PRIVACY POLICY
Latest Revision: May 15, 2023
Introduction
This Privacy Policy pertains to the operations of JRNYS Wellness Health, Inc. and its subsidiaries ("JRNYS Wellness," "we," or "us"), encompassing websites at https://jrnys.com as well as potential present or future mobile applications associated with JRNYS Wellness and/or Hers (collectively referred to as the "Platform"). Your use of the Platform, its components, associated content ("Content"), products/services offered by JRNYS Wellness, and any affiliated sites, software, or applications owned or managed by JRNYS Wellness (collectively including the Platform and Content, the "Service") is governed by this Privacy Policy, unless explicitly stated otherwise. Any terms not defined in this Policy can be understood as per the JRNYS Wellness Terms and Conditions.
We are dedicated to respecting user privacy while utilizing our Service. We have formulated this Privacy Policy to elucidate how JRNYS Wellness collects, employs, and discloses information in the context of providing the Service.
Upon establishing an account, registering, or logging in through the Service, or by accessing/utilizing the Service, you acknowledge the latest version of this Privacy Policy. If any modifications are made to our Privacy Policy, we will post the updated version and revise the "Last updated" date accordingly.
Should you employ the Service on behalf of someone other than yourself, you warrant that you are authorized to act on their behalf and that they comprehend and agree to the principles and policies delineated in this Privacy Policy.
Usage Restrictions for Minors
Our Service is generally intended for use by individuals aged 18 years or older, or as stipulated by applicable state laws. Individuals between 13 and 18 years of age (or an older age as specified by majority age regulations) may utilize the Service solely for securing a medical consultation regarding acne treatment with topical skincare products (as available) provided a parent/legal guardian consents in accordance with our Terms and Conditions and the Service requirements. The Service is not devised for, or aimed at, children under 13. If we become aware that we've gathered personal data from someone under 13, we will make reasonable efforts to cease further use of such information.
Moreover, if you're under 16, you (or your parent/legal guardian if under 13) may request the removal of content/information about you on the Platform. To make such a request ("Minor Information Removal Request"), you can:
Via mail: JRNYS Wellness Health, Inc., Attn: Privacy Officer, 515 Congress Avenue, Suite 1515, Austin, Texas, 78701, with "Removal of Minor Information" in the subject line. Use U.S. Certified Mail for confirmation.
Via email: support@jrnys.com with "Removal of Minor Information" in the subject line.
For each Minor Information Removal Request, state "Removal of Minor Information" in the subject line and specify:
The nature of the request
The content/information to be removed
Content/information location on the Platform (e.g., URL)
That the request is for "Removal of Minor Information"
Your name, address, city, state, zip, email, and preferred response mode (mail/email)
Note that we don't accept Minor Information Removal Requests via phone/fax. Non-compliant/incomplete requests won't be processed.
However, note that we might not erase or allow erasure of such data in specific instances, such as legal obligations, medical record storage, third-party postings, anonymization, or non-compliance with removal instructions. The above doesn't confirm JRNYS Wellness' adherence to Children's Online Privacy Protection Act or similar laws.
Protected Health Information
When creating a JRNYS Wellness account, you establish a customer relationship granting access to Platform functions. You offer data like name, email, shipping, and transaction info, not classified as "protected health information" or "medical information."
In certain Service components, you might provide health/medical data protected under laws. JRNYS Wellness isn't a "covered entity" under HIPAA, though Labs, Pharmacies, or Medical Groups (as in our Terms and Conditions) might be. HIPAA might not apply to your interactions with JRNYS Wellness. If deemed a "business associate," JRNYS Wellness could follow HIPAA's provisions concerning "protected health information" ("PHI") shared with JRNYS Wellness, Medical Group, or Providers. Data governed by state laws ("Protected Information") follows applicable laws. Non-protected data is governed by this Privacy Policy. Medical Groups/Providers have Privacy Practices governing Protected Information.
By using the Service, understand that even if HIPAA applies, data you submit for non-treatment purposes isn't Protected Information, governed by our Privacy Policy and relevant state laws.
Gathering of Personal Data
The personal information we amass is contingent upon your interactions with us, the services you utilize, and the choices you make.
We procure details about you from diverse sources and through various methods when you engage with our services. This includes information you directly provide, automatic data collection, third-party data sources, and data we infer or generate from existing data.
Directly Provided Information: We gather personal information that you directly provide to us. For instance:
Name and contact details, like your name, email address, phone number, billing and physical addresses.
Demographic data such as gender, date of birth, and zip code.
Information from third-party websites, networks, platforms, servers, or applications (e.g., Facebook, Twitter, Instagram).
Payment information, such as credit card numbers, financial account details, and other payment particulars.
Content and files, including photos, videos, documents, and other uploads to our Service, encompassing email communications.
Sensitive Personal Data: We may collect sensitive personal information, including:
Government-issued identification like driver's license, passport number, and social security numbers.
