PRIVACY POLICY

For more information or if you have any questions about this privacy statement (“Privacy Statement”), please contact us at support@thehealinglab.co.

Summary 

This is a summary of our Privacy Statement; please read the entire Privacy Statement below. www.thehealinglab.co website, applications, platform, and services (the “THL Platform”) is owned and operated by The Healing Lab, LLC. (“THL”, “The Company”, “we”, “our”, or “us”). The THL Platform provides exercises, tools, training, tutorials, tools, assessments, and surveys to help with mindfulness and meditation therapies. The THL Platform is a tool to be used by Providers with Patients and families and directly with individuals and families. Your personal information and Personal Health Information (“PHI”) is private. All users must also agree to THL Privacy Policy (https://www.thehealinglab.co/privacy-policy). As used herein, “THL Platform” includes the website located at URL www.thehealinglab.co, and all services, applications, or portals available through the website. Naturally, because of what we do, your privacy is extremely important to us. This privacy statement describes how we collect, store, and use your personal information. This Privacy Statement may change, so please check here periodically for updates. Using the THL Platform after we make changes to this document means you agree to be bound by the updated Privacy Statement.

Data Safety and Use

We do not share your data with 3rd parties without your explicit authorization. We may analyze de-identified Data from our users as a group. De-identified data will not identify you personally. Deidentified data can be used as statistical information to determine such things as user demographics and usage patterns for our THL Platform. We may share or sell this de-identified data to others. If we do so, we will do so within the limits of then-current privacy and HIPAA laws and regulations.

Notice Regarding Children

THL permits you to setup Minor Accounts to service minor children up to eighteen (18) years of age (a “Minor Child”). THL shall not be required to verify the identity or age of any Minor Child prior to providing Services. You, as the Account owner, agree to obtain the consent of each Minor Child’s parent or legal guardian prior registering a minor account. You warrant and represent by establishing a minor account, that you have obtained authority granted by such Minor Child’s parent or legal guardian to use the THL Platform on behalf of the Minor Child. 

What is Personal Information?

Personal Information – or PI for short – is information about you that identifies you, and includes things like your name and your email address. If you sign up for a paid subscription through our THL Platform, your PI also includes the data you give us for use in processing your subscription payments. Information you share or store on this THL Platform is also your Personal Health Record information, which we call PHR Data for short. PHR Data may include your medical history, conditions, treatments, medications, health care claims, account numbers, bills, insurance information, and demographic information like your age, gender, ethnicity, and occupation. You can browse our THL Platform anonymously. But, if you provide us PI or PHR Data, you are no longer anonymous to us.

What about my doctor or health care provider?

If your health care provider keeps your health records in digital format, the THL Platform also can – with your permission – connect to your digital health records. However, we are not responsible for how your health care provider uses and discloses your PI and PHR Data. Ask your health care provider(s) for his/her/their privacy policy. If your health care provider gave this THL Platform your PI or PHR Data, but it is incorrect, please contact your health care provider to correct it. We can’t change PHR Data provided by your health care provider(s).

How do we collect your Personal Information (PI) or PHR Data?

If you give us PI or PHR Data, we will store it for as long as you maintain a user account with us. If you ask us to, we will delete or change the PI or PHR Data we maintain about you. However, if we delete your PI and PHR Data, you may no longer be able to use our THL Platform. In some cases, you may choose to allow a trusted individual, such as a caretaker, parent, or adult child to access your account. You are still responsible for all use – and for any misuse – of your account.

How do we store and protect your Personal Information (PI) or PHR Data?

The security of your PI and PHR Data is important to us. While no system can guarantee 100% security, we maintain physical, administrative, electronic, technical and procedural safeguards to help protect your PI and PHR Data, such as Secure Socket Layers (“SSL”) technology. You are also key to maintaining the security of your data: keep your password confidential and don’t write it down. We also recommend you keep a backup of your PHR Data somewhere besides this website. If our security is breached, we will inform you promptly.

