Privacy Policy

Updated as of February 2024

Introduction

Bundle Birth, A Nursing Corporation (“Company,” or “we,” “us” and “our”) values your privacy and is committed to maintaining your trust.  We provide this Privacy Policy to inform you of our policies and procedures regarding the collection, use, and disclosure of personally identifiable information received from visitors to and/or users of the Company’s website located at www.bundlebirth.com and www.bundlebirthnurses.com and www.bundlebirtheducation.com (the “Website”) and provision of services online. Specifically, the Company provides Childbirth education and support through its Website (collectively, the “Services”).  

General Data Protection Regulation

This Company is headquartered in California.  As a California-based company, we do not knowingly advertise in the European Union (EU), or market our Services to residents of the EU.  However, our Website does not restrict visitors from the EU; we do not have in place any protections to prevent EU residents from accessing our Website and/or App.  As a result, we provide the foregoing disclosure to EU data subjects.  

The Company’s processing of the Personal Information, such as the name, address, email address, or telephone number of an EU data subject (hereinafter, “Personal Information” or “Personal Data”) that is voluntarily supplied by the individual, or supplied by an authorized third party, shall always be in line with the General Data Protection Regulation (“GDPR”), and in accordance with the country-specific data protection regulations applicable to the Company.  

By means of this Privacy Policy, our Company would like to inform you of the nature, scope, and purpose of the Personal Information we collect, use and process, as defined herein.  Specifically, if you are an EU data subject visiting our Website or downloading our App, you are hereby informed, by means of this section of our Privacy Policy, of the rights to which you are entitled, and the recourse you may seek if you have any questions regarding the collection, use, and processing of Personal Information by the Company. You may email us with requests at [email protected]

Your Privacy Rights under the GDPR.   The GDPR includes the following rights for you, as an EU data subject, if you provide Personal Information to the Company in connection with accessing the Services or visiting our Website:

  • The right to be informed about how we store, use, or share your data;
  • The right to access your data;
  • The right to rectify your data;
  • The right to have us erase your data;
  • The right to prevent us from processing your data;
  • The right to request copies of your data from us in a commonly-used and machine-readable format, free of charge, for the purposes of transfer to a third party, where technically feasible;
  • The right to object to use or sharing of your data; and
  • The right not to be subject to automated decision-making, including profiling

Legitimate Business Interest under the GDPR.   Our use of your Personal Information is based on the legitimate business grounds that:

  • The use is necessary in order to fulfill our commitments to you under our Terms of Service or other agreements with you or is necessary to administer your account – for example, in order to enable access to our Website on your device or charge you for our Services; 
  • The use is necessary for compliance with a legal obligation; 
  • The use is necessary in order to protect your vital interests or those of another person or entity; 
  • We have a legitimate interest in using your information – for example, to provide and update our Website or Services, to improve our Website or Services so that we can offer you an even better user experience, to safeguard our Website or Services, to communicate with you, to measure, gauge, and improve the effectiveness of our advertising, and better understand user retention and attrition, to monitor and prevent any problems with our Services, and to personalize your experience; and/or
  • You have given us your consent.

Data Retention/Erasure.   We will retain your Personal Information for as long as needed to provide the applicable Services, or for a minimum period of five (5) years.  If, at any time after agreeing to this Privacy Policy, you: (1) change your mind about receiving information from us; (2) wish to revoke permission for us to retain and use your Personal Information; (3) wish to object to the processing of your Personal Information; or (4)  wish for us to erase a copy of your data, please make a request to the Company at [email protected]. If you request erasure of your data, we may retain some of your Personal Information only for legitimate business interests, such as fraud detection, prevention, and enhancing the safety of our Website; and to comply with our legal obligations, specifically our tax, legal reporting, and auditing obligations. 

Our Response to Your Requests.   If you make any requests regarding your Personal Information, we will not charge you for compliance with the request.  The Company will respond and comply within 30 days.  The Company reserves the right to refuse or charge for requests that are manifestly unfounded or excessive.  If we refuse your request, we will tell you why we are refusing your request.  You have the right to complain to the relevant supervisory authority and to a judicial remedy, but you must do so within one month of our refusal. 

Data Controller.   With the exception of processing payments, for which Stripe, Affirm and/or Quickbooks is the Payments Data Controller; the Company is the “data controller,” as defined under the GDPR, or the legal entity which determines the purposes and means of the processing of Personal Information of the customers of the Company and visitors to its Website.  The Company is responsible for collecting your consent, managing consent-revoking, enabling right to access, etc.  If you wish to revoke consent for us to store, use, or share your Personal Information, you may contact us at [email protected]

Data Processor.   The Company is the “data processor,” as defined under the GDPR, or the legal entity which processes, as this term is defined here in footnote 1, your Personal Information. The Company maintains records of any processing activities it performs, and is able to show how the Company complies with the data protection principles under the GDPR.  It has effective policies and procedures in place.  If you have questions regarding the processing of your Personal Data, you may contact us at [email protected].

