Date: January 19, 2020
SECTION 1 – WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address. If you purchase a lab test from us, we also collect your gender and date of birth, since those are required for creating a lab order form.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
SECTION 2 – CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at firstname.lastname@example.org or mailing us at: NBI, 3525 Del Mar Heights Rd #350, San Diego, CA 92130, United States
IF YOU DO NOT AGREE WITH THESE TERMS, DO NOT USE THIS WEBSITE.
SECTION 3 – DISCLOSURE
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or providing customer services, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
SECTION 4 – SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.
SECTION 5 – MICROSOFT AZURE
For storage, transmission and processing of electronic protected health information (PHI) that we may collect when a customer orders laboratory testing, NBI uses Microsoft Azure. Microsoft Azure is a cloud computing service that uses Microsoft-managed data centers and complies with the security and privacy requirements of the Health Insurance Portability and Accountability Act (HIPAA).
SECTION 6 – THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 7 – INTEREST-BASED ONLINE ADVERTISING AND GOOGLE ANALYTICS
You may set preferences for how Google advertises to you using the Google Ad Preferences page, or you may opt out of interest-based advertising entirely using cookie settings or by visiting the opt-out page for the Self-Regulatory Principles for Online Behavioral Advertising. Because these opt-out and preference forms are specific to your individual browser and are not owned/operated by Seeking Health, we are not able to change your settings or perform the opt-outs for you.
SECTION 8 – SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 9 – AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
Laboratory testing may only be ordered by or for persons 18 years of age or older. By ordering laboratory testing services through our site, you certify that you are at least 18 years old.
SECTION 10 – CALIFORNIA ONLINE PRIVACY PROTECTION ACT
According to CALOPPA we agree to the following:
Users can visit our site anonymously.
Users are able to change their personal information by:
- Emailing us
- Calling us
- Logging into their account
- Submitting an online Contact Form.
SECTION 11 – DO NOT TRACK SIGNALS
We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
SECTION 12 – THIRD PARTY BEHAVIORAL TRACKING
It’s also important to note that we allow third-party behavioral tracking.
SECTION 13 – CAN-SPAM ACT
The CAN-SPAM Act sets the rules for commercial email, establishes requirements for commercial messages, and gives recipients the right to have emails stopped from being sent to them.
We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions
- Process orders and to send information and updates pertaining to orders
- Market to our mailing list or continue to send emails to our clients after the original transaction has occurred
To be in accordance with CAN-SPAM we agree to the following:
- We do not use false, or misleading subjects or email addresses.
- Messages are identified as advertisements in some reasonable way.
- Messages include the physical address of our business headquarters.
- We will honor opt-out/unsubscribe requests quickly.
- We allow users to unsubscribe by using the link at the bottom of each email.
SECTION 15 – VISITORS’ GDPR RIGHTS
If you are within the European Union, you are entitled to certain information and have certain rights under the General Data Protection Regulation. Those rights include:
We will retain any information you choose to provide to us until the earlier of: (a) you asking us to delete the information, (b) our decision to cease using our existing data providers, or (c) the Company decides that the value in retaining the data is outweighed by the costs of retaining it.
You have the right to request access to your data that the Company stores and the rights to either rectify or erase your personal data.
You have the right to seek restrictions on the processing of your data.
You have the right to object to the processing of your data and the right to the portability of your data.To the extent that you provided consent to the Company’s processing of your personal data, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based upon consent that occurred prior to your withdrawal of consent.
You have the right to lodge a complaint with a supervisory authority that has jurisdiction over issues related to the General Data Protection Regulation. We require only the information that is reasonably required to enter into a contract with you.
We will not require you to provide consent for any unnecessary processing as a condition of entering into a contract with us.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products and services to you.
SECTION 17 – HIPAA
NBI’s use and disclosure of certain aspects of your information may be subject to the requirements of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”) and applicable state law. Any information that you submit to us that constitutes “Protected Health Information,” as defined by HIPAA, is subject to HIPAA and applicable state law. The term “Protected Health Information” or “PHI” refers to individually identifiable health information about your past, present or future physical or mental health or condition, the provision of health care to you or the past, present or future payment for such care. If any information collected on this Website constitutes PHI, then our Notice of Privacy Practices included in this Policy will apply.
