Vitality Hub Privacy Policy

Effective Date: October 26, 2023

Welcome to Vitality Hub! This Privacy Policy explains how Vitality Hub, operated by HealthFirst Solutions LLC, located at 12 Elm Street, Suite 300, Boston, MA 02111, collects, uses, and discloses your personal information when you use our website, vitalityhub.com, and our related services (collectively, the "Services"). At Vitality Hub, we are committed to protecting your privacy and ensuring the security of your personal information. This policy is designed to inform you about the types of information we collect, how we use it, and your rights regarding your information.

1. Information We Collect

We collect several types of information from and about users of our Services, including:

• Personal Information: This includes information that can be used to identify you, such as your name, email address, phone number, postal address, date of birth, and any other information you provide to us directly through forms or account registration. For instance, when you sign up for a personalized wellness program, we collect your name, contact information, and health-related data to tailor the program to your specific needs.
• Health Information: With your explicit consent, we may collect information about your health, fitness level, dietary habits, sleep patterns, and mental well-being. This information is crucial for providing you with customized wellness plans and recommendations. For example, we may ask about your current exercise routine, dietary preferences, and any pre-existing health conditions.
• Payment Information: If you purchase any of our paid services, such as premium wellness programs or one-on-one coaching sessions, we collect payment information necessary to process your transactions. This includes your credit card number, billing address, and other financial details. Note that we use secure payment gateways to protect your financial data.
• Usage Data: We automatically collect information about how you access and use our Services, including your IP address, browser type, operating system, referring URLs, pages visited, and the dates and times of your visits. This data helps us understand how users interact with our platform, identify areas for improvement, and optimize the user experience.
• Cookies and Tracking Technologies: We use cookies, web beacons, and other tracking technologies to collect information about your browsing behavior on our website. Cookies are small text files that are stored on your device and allow us to recognize you when you return to our site. We use cookies to personalize your experience, remember your preferences, and analyze website traffic. You can control cookies through your browser settings, but disabling cookies may affect your ability to use certain features of our Services. For more information, please refer to our Cookies Policy.

2. How We Use Your Information

We use the information we collect for various purposes, including:

• Providing and Improving Our Services: We use your information to operate, maintain, and improve our Services, personalize your experience, and develop new features and functionality. For example, we use your health information to create personalized wellness plans, track your progress, and provide you with tailored recommendations.
• Personalization: To tailor content and experiences to your interests and preferences. This includes showing you relevant articles, videos, and product recommendations based on your past activity and profile information.
• Communication: To communicate with you, including responding to your inquiries, providing customer support, sending you updates and promotional materials, and notifying you about changes to our Services. We may contact you via email, phone, or in-app notifications.
• Marketing: To send you promotional emails, newsletters, and other marketing communications about our products and services, as well as those of our partners. You can opt out of receiving marketing communications at any time by following the unsubscribe instructions included in our emails or by contacting us directly.
• Analytics: To analyze how users interact with our Services, track usage trends, and measure the effectiveness of our marketing campaigns. We use this information to improve our website, optimize our content, and enhance the user experience.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes, as well as to protect our rights and the rights of others. This includes responding to legal requests, resolving disputes, and enforcing our terms of service.
• Research: We may use anonymized and aggregated data for research purposes to understand health trends, evaluate the effectiveness of our programs, and develop new wellness solutions.

3. How We Share Your Information

We may share your information with third parties in the following circumstances:

• Service Providers: We share information with third-party service providers who help us operate our Services, such as hosting providers, payment processors, email marketing platforms, and analytics providers. These service providers are contractually obligated to protect your information and only use it for the purposes we specify.
• Business Partners: We may share information with our business partners, such as healthcare providers, fitness centers, and wellness coaches, to provide you with integrated services and offerings. We will only share your information with your consent and in accordance with this Privacy Policy.
• Legal Requirements: We may disclose your information if required to do so by law or in response to a valid legal request, such as a subpoena or court order.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred to the acquiring company. We will notify you via email or prominent notice on our website if such a transfer occurs and provide you with choices regarding your information.
• With Your Consent: We may share your information with third parties with your explicit consent. For example, if you participate in a research study, we will obtain your consent before sharing your data with the researchers.

4. Data Security

We take reasonable measures to protect your personal information from unauthorized access, use, or disclosure. These measures include:

• Encryption: We use industry-standard encryption technologies to protect your sensitive information, such as payment details and health data, during transmission.
• Secure Storage: We store your information on secure servers with restricted access and implement physical, technical, and administrative safeguards to prevent unauthorized access.
• Access Controls: We limit access to your information to authorized personnel who need it to perform their job duties.
• Regular Security Audits: We conduct regular security audits and vulnerability assessments to identify and address potential security risks.

Despite our best efforts, no method of transmission over the internet or method of electronic storage is completely secure. Therefore, we cannot guarantee the absolute security of your information.

5. Your Rights

You have certain rights regarding your personal information, including:

• Access: You have the right to access the personal information we hold about you.
• Correction: You have the right to request that we correct any inaccurate or incomplete information we hold about you.
• Deletion: You have the right to request that we delete your personal information, subject to certain exceptions.
• Objection: You have the right to object to the processing of your personal information for certain purposes, such as direct marketing.
• Data Portability: You have the right to request that we transfer your personal information to another organization.
• Withdrawal of Consent: If we are processing your personal information based on your consent, you have the right to withdraw your consent at any time.

To exercise your rights, please contact us at [email protected]. We will respond to your request within a reasonable timeframe.

6. Data Retention

We will retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. We will securely delete or anonymize your information when it is no longer needed.

7. Children's Privacy

Our Services are not intended for children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at [email protected]. If we become aware that we have collected personal information from a child under 13, we will take steps to delete the information as soon as possible.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post any changes on our website and update the "Effective Date" at the top of this policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If we make material changes to this policy, we will notify you by email or by posting a prominent notice on our website.

9. Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at:

HealthFirst Solutions LLC
12 Elm Street, Suite 300
Boston, MA 02111
Email: [email protected]
Phone: (617) 555-WELL (9355)

We are committed to resolving any concerns you may have in a timely and satisfactory manner.

10. California Privacy Rights

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These rights include:

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of the information, the purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions.
• Right to Correct: You have the right to request that we correct any inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: You have the right to opt-out of the sale or sharing of your personal information. Vitality Hub does not currently sell your personal information.
• Right to Limit Use and Disclosure of Sensitive Personal Information: You have the right to direct us to only use your sensitive personal information for limited purposes, such as providing the services you requested.
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA/CPRA rights.

To exercise your California privacy rights, please contact us at [email protected]. We will verify your identity before processing your request.

11. GDPR Compliance for European Users

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, the General Data Protection Regulation (GDPR) applies to the processing of your personal data. In addition to the rights outlined above, you have the following rights under the GDPR:

• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances, such as when you contest the accuracy of the data or object to the processing.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe that we have violated your rights under the GDPR.

Vitality Hub processes your personal data based on the following legal bases:

• Consent: We rely on your consent to process your personal data for certain purposes, such as direct marketing. You have the right to withdraw your consent at any time.
• Contractual Necessity: We process your personal data when it is necessary to fulfill our contractual obligations to you, such as providing you with our Services.
• Legitimate Interests: We process your personal data when it is necessary for our legitimate interests, such as improving our Services and preventing fraud, provided that your interests and fundamental rights do not override those interests.
• Legal Obligation: We may process your personal data to comply with legal obligations.

Our Data Protection Officer (DPO) can be contacted at [email protected].