How do we use and share your Personal Information (PI) or PHR Data?

We use your PI to make the THL Platform do what you want it to do at a particular time. For example, we use your username to log you into your account and show you your data. We may email you about promotions, specials, and products or services we think you may be interested in. We use general information about our users, which is not PI, to analyze how users interact with our THL Platform and to improve how it works. For example, we might analyze when most users are most likely to log in to the THL Platform and use that information to make sure our servers are at top performance during those times.

We may also analyze de-identified PI or PHR Data from our users as a group. De-identified data is not PI or PHR Data and will not identify you personally. It will be used as statistical information to determine such things as user demographics and usage patterns for our THL Platform. We may share or sell this de-identified data to others. If we do so, we will do so within the limits of then-current privacy and HIPAA laws and regulations.

Residents of California and the European Economic Area have additional privacy rights. Please read the applicable sections below, in the full Privacy Statement, to understand your rights if you reside in either California or the European Economic Area.

Privacy Statement

1. Personal Information

Your privacy is very important to all of us at THL. We have established this privacy statement (“Privacy Statement”) to explain how we collect, protect, use, and store your personal information. Personal information is information about you that is personally identifiable, such as your name, email address, and other information, that is not otherwise publicly available (“Personal Information”). We may collect Personal Information when you use our website, applications, services or through emails, text messages, or mobile apps (collectively, the “THL Platform”).

By visiting the THL Platform, you agree to be bound by the terms and conditions of this Privacy Statement. If you do not agree, please do not use or access the THL Platform. THL may modify this Privacy Statement from time to time and post such modifications here on the company website and THL Platform. The date the Privacy Statement was last revised is identified at the top of the page. If we make subsequent material changes to how we treat our users’ information, we will notify you by email to the email address specified in your account and/or through a notice on the THL Platform home page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our company website or the THL Platform and this Privacy Statement to check for any changes. Your continued use of the THL Platform after any such modification constitutes your acceptance of the modified agreement. By registering or subscribing through the THL Platform, you expressly consent to our use and disclosure of your Personal Information in accordance with this Privacy Statement.

2. Applicability of this Privacy Statement

This Privacy Statement applies solely to the THL Platform and provides you information on the specific information that THL may collect from you via the THL Platform and how THL may use it in connection with the services offered by the THL Platform, whether you are using the THL Platform as a patient, medical provider, or other. We have established this Privacy Statement to explain to you how your personal information is collected, protected, and used. Personal information is information about you that is personally identifiable, such as your name, address, phone number, and email address, that is not otherwise publicly available (“Personal Information”). Additionally, any information on the THL Platform is considered PHR Data. PHR Data might include, but is not limited to (i) your name and contact information, such as your address, phone number, or email address; (ii) your medical history, conditions, treatments, and medications; (iii) your healthcare claims, health plan account numbers, bills, and insurance information; (iv) demographic information, such as your age, gender, ethnicity, and occupation; and (v) computer information, such as your IP address and “cookie” preferences.

If you are a patient or legal representative, your medical Provider’s use and disclosure of your PHR Data, whether directly or through a third party, is subject to your medical Provider’s Notice of Privacy Practices. We cannot control any medical Provider’s use of a patient’s PHR Data. If you are a patient or legal representative of a patient, please contact your medical provider for a copy of their Notice of Privacy Practices. THL provides this THL Platform but protects PHR Data as required by the applicable agreement between THL and your medical provider or other third party and in accordance with applicable law. If you have any issues with the PHR Data managed by your medical Provider’s practice, please contact them directly, as we have no ability to change the information you have provided them. THL protects PHR Data disclosed by you, whether through an upload or other mode of input, according to this Privacy Statement and in accordance with applicable law.

3. Information Collection

THL collects Personal Information from you through the THL Platform to allow us to provide marketing and promotional services that will most likely meet your needs and preferences. We only collect Personal Information about you that we consider necessary for achieving this purpose.