Data Protection Officer.  The Company is not formally required to designate a Data Protection Officer (“DPO”) because it is not: (1) a public authority; (2) an organization that carries out regular and systematic monitoring of individuals on a large scale; or (3) an organization that carries out large scale processing of special categories of data, such as health information or information about criminal convictions.  You may contact Bryan Cole, the Chief Operating Officer (“COO”) of the Company.  Bryan Cole is responsible for data protection compliance and he can answer any questions you may have about your Personal Information. Bryan Cole may be reached at [email protected]m.

Breach.   The Company has reasonable internal policies and procedures in place to effectively detect, report, and investigate a data breach.  The GDPR defines a Personal Information breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Information.”  Pursuant to the GDPR, the Company will notify you of a Personal Information breach where the Personal Information breaches are likely to present a risk to data subjects to data protection authorities (“DPAs”) without undue delay, and within 72 hours if feasible, after becoming aware of the breach; and communicate high-risk breaches to affected data subjects without undue delay.  In the unfortunate event of breach, the Company shall provide you with: (i) contact details of the DPO or other contact person for the Company, (ii) a description of the nature of the breach, (iii) likely consequences of the breach, (iv) measures the Company has taken or proposes to take to address the breach, and (v) advice on steps data subjects can take to protect themselves.

Note: Data Protection Impact Assessment (DPIA).   The Company is not required to undergo a DPIA because the Company’s data processing is not likely to result in a high risk to data subjects, such as in cases where: (1) new technology is being deployed; (2) profiling operations may significantly affect individuals; or (3) processing is on a large scale and involves special categories of data.  If you have any questions regarding DPIA compliance by the Company, you may contact us at [email protected].

Complaints.  Without prejudice to any other administrative or judicial remedy, every EU data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement of the data subject considers that the processing of Personal Information relating to him or her infringes this Regulation.

III. Use, Processing, and Sharing of Personal Information

The following information applies to anyone who shares with us his, her, or a third-party’s Personal Information.  We may use, process, and/or share your Personal Information (and we have done so in the past 12 months):

  • To respond to your inquiries and your requests regarding our Website or Services.
  • To send you information regarding our services and changes to our terms, conditions, and policies. 
  • To complete your account registration, process your payments, and communicate with you regarding your purchase of our Services.
  • To send you marketing communication and newsletters about our Services.
  • To personalize your experience on our Website.
  • To inform you and allow you to participate in our Company’s promotions.  
  • To facilitate social sharing functionality.
  • To collaborate with business affiliates, partners, vendors, or service providers to provide you with our Services.
  • In connection with our business purposes, as described above, including but not limited to data analysis, audits, fraud monitoring and prevention, developing or enhancing new and existing products and/or services, expanding our business activities, etc. 

We will not use and/or share your Personal Information:

  • With anyone except for our Company’s authorized service providers, business affiliates, and business partners, and strictly for business purposes; or unless we specifically inform you, and give you an opportunity to opt out of sharing your Personal Information.  
  • To run interest-based advertising campaigns that collect Personal Information such as email addresses, telephone numbers, and credit card numbers.
  • To use or associate Personal Information with remarketing lists, cookies, data feeds, or other anonymous identifiers.
  • To use or associate targeting information, such as demographics or location, with any Personal Information collected from the ad or its landing page.
  • To share any Personal Information with Google or third party companies through our remarketing tag or any product data feeds which might be associated with our ads.
  • To send Google or third party companies precise location information without obtaining your consent. 

However, we reserve the right to disclose Personal Information that we believe, in our sole discretion, to be necessary or appropriate in the following circumstances:

  • As required by law, such as to comply with a subpoena, or similar legal process.
  • When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
  • To enforce our Terms of Service.
  • To allow us to pursue available remedies or limit the damages that we may sustain.

Collection of Other Information

Personally Non-Identifiable Information:   We may collect personally non-identifiable information, including but not limited to demographic data, age, education level, profession, geographic location or gender, from you at the time of registration on our Website or app, or when you choose to use our Services. This information is not, by itself, sufficient to identify or contact you.  The Company may store such information, or it may be included in databases owned and maintained by partners, affiliates, agents, or service providers of the Company.  The Company may use such information and pool it with other information to track data related to growing the business, such as the total number of visitors to our Website and the domain names of our visitors’ Internet service providers.  

Protected Health Information (“PHI”) and HIPAA: 

The Federal Health Insurance Portability and Accountability Act (“HIPAA”) provides specific protections for the privacy and security of Protected Health Information (“PHI”) and restricts how PHI is used and disclosed by Covered Entities and its Business Associates.

