When using our services, you may choose to share certain medical information that is protected by relevant laws. It’s important to note that our company is not classified as a “covered entity” under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and related regulations (collectively referred to as “HIPAA”). However, one or more of the pharmacies or Providers that we work with may be considered a “covered entity” or “business associate” under HIPAA, and in some cases, iBeauty.com may act as a “business associate” of these entities.
If iBeauty.com is deemed a “business associate,” we may be subject to certain HIPAA provisions regarding “protected health information” (PHI) that you provide to the pharmacies or Providers, or to us. Please note that any medical or health information that you provide, which is protected by specific state laws, will only be used and disclosed in accordance with those laws. It’s important to know that Protected Information does not include data that has been de-identified under HIPAA.
In the event that iBeauty.com is subject to certain HIPAA provisions related to PHI that you provide, we will handle any medical or health information you provide in compliance with applicable state laws.
By using our Site or by placing an order on our website or by providing your personal information to us, you are accepting and consenting to the practices described in this policy. Please note that this includes consenting to the processing of any personal information that you provide, as described below.
IF YOU DO NOT AGREE WITH THESE PRACTICES, PLEASE DO NOT USE THE SERVICES OR THE WEBSITE OR PROVIDE US WITH ANY OF YOUR PERSONAL INFORMATION.
- What information about the users do we collect?
- Information that you provide us: We collect the information you provide when you use our website and our services, including without limitation, register for an account, place an order, make a payment, share your feedback, submit a complaint, communicate or interact with us in any manner. This can include Personally Identifiable Information (PII) and non-PII information. The examples include your first name, last name, email, phone number, shipping address, billing information, order details, your queries, etc. Additionally, if you are placing an order for one of the products that requires a prescription, we might collect your photos, driver’s license, and your responses to certain medical questions. We also collect information about how you use our services, such as the content you engage with or the frequency and duration of your activities. These details are important for signing up, and for the shipment and delivery of your order.
- Information that we collect when you use the website: We also collect information while you access, browse or view the Site. In other words, when you access the Website, we are aware of your usage of the website, and gather, collect and record the information relating to such usage, including geo-location information, IP address, device and connection information, browser information and web-log information.
- Customer Care: If you contact our customer support via emails, in those cases, we collect all your interactions with our customer support.
- Payment Information: We may store your payment method to allow you a faster checkout. We don’t process your payment card details. For payments, use third-party payment gateway service providers who collect and process your payment request. Credit or debit cards details will NOT be stored, sold, shared, rented, or leased to any third parties.
- Good Judgment: We suggest that you exercise good judgment and caution while providing your personal information.
- What is the lawful basis for which we use your personal information?
You hereby acknowledge that all processing of your personal information will be justified by a “lawful ground” for processing. In the majority of cases, processing will be justified on the basis that:
- Consent: You have given your consent for processing personal data for one or more specific purposes.
- Performance of a contract: Provision of personal data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.
- Legal obligations: Processing personal data is necessary for compliance with a legal obligation to which we are subject.
- Vital interests: Processing personal data is necessary in order to protect your vital interests or of another natural person.
- Public interests: Processing personal data is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Company.
- Legitimate interests: Processing personal data is necessary for the purposes of the legitimate interests pursued by the iBeauty.com.
In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract. Feel free to contact us for this purpose at firstname.lastname@example.org.
- How do we use this information?
We use all of the information we have to help us provide, support and improve our services. We use the information collected from you for one or more of the following purposes:
- To create and update your account;
- To book your consultation with one of the Providers who may write you a prescription;
- To take order from you, and to fulfill that order;
- To process your payments;
- To facilitate the shipment of your order;
- To process your returns and refunds;
- To enable you to use other features and functionalities of our Site;
- To assess queries, requirements, and process requests for various services;
- To improve our Site, services and products;
- To be able to deliver our services, personalise content, and make suggestions for you by using this information to understand how you use and interact with our services and the people or things you’re connected to and interested in on and off our services.
- We use your information to send you marketing communications, newsletter, communicate with you about our services and let you know about our policies and terms. We also use your information to respond to you when you contact us.
- We use the information we have to help verify accounts and activity, and to promote safety and security on of our services, such as by investigating suspicious activity or violations of our terms or policies.
