By accessing or using our Site or Service, you accept the practices and policies outlined in this Privacy Policy, and you hereby consent that we will collect, use and disclose your information as set forth in this Privacy Policy. If you are using our Site or Service on behalf of an individual other than yourself, you represent that you are authorized by such individual to accept this Privacy Policy on such individual’s behalf. By agreeing to our Privacy Statement and Terms of Use and Terms of Service, you consent to the storing and processing of your information in the USA and countries outside of the country you live in.
WHAT INFORMATION DO WE COLLECT?
In general, you can visit the Site without telling us who you are or revealing any personally identifiable information about yourself. However, you should be aware that sections of the Service (including restricted portions of the Site) allow for the submission of and collection through use of the Service of personally identifiable information, including, but not limited to:
(1) your name and contact data (such as your e-mail address, phone number, and billing and physical addresses);
(2) your login and password;
(3) demographic and health and wellness data (such as your gender, date of birth, wellness background, weight, height, lifestyle information, medication history, and zip code);
(4) your communications with Practitioners conducted through the Service; and
(5) any information you provide when you contact or communicate with us (credit card data). We may also collect information from you necessary to provide you with services you request from Practitioners utilizing the Service, which may include, but is not limited to:
(a) payment information;
(b) insurance information;
(c) health and medical data (such as previous doctors or other healthcare providers you visited, your reason for visiting a healthcare provider, date of visit, medical history and condition, medications, images or videos and other medical and health information you share with us);
(d) identifying facial photographs;
(e) information regarding pregnancy and/or breastfeeding;
(f) demographic information including, but not limited to: ethnicity;
(g) detailed information regarding specific aesthetic concerns and triggers for these concerns;
(h) information regarding adverse reactions; and
(i) information regarding test results, diet, environmental risk factors, skin/hair characteristics, life style, smoking status, and SPF usage.
To protect your security and privacy, we require that you or your legal representative (as opposed to a third party on your behalf) enter the personally identifiable information that we collect and that the information be current. Northwestern Hair disclaims any legal duty to verify the accuracy of any personally identifiable information that you provide beyond what may be required by law for the particular purpose for which the information is to be used.
In addition to the information we collect directly from you, we may also collect certain information from the Practitioners who provide treatment or other services to you in connection with our Service. This information may include, but is not limited to, a Practitioner’s diagnoses, treatment plans (including prescription details) and notes. We may also receive information from third parties that pay for your care or provide you with treatment, laboratory care or prescription medication, which may include, for example, your prescription history, insurance policy, insurance eligibility and coverage, and laboratory test results.
We may automatically collect certain information from your device through which you access our Service. This information includes, but is not limited to, your language preferences, your phone number or other unique device identifier (the International Mobile Equipment Identity or the Mobile Equipment ID number), the IP address of your device, the manufacturer, model and operating system of your device, the name and version of our Service you are using, information regarding your browser and information that allows us to personalize our Service. We or our service providers may also collect information about how you interact with our Service and any of our websites to which our Service links, such as how many times you use a specific part of our Service, the amount of time you spend using our Service, how often you use our Service, actions you take in our Service and how you engage with our Service. For more details about this type of data collection, please refer to the section below on cookies and web beacons.
We will obtain information regarding your location or the location of your device through which you access our Service. Information regarding your location will be obtained directly from you when you provide us with your zip code. Alternatively, our Service may obtain precise information about the location of your device with your express consent. Once you have consented to the collection of the precise location of your device, you may adjust this consent by managing your location services preferences through the settings of your device.
HOW DO WE USE YOUR INFORMATION?
In connection with providing you with our Service, we and our affiliates may use, compile, analyze and save, your information for a number of purposes, including, but not limited to:
(a) verifying your identity and administering your account, including processing your payments and fulfilling your orders;
(b) communicating with you about our Service or your use of our Service, and sending you communications on behalf of the Practitioners;
(c) ensuring quality customer service by providing you customer support, responding to your requests or concerns, ensuring that our Service functions properly for you, and tailoring our Service to meet your needs;
(d) as applicable, facilitating the provision of healthcare services to you by a Practitioners, and ensuring the Practitioners the services and support necessary for health care operations;
(e) sending you push notifications (notifications may be enabled or disabled through your device or app settings depending on your device type); and
(f) detecting, preventing, investigating and responding to fraud, intellectual property infringement, violations of our Terms of Use, Terms of Service, or other misuse of our Service or a Practitioner’s services.
We use information regarding your location or the location of your device through which you access our Service for a number of purposes, including, but not limited to:
(a) identifying Practitioners who may provide you with healthcare services;
(b) providing you with a list of nearby pharmacies that may fulfill any prescriptions provided to you by your Practitioner; and
(c) identifying other healthcare providers whom you may visit at the recommendation of your Practitioner.
HOW DO WE DISCLOSE YOUR INFORMATION?