Photographic or video images submitted for identification purposes or non-diagnosis/treatment intentions, like images of driver's licenses or passports.
Account access details, such as usernames or account numbers combined with passwords, security/access codes, or other credentials.
Sensitive demographic data, encompassing racial or ethnic origin.
Contents of communications made through our Service.
Biometric information that may be used for identity verification before using our Service.
Health-related data analyzed by us.
Information about your sexual orientation or sex life, analyzed by us.
Automatically Collected Information: When you utilize our services, certain information is automatically collected. For instance:
Identifiers and device data. Our web servers log your IP address and device information when you visit our websites. This includes device identifiers (e.g., MAC address), device type, operating system, browser, software details, and settings.
Geolocation data. Depending on device and app settings, we may collect geolocation data from our apps or online services. This may involve precise geolocation data, denoting data derived from a device to locate you within a radius of 1,850 feet or less.
Usage data. Our websites, apps, and connected products automatically record your activities, including source URL, viewed pages, time spent on pages, access times, and other actions on our website.
Generated information. We draw inferences from collected data to deduce probable preferences or traits. For instance, we deduce general geographic location from your IP address.
Third-Party Sourced Information: We also obtain information from third-party sources, which includes:
Third-party partners, like applications and services, including social networks that you connect with through our services.
Co-branding/marketing partners with whom we offer joint services or marketing activities.
Service providers collecting/providing data on our behalf, e.g., companies determining device location based on IP addresses.
Publicly available sources, such as open government databases.
When asked to provide personal data, you can decline. You may also use browser/OS controls to limit automatic data collection. However, declining certain necessary information may affect service availability or functionality.
Additionally, JRNYS Wellness Health manages information for medical providers and pharmacies you access through our Service, storing health data on their behalf.
Cookies, Mobile IDs, and Similar Technologies
We employ cookies, web beacons, mobile analytics, advertising IDs, and similar tech to operate our online services, collecting data like usage details, identifiers, and device information.
Cookies and Similar Tech: Cookies are small files stored by your browser on your device, containing alphanumeric strings for identification. Web beacons are electronic images within websites or emails. Our websites also interact with third-party content hosting servers. Our apps access mobile IDs generated by operating systems.
Usage by Us and Partners: We and our partners utilize these technologies to gather personal data, track your activities, analyze website/app performance, deliver tailored advertising, combat fraud, and more. Data collected or inferred may be shared with third parties for these purposes.
Controls Available: A variety of controls exist for managing cookies and related technologies through browsers, mobile OS, and other methods. Consult the "Choice and Control of Personal Data" section for further details.
Usage of Collected Information
We utilize the personal information we gather for the purposes outlined in this privacy statement or as communicated to you otherwise, within the limitations mentioned in the Protected Health Information Section above. Below are some examples of how we use personal information:
Product and Service Delivery:
Providing and delivering our services, including troubleshooting, ensuring smooth navigation through the service, confirming your location, enhancing and personalizing the services.
Categories of Personal Data Used: Contact information, demographic data, payment information, content and files, biometric information, identifiers and device information, geolocation data, usage data, inferences
Sensitive information used: Government ID, account access information, sensitive demographic data, contents of communications, biometric information for identification, health data for collection and analysis, information about sex life or sexual orientation for collection and analysis.
Business Operations:
Operating our business, such as billing, processing payments, accounting, managing your account, enhancing internal operations, securing systems, detecting fraudulent or illegal activities, verifying identity, and meeting legal obligations.
Categories of Personal Data Used: Contact information, demographic data, payment information, content and files, biometric information, identifiers and device information, geolocation data, usage data, inferences
Sensitive information used: Government ID, account access information, precise geolocation data, sensitive demographic data, contents of communications, genetic data, biometric information for identification, health data for collection and analysis, information about sex life or sexual orientation for collection and analysis.
Product Improvement, Development, and Research:
Developing, testing, or improving the service, content, features, products, or services offered through the service. Identifying or creating new products or services. Analyzing traffic and user behavior for insights.
Categories of Personal Data Used: Contact information, demographic data, payment information, content and files, biometric information, identifiers and device information, geolocation data, usage data, inferences
Sensitive information used: Government ID, account access information, precise geolocation data, sensitive demographic data, contents of communications, genetic data, biometric information for identification, health data for collection and analysis, information about sex life or sexual orientation for collection and analysis.
Personalization:
Understanding user preferences to enhance the user experience and enjoyment of our services.
Categories of Personal Data Used: Contact information, demographic data, payment information, content and files, biometric information, identifiers and device information, geolocation data, usage data, inferences
Sensitive information used: Government ID, account access information, precise geolocation data, sensitive demographic data, contents of communications, genetic data, biometric information for identification, health data for collection and analysis, information about sex life or sexual orientation for collection and analysis.