- We also use your information to ensure our services are working as intended, such as tracking outages or troubleshooting issues that you report to us. And we use your information to make improvements to our services.
- We use information to help improve the safety and reliability of our services. This includes detecting, preventing, and responding to fraud, abuse, security risks, and technical issues that could harm iBeauty.com, our community, or the public.
- To respond to summons, court orders, directions or other judicial processes.
- To provide information to law enforcement agencies or in connection with an investigation on matters related to public safety.
- Deleting your information
Your information provided to us is yours. You may request us at any time to delete the same. However, you acknowledge that we may also retain some of the information so deleted for a reasonable period of time in order to comply with legal requests. You can request us to delete your information by writing to us at email@example.com.
- Cookies and Similar Technologies
- Sharing of Information
- As per Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), any medical information pertaining to the patient cannot be disclosed without the requirement of the patient, except under the following conditions:
- As part of treatment
- In the course of billing
- As part of health care operations
- When legally required to do so
- We may also use or disclose your PHI in order to prevent a serious threat to your personal health or safety.
- We may store your payment method to allow you a faster checkout. We don’t process your payment card details. For payments, use third-party payment gateway service providers who collects and processes your payment request.
- We share your personal as well as non-personal information with our third-party service providers (such as pharmacies and shipment vendors) in order to provide you the products ordered by you.
- We keep your information safe and do not share your information with any other third party. However, if we merge with or are acquired by another company or we sell our website or business unit, or if all or a substantial portion of our assets are acquired by another company, in those cases, your information will likely be one of the assets that would be transferred.
- We may also share your information in response to legal request. Please refer to Section 13.
- Storage and Security of Information
- Storage: Your data is stored in our private data storage, databases and servers in USA. We do not share it with any third party, except for the limited purposes as mentioned in the Section 6. The servers and databases in which information may be stored may be located outside the State from which you accessed this Site, and in a State where the data protection and other laws may differ (and be less stringent) from your State of residence. You hereby consent to any such transfer of your personal information.
- Retention: Personal information that we collect, access or process will be retained only so long as necessary for the fulfillment of the purposes for which it was collected, as necessary for our legitimate business purposes, or as required or authorized by law. Personal information that is no longer required to fulfil the identified purposes will be destroyed, erased or made de-identified or anonymous.
- Steps taken by us to protect your data: We regularly take the following steps to protect the integrity of your information:
- We protect the security of your information while it is being transmitted by using secure connection;
- We use computer safeguards such as firewalls to keep this data safe;
- We only authorise access to employees and trusted partners who need it to carry out their responsibilities;
- We regularly monitor our systems for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security; and
- We will ask for proof of identity before we share your personal data with you.
- Links to other Sites
- HIPAA Notice
Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) provides certain rights to the patients. We are responsible to specify these rights to you. Please note, these apply to you only if you fall under the definition of ‘patient’ and where we fall under the definition of ‘covered entities’ as per HIPAA law.
- Protected Heath Information (PHI)
- What information is protected under HIPAA?
- Information your doctors, nurses, and other health care providers put in your medical record;
- Conversations your doctor has about your care or treatment with nurses and others;
- Information about you in your health insurer’s computer system;
- Billing information about you at the clinic; and
- Most other health information about you held by those who must follow these laws
- How is the above-mentioned information protected?
- Covered entities must put in place safeguards to protect your health information and ensure they do not use or disclose your health information improperly.
- Covered entities must reasonably limit uses and disclosures to the minimum necessary to accomplish their intended purpose.
- Covered entities must have procedures in place to limit who can view and access your health information as well as implement training programs for employees about how to protect your health information.
- Business associates also must put in place safeguards to protect your health information and ensure they do not use or disclose your health information improperly.
- What rights does the HIPAA provides you over your health information?
- Ask to see and get a copy of your health records. We reserve the right to charge a reasonable fee for the cost of producing and mailing the copies of such information;
- Have corrections added to your health information. All requests for amendment must be in writing. In certain cases, we may deny your request. For example, we may deny a request if we did not create the information, or if we believe the current information is correct. All denials will be made in writing;
- Notice: Receive a notice that tells you how your health information may be used and shared;
- Permission: Decide if you want to give your permission before your health information can be used or shared for certain purposes, such as for marketing; and
- Report: Get a report on when and why your health information was shared for certain purposes.