In general, you can browse the THL Platform and decide to not provide us any Personal Information. Of course, you will not be able to view any PHR Data without providing us Personal Information. If you agree to provide us with Personal Information, you are no longer anonymous to us. If you choose to use certain services through this THL Platform, we may require you to provide contact and identity information, and other Personal Information as indicated on the forms throughout the THL Platform. Where possible, we indicate which fields are required and which are optional. You always have the option to not provide information by choosing not to use a particular service.

We may track certain information based upon your behavior on the THL Platform. We use this information to do internal research on our users’ demographics, interests, and behavior to better understand our customers. This information may include the URL that you just came from, which URL you go to next, your computer browser information, and your IP address.

If you send us personal correspondence, such as emails or letters, or if other users or third parties send us correspondence about your activities or postings on the THL Platform, we may collect and retain such information in a file specific to you.

4. PHR Data

When you register for our services available through the THL Platform, the registration process requires you to create a user profile and choose a user name and password for your account, which you should keep and maintain as confidential. If you choose to share your user name or password or user profile through the Company’s Care Team access feature, you understand that those individuals with whom you share that information will have access to your PHR Data and will be able to add, modify, or delete your PHR Data as though they were you. You will be responsible for all activities by users resulting from sharing or not maintaining the confidentiality of your user name or password. You can disconnect these users from your profile at any time.

If you are a registered user of the THL Platform and you choose to connect your medical Provider to our THL Platform, your PHR Data (or that of the person for whom you are the legal representative) currently stored electronically in your medical provider records will become accessible to THL in order to provide you access to such information through the THL Platform. Your electronic health records are stored in the THL Platform, and a copy of them is displayed via the THL Platform when you are logged in with your user name and password.

You can review and change your personal information by logging into the THL Platform and visiting your account profile page.

5. Use and Disclosure of Your Personal Information

We use your Personal Information, including your email address, to facilitate our services. You agree that we may use Personal Information, including your email address, to improve our marketing and promotional efforts, to analyze THL Platform usage, to improve our content and service offerings, and to customize the THL Platform’s content, layout, and services.

We will not disclose your Personal Information to third parties except to:

Service providers who are bound by law or contract to protect the Personal Information and are only allowed to use the Personal Information in accordance with the terms of our service agreements with them.

Effect a merger, acquisition, or otherwise; to support the sale or transfer of business assets; to enforce our rights or protect our property; to protect the rights, property, or safety of others; investigate fraud; respond to a government request; or as needed to support auditing, compliance, and corporate governance functions. We may also disclose Personal Information to defend ourselves in litigation or a regulatory action. We may also disclose Personal Information when required or advised to do so by law, such as in response to a subpoena, or similar legal process, including to law enforcement agencies, regulators, and courts in the United States and other countries where we operate.

We encourage business partners to adopt and post privacy policies. However, the use of your Personal Information by such parties is governed by the privacy policies of such parties and is not subject to our control.

We may also disclose information that is anonymized and not personally identifiable. For example, we may provide our business partners, or other third parties with reports that contain aggregated and statistical data about our users.

6. Aggregate Data

We may aggregate and de-identify (anonymize) data collected via the THL Platform and any associated application. This data will be anonymous and cannot be connected to an individual user. We may use this data for insights, analytics, statistics, research, communications, marketing, trending and benchmarking purposes. We may use aggregate data to understand the needs of our community of users and determine what kinds of programs and services we can help provide. Aggregate data may also be provided or sold to third parties for research purposes.

You may withdraw your consent to participate in anonymized insights in your THL account settings. If you experience difficulty changing your consent status, contact support@thehealinglab.co.

7. Other Use and Ownership

We also reserve the right to share de-identified aggregate data collected from this THL Platform with third parties for other research purposes, to the extent permitted by applicable law including, but not limited to, the requirements under HIPAA.