SECTION 18 – LAB TESTING
NBI is a third-party reseller of laboratory tests. Laboratory test orders are processed through LabTesting API, Ltd (LTA). By accessing our website and ordering laboratory testing through NBI, you hereby agree to all the terms and conditions of the guidelines set forth in this Disclaimer. You further agree that NBI or LTA will not be held accountable for any errors or omissions. NBI offers clinical laboratory services to monitor wellness and encourage increased self-awareness and self-care. The tests, services or products we offer are not intended to diagnose, treat, or cure disease. We give no guarantee that any of our services will prevent disease. All material is provided for educational purposes only and is not intended to be a substitute for a physician’s consultation. NBI does not engage in rendering medical advice or medical services and strongly encourages those who use our service to consult and work with an experienced healthcare provider. Individuals assume full responsibility for acquiring such professional medical assistance with regards to any health disorder, medical condition, or any condition needing medical supervision. NBI encourages you consult your physician if you are experiencing any symptoms or medical condition. We specifically disclaim any expressed or implied warranties or merchantability of fitness for any particular usage, application or purpose. NBI does not recommend self-diagnosis or self-medication, and no information within this web site or presented by NBI or its associates may be construed or interpreted as recommending self-diagnosis or self-medication.
If a lab test result is abnormal, you are encouraged to speak with your physician. To be validated, many tests may need to be repeated at the discretion of a physician. Lab results may vary depending upon age, sex, time of specimen collection, diet, medications, and the limits of modern technology. A single lab test or group of tests cannot guarantee good health. False positive and false negative test results are possible. There are many medical diseases that cannot be uncovered by these tests alone. Testing only constitutes a partial evaluation of your state of health and does not represent a diagnosis or treatment of disease.
NBI shall not be liable to you or anyone else for any loss or injury caused in whole or in part by procuring, compiling, interpreting, delivering or reporting information through this web site. In no event shall NBI be liable to you or anyone else for any decisions made or action taken or not taken by you in reliance on such information. Material placed online by users does not represent medical advice of NBI and we make no representations with respect to the accuracy, reliability, completeness, timeliness or usefulness of the contents.
SECTION 19 – PERSONALLY IDENTIFIABLE INFORMATION
Personally Identifiable Information we Collect. You may generally use this Website without disclosing personally identifiable information. However, the use of certain features and functions of the Website may require you to submit personally identifiable information to us.
In your use of the Website, we may collect any information that you voluntarily share with us. This information may also be collected by a third party vendor, supplier or contractor on our behalf.
We may use third party service providers to assist us in collecting and maintaining this personally identifiable information. However, we require such service providers to maintain the confidentiality of such information.
How we use Personally Identifiable Information we Collect. We will use personally identifiable information for: (1) the purpose for which you provide it; (2) as otherwise may be disclosed at the point of collection; and/or (3) for the purposes described below. In addition, we may use your personal information in the aggregate in a non-identifiable way in order to better understand the services being provided, how to improve these services and how to improve the Website. We may provide this aggregated information to third parties, but when we do so we do not provide any of your information without your express permission.
SECTION 20 – NON-PERSONALLY IDENTIFIABLE INFORMATION
When you visit our Website, we (or a third party vendor or contractor on our behalf) may passively collect non-personally identifiable information about you. This may include (a) IP Address. Your IP address may be collected. Your “IP address” is usually associated with the network location and physical location from which you enter the Internet. We log IP addresses for systems administration purposes. This information helps us determine how often different areas of our site are visited and we also use this information to personalize the content that is displayed to you on the Website based on your previous visits and the ads that you access. We do not link IP address to any information that is personally identifiable.
Most web browsers automatically accept cookies, but you can disable this function so that your browser will not accept cookies. Please be aware that if you disable this function, it may impact your use and enjoyment of the Website.
(c) Statistical Identifiers and Device Recognition. We (or our vendors on our behalf) may employ statistical identifiers, also known as device recognition tools. These tools may be used to assist in managing the content and advertising on our Website by informing us (without using cookies) of the content that you use and view on the Website. These tools collect various information about your device, such as your screen resolution, browser type, and operating system. Many devices have unique, or near unique, device profiles such that collecting this information allows us and our vendors to determine with a reasonable level of statistical accuracy information on your engagement with our Website and advertisements on our Website, as well as your device when you interact with our Website. We do not tie this statistical information to your personal information.
(d) Analytics. We use non-personally identifiable information in the aggregate to determine how much traffic the Website receives, to statistically analyze Website usage, to improve our content, and to customize the Website’s content, layout and services. In addition, we may use your IP address to help diagnose problems with our server, to manage the Website and to enhance the Website based on the usage pattern data we receive.