- What are measures in place if your rights under HIPAA are denied to you?
If you believe your rights are being denied or your health information isn’t being protected, you can:
- File a complaint with our Grievance Redressal Officer as per Section 17.
- File a complaint with your provider or health insurer
- File a complaint with HHS at https://www.hhs.gov/hipaa/filing-a-complaint/complaint-process/index.html
- How to contact us to exercise the HIPAA rights?
In case you’d like to exercise any of your rights as provided to you under HIPAA, you can contact us at firstname.lastname@example.org.
- California Resident Rights
Categories of Personal Information Collected
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device. The following is a list of categories of personal information which we may collect or may have been collected from California residents within the last twelve (12) months.
Please note that the categories and examples provided in the list below are those defined in the CCPA. This does not mean that all examples of that category of personal information were in fact collected by us, but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been collected. For example, certain categories of personal information would only be collected if you provided such personal information directly to us.
- Category A: Identifiers.
Examples: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver’s license number, passport number, or other similar identifiers.
- Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
Examples: A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
- Category C: Protected classification characteristics under California or federal law.
Examples: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
- Category D: Commercial information.
Examples: Records and history of products or services purchased or considered.
- Category E: Biometric information.
Examples: Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
- Category F: Internet or other similar network activity.
Examples: Interaction with our Service or advertisement.
- Category G: Geolocation data.
Examples: Approximate physical location.
- Category H: Sensory data.
Examples: Audio, electronic, visual, thermal, olfactory, or similar information.
Collected: Yes (Electronic signature, photographic or video images).
- Category I: Professional or employment-related information.
Examples: Current or past job history or performance evaluations.
Collected: Yes (only if you apply for an employment with us).
- Category J: Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Examples: Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
- Category K: Inferences drawn from other personal information.
Examples: Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
We use the personal information that we collect or receive for the business purposes as described above. We may disclose the above listed categories of personal information to third parties for business purposes as described above. As previously mentioned in this Policy, we do not “sell” (as such term is defined in the CCPA) personal information.
You are entitled to the following specific rights under the CCPA and CPRA in relation to personal information related to you:
- You have a right to request that we will disclose certain information to you about our collection and use of personal information related to you over the past 12 months, including: (i) The categories of personal information that we collect about you; (ii)The categories of sources from which the personal information is collected; (iii) The purposes for collecting, using, or selling that personal information. (iv) The categories of personal information that we disclosed for a business purpose or sold, and the categories of third parties to whom we disclosed or sold that particular category of personal information. (v) The specific pieces of personal information that we have collected about you.
- You have a right to request that we delete personal information related to you that we collected from you under certain circumstances and exceptions.
- You also have a right not to be discriminated against for exercising your rights under the CCPA and CPRA.
- You also have a right to submit your request via an authorised agent. If you use an authorised agent to submit a request to access or delete your personal information on your behalf, the authorised agent must: (1) be a person or business entity registered with the California Secretary of State to conduct business in California; (2) provide proof of such registration; and (3) provide documentation or other proof indicating that they are authorised to act on your behalf. We may also require you to verify your identity directly with us, and directly confirm with us that you provided the authorised agent permission to submit the request.
- You have a right to opt-out of sale or sharing of Personal Information (“PI”) and limit the use or disclosure of your Sensitive Personal Information (“SPI”).
- You have a right to correction, where you can request to have your PI and SPI corrected if you find them to be inaccurate.
- You have a right to opt-out of automated decision making, where you can say no to your PI and SPI being used to make automated inferences, e.g. in profiling for targeted, behavioral advertisement online.
- You have a right to know about automated decision making, where you can request access to and knowledge about how automated decision technologies work and what their probable outcomes are.
- You have a right to limit use of sensitive personal information, where you can make businesses restrict their use of your SPI, particularly around third-party sharing.
To make such requests, please contact us at email@example.com
The above rights will only become exercisable by California residents if our Company falls within the scope of CCPA and/or CRPA. Further, we will verify your request using the information associated with your account, including email address. Government identification may also be required.