In the case of non-aggregated PHR Data, pursuant to THL’s business associate agreement with the applicable medical provider, your information may be shared with your applicable medical provider if you choose to connect your medical provider to your profile.

We maintain full rights to any information collected on this THL Platform, and may freely collect, use and disclose such information unless prohibited by this Privacy Statement or applicable law as stated above.

8. Communications from the THL Platform

We may occasionally send you information on our services offerings. Out of respect for your privacy, we provide you a way to unsubscribe from each of these communications. If you no longer wish to receive our promotional communications, you may opt-out of receiving them by following the instructions included in each such communication or by contacting us.

9. Security

The security of your Personal Information is important to us. We follow generally accepted industry standards to protect personal information, including your email address, submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. Accordingly, and while no system can guarantee security, we maintain physical, administrative, electronic, technical and procedural safeguards to help protect your personal information collected via the THL Platform as required by applicable law. While we cannot guarantee that loss, misuse or alteration to data will not occur, we use industry standards, such as Secure Socket Layers (“SSL”) technology, to help safeguard against such occurrences. It is recommended that you personally keep a backup of your PHR Data. In certain areas, the information passed between your browser and our system is encrypted with SSL technology (which covers any messages, personally identifiable information, or communications a person directs to THL or the clinician team) to create a protected connection between you and our THL Platform to ensure confidentiality.

Our data center is both physically and electronically secured. Our servers are protected from open access to the Internet by using firewall and encryption technology. We limit access to personally identifiable information about you to our employees and third-party agents, who we reasonably believe need to have access to your information to provide you with the information or services you request via the THL Platform.

In the event that a breach in our security systems occurs and there is a possibility that an unauthorized person acquires your personal information, we will notify you of such a breach as may be required by applicable law.

In order to help maintain security, you should generally not share your user ID or password and should always sign out when you are finished using the THL Platform. If you choose to share your user name or password or user profile through the Company’s Care Team access feature, you understand that those individuals with whom you share that information will have access to your PHR Data and will be able to add, modify, or delete your PHR Data as though they were you.

10. Access

We will maintain your information and allow you to request updates at any time by logging into your THL Platform account to access your information. We will also take steps to make sure that any updates that you provide are processed in a timely and complete manner.

11. Log Files

As is true of most systems, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information, which does not identify individual users, to analyze trends, to administer the THL Platform, to track users’ movements around the THL Platform, and to gather demographic information about our user base as a whole. We do not link this automatically-collected data to personally identifiable information. We track trends in users’ usage and volume statistics to create a more efficient and usable THL Platform and product offerings, and to determine areas of the THL Platform or our services that could be improved to enhance the user and customer experience. Log files are used on the THL Platform, and in any link to the THL Platform from an email.

12. Cookies and Related Technologies

When you use the THL Platform, we collect certain information by automated or electronic means, using technologies such as cookies, browser analysis tools, and web server logs. As you use the THL Platform, or our applications, your browser and other electronic devices communicate with servers operated by us and our services providers to coordinate and record the interactivity and fill your requests for services and information.

The information from cookies and related technology is stored in web server logs and also in web cookies kept on your computers or mobile devices, which are then transmitted back to the THL Platform by your computers or mobile devices. These servers are operated and the cookies managed by us or our service providers.

For example, when you visit the THL Platform, THL and our service providers and business partners may place cookies on your computers or mobile devices. Cookies allow us to recognize you when you return, and track and target your interests in order to provide a customized experience. They also help us provide a customized experience and help us to detect certain kinds of fraud. A “cookie” is a small amount of information that a web server sends to your browser that stores information about your account and preferences.

Some cookies are temporary, whereas others may be configured to last longer. “Session” cookies are temporary cookies used for various reasons, such as to manage page views. Your browser usually erases session cookies once you exit your browser. “Persistent” cookies are more permanent cookies that are stored on your computers or mobile devices even beyond when you exit your browser. We use persistent cookies for a number of purposes, such as retrieving certain information you have previously provided, and storing your preferences.