We may disclose your information to third parties in connection with the provision of our Service or as otherwise permitted or required by law. For example, we may disclose your information to:
(a) our third-party service providers that provide services such as the hosting of our Service, data analysis, IT services and infrastructure, customer service, e-mail delivery, auditing and other similar services;
(b) Practitioners to schedule and fulfill appointments and provide health care services as part of the Service;
(c) Practitioners to whom you send messages through our Service;
(d) Practitioners for other treatment, payment or healthcare operations purposes upon your request;
(e) third parties as we believe necessary or appropriate to comply with applicable laws; and
(f) to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, liquidation or other disposition of all or any portion of our business, assets or stock. With respect to transfers to third party agents of Northwestern Hair under the Privacy Shield, the Privacy Shield requires that Northwestern Hair remain liable should those agents process your information in a manner inconsistent with the Privacy Shield Principles. There may also be instances where Northwestern Hair may be required to share your information with third parties who have not been retained by Northwestern Hair, during inspections or audits, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, or as ordered or directed by courts or other governmental agencies. Many entities receiving your information under these conditions have privacy requirements that apply to their handling of your information.
Northwestern Hair will not disclose your information to third parties for their own separate use unless you have consented to such sharing. However, we may share the information about you that you provide to us with other companies collecting and using the
information you provide to us to better understand the offers, promotions, health and wellness benefits, insurance trends, employer related trends, and types of advertising that are most appealing to our customers. After the information is collected by these third parties, it is aggregated so it is not personally identifiable or tied to you or any other user. We also offer you the ability to choose (opt-out) whether your information is
(a) to be disclosed to a non-agent third party or
(b) to be used for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized by you. For sensitive information (i.e. personal information specifying medical or health conditions, racial or ethnic origin; etc.), you are given affirmative or explicit (opt in) choice if the information is to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by you through the exercise of opt in choice. EU and Swiss individuals have a right of access to correct or delete information we hold about you. If your personal information changes you may contact support@vedagraceclinic.com or by postal mail at the contact information listed below. We will respond to your request to access within 30 days.
We may also collect and group demographic and preferences information, responses to surveys and other personally identifiable information that we collect from you into an aggregate, nonpersonally identifiable form for disclosure to our existing or potential business partners, affiliates, sponsors, regulators as part of further product development, including as part of a pre- market submission with the FDA, or other third parties. However, please be assured that this aggregate data will in no way personally identify you or any other parties participating in the Service.
When you submit personally identifiable information to us as part of the Service, you may be given an opportunity to opt in to receiving additional information from or on behalf of Northwestern Hair and/or selected third parties. If you opt in, you may be added to our list of Secure Users who will receive additional features, promotional and marketing communications from us, our partners and/or other third parties. If you initially opt in to receiving such communications and you later decide that you no longer want to receive them, you may opt out of receiving promotional and marketing communications from us and/or our partners and other third parties by contacting us at support@vedagraceclinic.com. If you discontinue your use of the Service for a period of ninety days or more we may require you to re-register or otherwise stop communicating with you electronically.
Further, in the event that your access to the Site and use of the Services are offered in connection with a program offered or supported by your employer, we may disclose certain group health results with your employer, provided that this group health information is aggregated and not personally identifiable.
HOW DO WE STORE INFORMATION?
Northwestern Hair will store archives of information subject to this Privacy Policy from Secure Users for no less than the required legal period, but may retain some or all of the information indefinitely in Northwestern Hair sole discretion.
CAN YOU REQUEST A COPY OF INFORMATION SUBJECT TO THIS PRIVACY POLICY?
With respect to all active Secure Users of the Services, upon the detailed and reasonable written request of an active Secure User and the payment of any applicable fees Northwestern Hair may charge to copy and distribute materials, Northwestern Hair shall make copies of information subject to this Privacy Policy and identifying the requesting Secure User maintained by Northwestern Hair to such Secure User within a reasonable time of the request.
USE BY MINORS
Our Service is intended for use by individuals 18 years of age or older. However, if you are a parent, legal guardian or personal representative of a minor child at least 13 years of age, you may, in compliance with the Terms of Service use our Service on behalf of such minor child. Any information you provide us on behalf of your minor child will be treated in accordance with this Privacy Policy. We do not knowingly collect information for individuals under the age of 13. If we learn that we have received any information for an individual under the age of 13, we will only use that information to respond directly to that child (or a parent, legal guardian or personal representative) to inform him or her that he or she cannot use our Service, and subsequently we will delete that information from our own servers.
THIRD PARTIES
This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices, including data privacy and security processes and standards of any third parties, including Practitioners, the manufacturer of your mobile device, and any other third party mobile application or website to which our Service may contain a link. These third parties may at times gather information from or about you. We have no control over the privacy practices of these third parties. We encourage you to review the Notice of Privacy Practices of each Practitioner who provides you with services and the privacy policies of each website and application you visit and use. Even though Northwestern Hair is not a “covered entity” as defined in HIPAA, any Practitioner engaging through our Service may be a “covered entity” and therefore subject to the provisions of HIPAA from time to time. If a Practitioner has adopted a HIPAA Notice of Privacy Practices, it will describe how your Practitioner uses and discloses your protected health information (“PHI”). Northwestern Hair has agreed that its collection, use and disclosure of your PHI on behalf of your Practitioner will be done consistent with your Practitioner’s HIPAA Notice of Privacy Practices except to the extent you have expressly authorized additional uses and disclosures.