SECTION 21 – HOW WE DISCLOSE THE INFORMATION WE COLLECT
We may investigate and disclose information from or about you if we have a good faith belief that such investigation or disclosure is (a) reasonably necessary to comply with legal process and law enforcement instructions and orders, such as a search warrant, subpoena, statute, judicial proceeding, or other legal process served on us; (b) helpful to prevent, investigate, or identify possible wrongdoing in connection with the Website; or (c) protect our rights, reputation, property, or that of our users, affiliates, or the public.
Except as stated in this Policy, we do not sell, distribute, or release to a third party your personal information without notice to you.
SECTION 22 – ACCESS TO YOUR PERSONALLY IDENTIFIABLE INFORMATION
Upon written request and verification of your identity, we will provide you with your personal information in our possession as well as the personal information, if any, that we have disclosed to third parties. Requests for such information should be sent to the contact information below. You may also update, correct, or delete your personal information in our possession by contacting us.
SECTION 23 – HANDLING OF ELECTRONIC RECORDS AND BACKUP
In general, we will retain all information collected through the Website for, at a minimum, the length of time permitted by law. However, we will delete any personally identifiable information in our database upon your request or as otherwise required by law. We may retain non-personally identifiable information indefinitely. We maintain backup files as a protection against natural disasters, equipment failures, or other disruptions. Backup files protect you and us because they lower the risk of losing valuable data. Backup files may contain records with your personal information. Removing a record from our active files and databases does not remove that record from any backup systems. Such backup data will eventually be passively deleted as backup records are erased through the normal recycling of backup files. In the meantime, as long as backup records exist, they receive the same security protections as our other records.
SECTION 24 – SECURITY
Communications between your browser and portions of the Website containing personally identifiable information may be protected with various forms of encryption. This encryption is to help protect your information while it is being transmitted. Once we receive your information we strive to maintain the physical and electronic security of your personal information using commercially reasonable efforts.
HOWEVER, NO DATA TRANSMISSION OVER THE INTERNET OR ANY WIRELESS NETWORK CAN BE GUARANTEED TO BE PERFECTLY SECURED. AS A RESULT, WHILE WE STRIVE TO PROTECT YOUR PERSONAL INFORMATION USING COMMERCIALLY AVAILABLE AND INDUSTRY STANDARD TECHNOLOGY, WE CANNOT ENSURE OR GUARANTEE THE SECURITY OF ANY INFORMATION YOU TRANSMIT TO US, AND YOU DO SO AT YOUR OWN RISK.
SECTION 25 – SECURITY BREACH
If we determine that your personal information has or may reasonably have been disclosed due to a security breach of our systems, we will notify you to the extent required by applicable state and federal law, using your information that we have on file.
SECTION 26 – THIRD PARTY PRIVACY
COPYING OR REPRODUCTION OF ANY PORTION OF THIS WEBSITE TO ANY OTHER SERVER, LOCATION, WEBSITE OR ANY THIRD PARTY FOR FURTHER REPRODUCTION OR REDISTRIBUTION IS EXPRESSLY PROHIBITED.
FOR MORE INFORMATION OR TO REPORT A PROBLEM
If you have questions about this notice or would like additional information, you may contact our Privacy Officer at the telephone or address below. If you believe that your privacy rights have been violated, you have the right to file a complaint with the Privacy Officer at NBI or with the Secretary of the Department of Health and Human Services. The complaint must be in writing, describe the acts or omissions that you believe violate your privacy rights, and be filed within 180 days of when you knew or should have known that the act or omission occurred. We will take no retaliatory action against you if you make such complaints.
The contact information for both is included below.
U.S. Department of Health and Human Services
Office of the Secretary
200 Independence Avenue, S.W.
Washington, D.C. 20201
Tel: (202) 619-0257
Toll Free: 1-877-696-6775
3525 Del Mar Heights Rd #350
San Diego, CA 921340, USA
NOTICE OF PRIVACY PRACTICES AVAILABILITY
This notice will be prominently posted on the website where registration occurs.
Contact us at email@example.com with any questions or concerns regarding the above.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at firstname.lastname@example.org or by mail at NBI
[Re: Privacy Compliance Officer]
[3525 Del Mar Heights Rd #350, San Diego, CA 92130, United States]