A request for access can be made by you only twice within a 12-months period. Any disclosures that we provide will only cover the 12-months period preceding receipt of your request. We do not charge a fee to process or respond to your verifiable User request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of the reasons for such a decision and provide you with a cost estimate before processing further your request.
- Notice for Nevada Residents
Under Nevada law, certain Nevada residents may opt out of the sale of “personally identifiable information” for monetary consideration to a person for that person to license or sell such information to additional persons.
“Personally identifiable information” includes first and last name, address, email address, phone number, social security number, or an identifier that allows a specific person to be contacted either physically or online.
Please note, we do not sell your personal information to anyone.
- Rights of Data Subjects from other Jurisdictions
For the purposes of the applicable law, your DATA CONTROLLER for the data collected by us to provide you with our services is:
Company Name: Nature Incredible Inc.
Place of Registration: 3422 Old Capitol Trail #569 Wilmington, Delaware – 19806 (USA)
Data Protection Officer (DPO): Tim Kufs (firstname.lastname@example.org)
Depending upon the laws of your jurisdiction, you may be eligible for some or all of the following rights in respect of your personal information:
- Right to obtain information: You may have a right to obtain information about how and on what basis your personal information is processed and to obtain a copy.
- Right to rectification: You may have the right to have any incomplete or inaccurate information we hold about you rectified and corrected.
- Right of Erasure: You may have the right to erase your personal information in limited circumstances where (a) you believe that it is no longer necessary for us to hold your personal information; (b) we are processing your personal information on the basis of legitimate interests and you object to such processing, and we cannot demonstrate an overriding legitimate ground for the processing; (c) where you have provided your personal information to us with your consent and you wish to withdraw your consent and there is no other ground under which we can process your personal information; and (d) where you believe the personal information we hold about you is being unlawfully processed by us.
- Right of restriction: You may have the right to restrict processing of your personal information where: (a) the accuracy of the personal information is contested; (b) the processing is unlawful but you object to the erasure of the personal information; (c) we no longer require the personal information for the purposes for which it was collected, but it is required for the establishment, exercise or defense of a legal claim or (d) you have objected to us processing your personal information based on our legitimate interests and we are considering your objection.
- Right to object: You may have the right to object to decisions which are based solely on automated processing or profiling.
- Right to ask for a copy: Where you have provided your personal information to us with your consent, you may have the right to ask us for a copy of this data in a structured, machine-readable format and to ask us to share (port) this data to another data controller; or to obtain a copy of or access to safeguards under which your personal information is transferred outside of your jurisdiction.
- Right to withdraw your consent. You may have the right to withdraw your consent on using your personal data. If you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of our services.
- Request the transfer of your Personal Data. If you so have this right, we will provide to you, or to a third-party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note that this right may only apply to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
To make such requests, please contact us at email@example.com. Please note, we reserve the right to reject the request if you are not entitled to the right that you request to enforce.
- How do we respond to legal requests?
We may access, preserve and share your information in response to a legal request (like a search warrant, court order or summon) if we have a good faith belief that the law requires us to do so. This may include responding to legal requests from law enforcement agencies, courts, tribunals and government authorities. We may also access, preserve and share information when we have a good faith belief it is necessary to: detect, prevent and address fraud and other illegal activity; to protect ourselves, you and others, including as part of investigations; or to prevent death or imminent bodily harm. We also may retain information from accounts disabled for violations of our terms for at least a year to prevent repeat abuse or other violations of our terms.
- Children Privacy
Protecting children’s privacy is important to us. We do not direct the Site or our Products to, nor do we knowingly collect any personal information from, such children. If you are not of majority (or above) as per the law of jurisdiction that applies to you, you are not authorized to use the Site without your parent/guardian’s consent. Children under the age of 13 are not allowed to create an account or otherwise use our website if even their parent/legal guardian consents. If we learn that a child has provided personally identifiable information to us, we will use reasonable efforts to remove such information from our database. Please contact us at firstname.lastname@example.org if you believe we unknowingly collected information described in this Section.
- How can I withdraw my consent? (OPT-OUT)
If you sign-up, you will automatically start receiving promotional emails and direct mail from us. If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at email@example.com.
- Governing law and Dispute Resolution
- Email: firstname.lastname@example.org
- Welcoming of suggestions
Last updated on February 16, 2023.