled it. However, you have certain rights with respect to the information. You have the right to:
Receive a copy of this Notice of Privacy Practices from us upon enrollment or upon request.
Request restrictions on our uses and disclosures of your protected health information for treatment, payment and health care operations. This includes your right to request that we not disclose your health information to a health plan for payment or health care operations if you have paid in full and out of pocket for the services provided. We reserve the right not to agree to a given requested restriction.
Request to receive communications of protected health information in confidence.
Inspect and obtain a copy of the protected health information contained in your medical and billing records and in any other Practice records used by us to make decisions about you. If we maintain or use electronic health records, you will also have the right to obtain a copy or forward a copy of your electronic health record to a third party. A reasonable copying/labor charge may apply.
Request an amendment to your protected health information. However, we may deny your request for an amendment, if we determine that the protected health information or record that is the subject of the request:
was not created by us, unless you provide a reasonable basis to believe that the originator of the protected health information is no longer available to act on the requested amendment;
is not part of your medical or billing records;
is not available for inspection as set forth above; or
is accurate and complete.
In any event, any agreed upon amendment will be included as an addition to, and not a replacement of, already existing records.
Receive an accounting of disclosures of protected health information made by us to individuals or entities other than to you, except for disclosures:
to carry out treatment, payment and health care operations as provided above;
to persons involved in your care or for other notification purposes as provided by law;
to correctional institutions or law enforcement officials as provided by law;
for national security or intelligence purposes;
that occurred prior to the date of compliance with privacy standards (April 14, 2003);
incidental to other permissible uses or disclosures;
that are part of a limited data set (does not contain protected health information that directly identifies individuals);
made to patient or their personal representatives;
for which a written authorization form from the patient has been received
Revoke your authorization to use or disclose health information except to the extent that we have already taken action in reliance on your authorization, or if the authorization was obtained as a condition of obtaining insurance coverage and other applicable law provides the insurer that obtained the authorization with the right to contest a claim under the policy.
Receive notification if affected by a breach of unsecured PHI
HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
This organization may use and/or disclose your medical information for the following purposes:
Treatment: We may use and disclose protected health information in the provision, coordination, or management of your health care, including consultations between health care providers regarding your care and referrals for health care from one healthcare provider to another.
Payment: We may use and disclose protected health information to obtain reimbursement for the health care provided to you, including determinations of eligibility and coverage and other utilization review activities.
Regular Healthcare Operations: We may use and disclose protected health information to support functions of our practice related to treatment and payment, such as quality assurance activities, case management, receiving and responding to patient complaints, physician reviews, compliance programs, audits, business planning, development, management and administrative activities.
Appointment Reminders: We may use and disclose protected health information to contact you to provide appointment reminders.
Treatment Alternatives: We may use and disclose protected health information to tell you about or recommend possible treatment alternatives or other health related benefits and services that may be of interest to you
Health-Related Benefits and Services: We may use and disclose protected health information to tell you about health-related benefits, services, or medical education classes that may be of interest to you.
Individuals Involved in Your Care or Payment for Your Care: Unless you object, we may disclose your protected health information to your family or friends or any other individual identified by you when they are involved in your care or the payment for your care. We will only disclose the protected health information directly relevant to their involvement in your care or payment. We may also disclose your protected health information to notify a person responsible for your care (or to identify such person) of your location, general condition or death.
Business Associates: There may be some services provided in our organization through contracts with Business Associates. Examples include physician services in the emergency department and radiology, certain laboratory tests, and a copy service we use when making copies of your health record. When these services are contracted, we may disclose some or all of your health information to our Business Associate so that they can perform the job we have asked them to do. To protect your health information, however, we require the Business Associate to appropriately safeguard your information.
Organ and Tissue Donation: If you are an organ donor, we may release medical information to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
Worker's Compensation: We may release protected health information about you for programs that provide benefits for work related injuries or illness.
Communicable Diseases: We may disclose protected health information to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition.
Health Oversight Activities: We may disclose protected health information to federal or state agencies that oversee our activities.
Law Enforcement: We may disclose protected health information as required by law or in response to a valid judge ordered subpoena. For example in cases of victims of abuse or domestic violence; to identify or locate a suspect, fugitive, material witness, or missing person; related to judicial or administrative proceedings; or related to other law enforcement purposes.
Military and Veterans: If you are a member of the armed forces, we may release protected health information about you as required by military command authorities.
Lawsuits and Disputes: We may disclose protected health information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request, or other lawful process.
Inmates: If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release protected health information about you to the correctional institution or law enforcement official. An inmate does not have the right to the Notice of Privacy Practices.
Abuse or Neglect: We may disclose protected health information to notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
Fundraising: Unless you notify us you object, we may contact you as part of a fundraising effort for our practice. You may opt out of receiving fundraising materials by notifying the practice’s privacy officer at any time at the telephone number or the address at the end of this document. This will also be documented and described in any fundraising material you receive.
Coroners, Medical Examiners, and Funeral Directors: We may release protected health information to a coroner or medical examiner. This may be necessary to identify a deceased person or determine the cause of death. We may also release protected health information about patients to funeral directors as necessary to carry out their duties.
Public Health Risks: We may disclose your protected health information for public health activities and purposes to a public health authority that is permitted by law to collect or receive the information. The disclosure will be made for the purpose such as controlling disease, injury or disability.
Serious Threats: As permitted by applicable law and standards of ethical conduct, we may use and disclose protected health information if we, in good faith, believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
Food and Drug Administration (FDA): As required by law, we may disclose to the FDA health information relative to adverse events with respect to food, supplements, product and product defects, or post marketing surveillance information to enable product recalls, repairs, or replacement.
Research : We may disclose information to researchers when an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your health information has approved their research.