We or certain third parties also may use these technologies to collect information about your activities over time and across third-party websites, apps, or other online services (Online Behavioral Tracking) in accordance with the guidelines set forth by the Digital Advertising Alliance (the “DAA”). We do not control these third parties’ tracking technologies or how they may be used. Certain third-party advertising networks, such as Facebook Ads, Google AdSense and AdRoll, use the collected information to serve ads to you on our behalf on other sites throughout the Internet. These cookies do not contain personally identifiable information or PHR Data, nor are they linked to any personal information collected by us.

The information practices of these third-party advertising companies are governed by their own privacy policies and are not covered by this Privacy Statement. Some of these advertising companies may be members of the Network Advertising Initiative (“NAI”), a cooperative of online marketing companies that offers a centralized tool for opting out of behavioral advertising delivered by each of its member companies. If you would like to obtain more information about the NAI and make choices about their members’ use of your information, please visit the NAI website at https://optout.networkadvertising.org/?c=1. Also, through the DAA, several media and marketing associations have developed an industry self-regulatory program to give consumers a better understanding of and greater control over ads that are customized based on their online behavior across different websites. To make choices about interest-based ads from third parties participating in the DAA, please visit the DAA consumer opt out page at http://www.aboutads.info/choices/.

You may view Facebook’s Privacy Statement at: https://www.facebook.com/about/privacy/. You may opt-out of the Facebook Ads partner network by logging into your Facebook account by managing your settings at: https://www.facebook.com/ads/settings. You may view Google’s Privacy Statement at: http://www.google.com/privacypolicy.html. You may opt-out of the AdSense partner network cookie at: http://www.google.com/privacy/ads/ or by using the Network Advertising Initiative’s (NAI’s) multi-cookie opt-out mechanism at: https://optout.networkadvertising.org/?c=1. Further, you may view the AdRoll Privacy Statement and opt-out from their network and affiliated networks, at: https://www.adroll.com/account/privacy. These opt-outs are valid only for the computer and browser combination used to opt-out. Clearing cookies will remove these opt-outs because they stored in cookies.

If you opt-out of AdRoll or an NAI third-party advertising network, you will no longer receive ads based on your browsing history from that network. You may, however, continue to receive generalized online advertising.

13. Manage Your Security Settings

You may manage how your browser handles cookies and related technologies by adjusting its privacy and security settings. Browsers are different, so refer to instructions related to your browser to learn about cookie-related and other privacy and security settings that may be available. You can opt-out of being targeted by certain third party advertising companies online at https://optout.networkadvertising.org/?c=1 or http://preferences.truste.com/truste/.

You may manage how your mobile browser handles cookies and related technologies by adjusting your mobile device privacy and security settings. Please refer to instructions provided by your mobile service provider or the manufacturer of your device to learn how to adjust your settings.

14. Links to Other Sites

The THL Platform may contain links to other sites that are not owned or controlled by THL. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave the THL Platform and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies only to information collected by the THL Platform.

15. Rights to Access and Control Your Personal Data

Any personal data that we collect is based upon your consent. You have many choices concerning the collection, use, and sharing of your data, including the ability to:

· Delete Data: You may request that we delete your personal data. Please note that we cannot delete your personal information except by also deleting your user account.

· Change or Correct Data: You can also ask us to change, update, or fix your data in certain cases, particularly if it’s inaccurate. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

· Object to, or Limit or Restrict, Use of Data: You may request that we do not use your personal data, but keep in mind that this will terminate our ability to provide any Service(s) to you.

· Right to Access and/or Take Your Data: You can ask us for a copy of your personal data.