COOKIES AND WEB BEACONS
Please note that we may use “cookies”—a small data file that we transfer to your computer’s hard drive—to collect certain information about you and your use of our Service, such as IP addresses (the Internet access of a computer), domain names, and the type of computer, smart phone device, and operating system being used. We may also use cookies to identify your computer or smart phone device when you revisit our Service to, for example, recall your authentication information or to track statistical information related to navigation throughout the Site or App, as applicable. We may use both “session” cookies and “persistent” cookies in order to better operate the Service to enhance your experience while using the Service. A session cookie enables certain features of the Service and is deleted from your computer or smart phone device, as applicable, when you disconnect from or leave the Site or App. If a portion of the Service requires a password, you are giving us explicit permission to use a persistent cookie, which is a small data file that is generated when, as a registered user of the Service, you enter your assigned user ID and password to access the password-protected area of the Service. This file is stored on your computer or smart phone device. You may adjust your browser to refuse to accept cookies, remove cookies or notify you when a cookie is set by editing your web browser preferences or options. (Each browser is different, so check the “Help” menu on your browser to learn how to change your cookie preferences.) You do not have to accept all cookies sent to you by the Service; however, depending on the particular cookie you reject, you may not be able to use some features of the Service or some features may not function properly.
Please note that linked third-party websites may also use cookies. We cannot control the use of cookies by these third-party websites. For example, when you link from the Service to a third-party website, that website may have the ability to recognize that you have come from our Service by using cookies. If you have any questions about how third-party websites use cookies, you should contact such third parties directly.
We may also employ software technology known as “web beacons” or “clear GIFs,” which helps us keep track of what content on our Service is effective. Web beacons are small graphics with a unique identifier that are used to track the online movements of Internet users. Web beacons are embedded in the web pages you review, so they are not stored on your hard drive. The web beacons we may use will not track or collect any personally identifiable information about you and they are in no way linked to your personally identifiable information.
SECURITY OF INFORMATION AND DISCLOSURES
Northwestern Hair uses industry standard security measures to safeguard information concerning, and submitted by, users like you. Despite the security measures employed by Northwestern Hair, you should be aware that it is impossible to guarantee absolute security with respect to information sent through the Internet or as part of a mobile application.
Northwestern Hair will, to the extent possible, control your personally identifiable information, and, except as otherwise set forth in this Privacy Policy, we will not disclose your personally identifiable information to third parties. Although we are committed to maintaining the confidentiality of your personally identifiable information, if required by law, we reserve the right to disclose such information without first obtaining your consent.
We strive to use reasonable physical, technical and administrative measures to protect information under our control. However, you must keep your password secure and your account confidential, and you are responsible for any and all use of your account. If you have reason to believe that the security of your account has been compromised, please notify us immediately in accordance with the “Contacting Us” section below.
When using our Service, you may choose not to provide us with certain information, but this may limit the features you are able to use. You may also choose to opt out of receiving certain communications (e.g., newsletters, promotions) by emailing us your preference. Please note that even if you opt out, we may still send you service-related communications.
If you reside in the EU or Switzerland, you may access your information by sending a request to Northwestern Hair at the address specified in “Contacting Us” information below.
If you reside in California and have provided your personally identifiable information to us, you may request information once per calendar year about our disclosures of certain categories of your personally identifiable information to third parties for their direct marketing purposes. Such requests must be submitted in writing using the email address in the “Contacting Us” section below.
PRIVACY SHIELD NOTICE FOR USERS IN THE EUROPEAN UNION AND SWITZERLAND
Northwestern Hair complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union or Switzerland, to the United States. Northwestern Hair has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. In compliance with the Privacy Shield Principles, Northwestern Hair commits to resolve complaints about our collection or use of your personal information. Individuals in the European Union or Switzerland with inquiries or complaints regarding our Privacy Shield policy should first contact Northwestern Hair at support@vedagraceclinic.com or by mail at the address below. We will respond to your inquiry or complaint within 30 days. Northwestern Hair has further committed to refer unresolved Privacy Shield complaints to the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus, an alternative dispute resolution provider. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit http://www.bbb.org/EU- privacy-shield/for-eu-consumers for more information or to file a complaint. The services of the BBB EU PRIVACY SHIELD alternative resolution services are provided at no cost to you. Under certain limited conditions, individuals may invoke binding arbitration as a last resort before the Privacy Shield Panel. The FTC has jurisdiction over Northwestern Hair compliance with the Privacy Shield.
CONTACTING US
If you have any questions about this Privacy Policy, please contact us by email at support@vedagraceclinic.com or by regular mail at:
Northwestern Hair, Inc. 1452 E 53rd St, Suite 1208, Chicago, IL 60611
Last Revised: May 16, 2019