Customer Support:
Providing customer support, fulfilling requests, and responding to inquiries. Handling orders for products or services on behalf of users.
Categories of Personal Data Used: Contact information, demographic data, payment information, content and files, biometric information, identifiers and device information, geolocation data, usage data, inferences
Sensitive information used: Government ID, account access information, precise geolocation data, sensitive demographic data, contents of communications, genetic data, biometric information for identification, health data for collection and analysis, information about sex life or sexual orientation for collection and analysis.
Communications:
Sending information related to JRNYS Wellness, medical providers, pharmacies, medical groups, and healthcare professionals. Includes confirmations, invoices, technical notices, updates, security alerts, support, and administrative messages. Facilitating telehealth services.
Categories of Personal Data Used: Contact information, demographic data, payment information, content and files, biometric information, identifiers and device information, geolocation data, usage data, inferences
Sensitive information used: Government ID, account access information, precise geolocation data, sensitive demographic data, contents of communications, genetic data, biometric information for identification, health data for collection and analysis, information about sex life or sexual orientation for collection and analysis.
Marketing:
Communicating about new services, offers, promotions, rewards, contests, events, and other information regarding our services and those of selected partners.
Categories of Personal Data Used: Contact information, demographic data, payment information, content and files, biometric information, identifiers and device information, geolocation data, usage data, sensor data, inferences
Sensitive information used: Health data for collection and analysis.
Advertising:
Promoting and marketing JRNYS Wellness, the service, and related products or services.
Categories of Personal Data Used: Contact information, demographic data, identifiers and device information, geolocation data, usage data, inferences
Sensitive information used: Health data for collection and analysis.
Data De-identification:
We may de-identify information and use, create, and sell such de-identified information for any lawful business purpose.
These are the key purposes for which we use the information we collect. We may share this information as described in the "Disclosure of Information" section below.
Disclosure of Information
We may share personal data in the following circumstances:
Service Providers: We share personal data with vendors or agents who work on our behalf to provide the services described in this statement. For instance, third-party companies assisting in customer service or safeguarding our systems may require access to personal data for these functions.
Financial Services & Payment Processing: When you provide payment information, such as for purchases, we disclose payment and transactional data to banks and relevant entities for payment processing, fraud prevention, credit risk assessment, analytics, and related financial services.
Marketing/Ad Partners: Personal data may be shared with marketing and advertising partners. For instance, we might share identifying information with advertising partners to deliver personalized ads or target ads to individuals with similar interests. This could include certain sensitive personal information, such as health data, if it is not Protected Health Information.
Affiliates: Personal data could be accessed by our subsidiaries, affiliates, and related companies when necessary to provide services or operate our business.
Medical Groups, Providers, Pharmacies, and Labs: We facilitate information sharing between you and these entities for service provision and payment collection.
Corporate Transactions: Personal data may be disclosed in corporate transactions, such as mergers, acquisitions, bankruptcy, or sale of a portion of our business.
Legal and Law Enforcement: We might access, disclose, or preserve personal data if required by applicable law or legal process, including requests from law enforcement or government agencies.
Security and Safety: Personal data could be disclosed to protect customers and prevent fraud, ensure the security of our services, and enforce agreements, terms, and policies.
Third-Party Analytics and Advertising: Our website and apps may allow third-party analytics and advertising providers to collect personal data, including identifiers, device information, geolocation data, and usage data. These vendors might combine data across various sites for analytics and marketing purposes.
Other Integrations: Our services may include integrations with third-party services, and information shared with those third parties is governed by their privacy statements.
Furthermore, we may disclose de-identified information in accordance with applicable law.
Choice and Control of Personal Data
We offer various ways for you to control the personal data we possess, including choices about its use. If you wish to access, copy, correct, or delete your personal data held by us, you can do so by visiting our privacy portal.
You can also opt out of promotional communications by following instructions in the message or contacting us. You can manage targeted advertising using browser and platform controls, such as opting out through NAI (http://optout.networkadvertising.org) or DAA (http://optout.aboutads.info/).
Please note that these controls are specific to your device or browser, and we may decline requests in certain cases where permitted by law.
Data Retention
We retain your information as long as necessary for various purposes, including legal compliance, dispute resolution, agreements enforcement, and service provision. Other parties with whom we share your information may have their own retention policies.
Jurisdictional Issues
Our service is subject to U.S. law, and this privacy policy applies to information collected within the United States.
California Residents
If you're a California resident, you have rights under the California Consumer Privacy Act (CCPA), such as the right to know, correct, or delete your personal information. You can opt out of the sale or sharing of your personal information. We do not knowingly sell or share information of minors under 16.
Miscellaneous
We take reasonable measures to protect information, but you're responsible for securing your account. We may update this Privacy Policy and will notify you of material changes.
Contact Us
If you have questions about this Privacy Policy, contact us at support@jrnys.com