You may send us an email at support@thehealinglab.co to request access to, obtain copies of, correct, or delete any personal information that you have provided to us. Your email message must include (i) your identifying information (including your IP address, if applicable), (ii) your contact information, and (iii) information about the specific changes, deletions, or other action(s) you are requesting. We require this information so we can determine which information in our control is your Personal Information and complete the actions you requested. We may not accommodate a request to delete or change information if we believe the deletion would violate any law or legal requirement.

16. Account Closure and Discontinuation of Services

We will retain your personal information as long as you maintain your use of the THL Platform, or as needed to provide you THL Platform-related services. Once you request to discontinue use of the THL Platform and deletion of your personal information, we will delete it within 30 days from the date of your request, unless we must retain it to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our terms of use, or fulfill your request to “unsubscribe” from further messages from us. We will retain de-personalized information after you have discontinued your use of the THL Platform.

17. Notice to California Residents.

California Civil Code Section § 1798.83 permits users of the THL Platform that are California residents to request certain information regarding our disclosure of personal information to third parties for direct marketing purposes. To make such a request, please send an email to support@thehealinglab.co.

Please see our CCPA Policy below.

18. Notice to Residents of Countries outside the United States of America

THL is headquartered in the United States of America. Personal Information may be accessed by us or transferred to us in the United States or to our affiliates, business partners, or service providers elsewhere in the world. By providing us with Personal Information, you consent to this transfer. We will protect the privacy and security of Personal Information according to this Privacy Statement, regardless of where it is processed or stored.

The GDPR took effect on May 25, 2018, and is intended to protect the data of European Union (EU) citizens.

As a company that markets the THL Platform, content, products and/or services online we do not specifically target our marketing to the EU or conduct business in or to the EU in any meaningful way. If the data that you provide to us in the course of your use of the THL Platform, content, products and/or services is governed by GDPR, we will abide by the relevant portions of the Regulation.

If you are a resident of the European Economic Area (EEA), or are accessing the THL Platform from within the EEA, you may have the following rights:

· Rights to Access and Control Your Personal Information for residents of the European Economic Area

· Any personal data that we collect is based upon your consent as detailed in this Privacy Statement. You have many choices concerning the collection, use, and sharing of your data, including the ability to:

· Delete Data: You may request that we delete your Personal Information. Please note that in some cases we cannot delete your Personal Information except by also deleting your user account.

· Change or Correct Data: You can also ask us to change, update, or fix your data in certain cases, particularly if it’s inaccurate.

· Object to, or Limit or Restrict, Use of Data: You may request that we do not use your Personal Information, but keep in mind that this will terminate our ability to provide any Service(s) to you.

· Right to Access and/or Take Your Data: You can ask us for a copy of your Personal Information.

To make any of these requests, please contact our GDPR contact at support@thehealinglab.co. Your email message must include (i) your identifying information (including your IP address, if applicable), (ii) your contact information, and (iii) information about the specific changes, deletions, or other action(s) you are requesting. We require this information so we can determine which information in our control is your Personal Information and complete the actions you requested. We may not accommodate a request to delete or change information if we believe the deletion would violate any law or legal requirement.

19. The HIPAA Privacy Rule

The US Department of Health and Human Services provides: “The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.”

You acknowledge that our operation of the THL Platform does not constitute the practice of medicine, and specifically does not create a doctor-patient relationship between you and any healthcare Provider (a “Provider”). The information provided on the THL Platform is for educational purposes only.

Notwithstanding the fact that the THL Platform does not create a doctor-patient relationship between you and a Provider, our preservation of your personal health information shall be HIPAA compliant.

For purposes of this Privacy Policy, “patients” are those individuals who have secured the in-person services of a Provider. If you are a patient of a Provider, you will be provided with a copy of the Provider’s HIPAA Privacy Statement by the Provider, which governs the information collection practices of patients’ personal information by Provider.

20. The California Online Privacy Protection Act, California Consumer Privacy Act, and California Privacy Rights Act

In accordance to CAOPPA, CCPA and CPRA, we adhere to the following:

• Post Privacy policy on the main homepage or a link including the work Privacy which takes users to the Privacy Policy.
• The Privacy policy needs to be easy to read, using easy to read font and plain English,      avoiding technical jargon where possible. 
• Ensure that the policy contains a section explaining your websites stance on online tracking and ensure it is clearly labelled. Explain how you respond to Do Not Track signals and whether or not you disclose personal information to any third parties.
• Disclose all of the ways personal data is collected and used and provide links, where possible, to any third parties that personal data may be shared.
• Disclose in the policy, any choices users have in relation to the collection, use and sharing of their personal information.
• Ensure accountable by providing clear contact details so that users can contact the CRSS with any questions or concerns they may have.
• A list of the categories of personally identifiable information the operator collects.
• A list of the categories of third parties with whom the operator may share such personally identifiable information.
• A description of the process (if any) by which the consumer can review and request changes to his or her personally identifiable information as collected by the operator.
• A description of the process by which the operator notifies consumers of material changes to the operator’s privacy policy.
• The effective date of the privacy policy.
• The Right to Notice. Inform users at or before the point of collection what types of personal information you will collect from them and why.
• The Right to Access: users should be able to request a business to disclose the categories of personal information collected about them, as well as the categories of third parties with which the business shares user information.
• The Right to Deletion: Users should be able to request the deletion of any personal information collected on them by a business.
• The Right to Opt-Out: Users should have the authority to stop the sale of their personal information to third parties. Minors aged 13-16 also have the right to opt-in to the sale of their data, while those aged under 13 require the prior consent of a      parent or guardian.
• The Right to Equal Services and Prices: If a user chooses to exercise any of these rights, a business must not treat them any differently.
• The Right to Initiate Cause of Action: In cases of data breaches have rights to legal action.
• Right to correct: Correct inaccurate personal information.
• Right to limit use and disclosure: Can request limit of use and disclosure of sensitive personal information (social security, driver’s license, state identification card, or passport number, account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account, precise geolocation, racial or ethnic origin, religious or      philosophical beliefs, or union membership, the contents of a consumer’s mail, email and text messages, unless the business is the intended recipient of the communication, or a consumer’s genetic data).

21. COPPA (Children Online Privacy Protection Act) 

• When it comes to the collection of PII from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ Consumer Protection Agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety.
• We do not market to children under the age of 13 years old, and 13-year-olds are prohibited from using this Website without proper consents from parents or legal guardians. 
• By accessing and using our site, you represent that you are at least the age of majority in your state, province, or country of residence, or that you are the age of majority in your state, province or country of residence and you have given us your consent to allow any of your minor dependents to use this site.

22. Fair Information Practices Principles

In accordance with Fair Information Practice Principles, we adhere to the following: 

• Collection Limitation Principle. There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
• Data Quality Principle. Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.
• Purpose Specification Principle. The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.
• Use Limitation Principle. Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with [the Purpose Specification Principle] except: a) with the consent of the data subject; or b) by the authority of law.
• Security Safeguards Principle. Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data.
• Openness Principle. There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.
• Individual Participation Principle. An individual should have the right:

1. To obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him;
2. To have communicated to him, data relating to him within a reasonable time; at a charge, if any, that is not excessive; in a reasonable manner; and in a form that is readily intelligible to him;
3. To be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and
4. To challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended.

• Accountability Principle. A data      controller should be accountable for complying with measures which give      effect to the principles stated above.

23. Changes to the Privacy Policy

• We reserve the right to modify our Privacy Policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the Website. In the event of a material change, We shall notify you via email or by means of a prominent notice on the site.
• If We are acquired or merged with another company, your information may be transferred to the new owners so that We may continue to provide our Services to you.

24. Contacting Us

If there are any questions regarding this Privacy Policy, you may contact us at: support@thehealinglab.co.