COMPANY IS NOT A COVERED ENTITY OR A BUSINESS ASSOCIATE AND DOES NOT INTEND TO OPERATE AS A COVERED ENTITY OR BUSINESS ASSOCIATE AS SUCH TERMS ARE DEFINED UNDER HIPAA. ANY PERSONAL INFORMATION THAT YOU PROVIDE TO THE COMPANY IS NOT CONSIDERED PHI UNDER HIPAA.

This Website is not intended to be used to communicate protected health information in accordance with our Terms of Service. Should you decide to share information regarding your past, present, or future physical or mental health conditions, we cannot guarantee that your information sent through this Website or transmitted to us via any other platforms we use to offer you Services, including but not limited to Zoom.com, will be kept secure and protected.  If you share any such information through the Website or any other avenue we use to provide you with Services, you herein agree that you do so at your own risk.  Specifically with regard to the sharing of any Personal Information, including health information, with the Company over Zoom.com, you herein agree to Zoom.com’s Privacy Statement (https://explore.zoom.us/en/privacy/) and Terms of Service (https://explore.zoom.us/en/terms/).

Location-Based Information.   Our Service may use location-based services in order to locate you so we may verify your location, deliver you relevant content based on your location as well as to share your location with our vendors as part of the location-based services we offer. We may, from time to time, provide settings in the Services that permit you to disable location-based services. Changing setting options may not result in immediate changes to the settings, which are subject to our operations and maintenance schedules. Users should carefully consider the use of such settings to improve information display options and to ensure the settings are properly set and functioning in the manner desired. Notwithstanding the availability of privacy preference settings, you should be aware that these settings are for convenience only, do not employ complex data security protection and may not be error free. However, please note that we will only directly provide third parties we work with access to your exact location information if you first give us permission to do so. You should consider the risks involved in disclosing your location information to other people.

Passively Collected Information:   Your visit to our Website may allow us to obtain certain additional, personally non-identifiable information that is collected passively using various technologies.  This information includes but is not limited to, for example, IP addresses, browser types, date and time of page views, location information associated with your IP address, domain names, your interactions to an ad delivered by us or our ad technology partners and other anonymous statistical data involving your use of the Website and/or our services.  This information cannot presently be used to specifically identify you.  

Aggregated Personal Data:   The Company may analyze your Personal Information provided through the Website or in connection with rendering the Services, in aggregate form.   This aggregate information does not identify you personally.   We may share this aggregate data with our partners, affiliates, agents, or service providers for business purposes.   We may also disclose aggregated statistics to explain our Services to current and prospective business partners, and to other third parties for other lawful, business-related purposes. 

Customer Credit Card Information.   The Company uses a third party, Stripe, Affirm and Quickbooks, to keep a protected copy of your credit card number. This billing data belongs to you, and by utilizing the Service, you grant the Company a license to use this data to bill you for services rendered.  By purchasing the Services of the Company, you herein agree to the Terms of Service and Privacy Policy of Stripe, Affirm and Quickbooks, located at https://stripe.com/legal/end-users and https://stripe.com/privacy; and https://www.affirm.com/terms and https://www.affirm.com/privacy; and https://quickbooks.intuit.com/global/terms-of-service/ and https://www.intuit.com/privacy/statement/.

Tracking Technologies on our Website

The Company may use the foregoing technologies to track your activity on our Website:

Cookies.   When you visit our Website or otherwise interact with the Service, we may send one or more “cookies” to your computer or other devices.  Cookies are alphanumeric identifiers stored on your computer through your web browser and are used by most websites to help personalize your web experience.  Some cookies may facilitate additional site features for enhanced performance and functionality such as remembering preferences, allowing social interactions, analyzing usage for site optimization, providing custom content, allowing third parties to provide social sharing tools, and serving images or videos from third party websites.  Some features on this site will not function if you do not allow cookies.  We may link the information we store in cookies to any Personal Information that you submit while visiting our Website.  

We may use both session ID cookies and persistent cookies.  A session ID cookie expires when you close your browser.  A persistent cookie remains on your hard drive for an extended period of time.  Persistent cookies enable us to track and target the interests of our users to enhance the experience on our site. 

Functional cookies, persistent and session type, store information to enable core site functionality, such as Live Chat and Client ID remembrance.

Analytics cookies allow us to count page visits and traffic sources so we can measure and improve the performance of our site and our marketing campaigns.

Advertising cookies may be set through our Website by our advertising partners. Data may be collected by these companies that enable the companies to serve up advertisements on other sites that are relevant to your interests. 

If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to automatically decline cookies, or be given the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site.  You may also wish to refer to http://www.allaboutcookies.org/manage-cookies/index.html.  

If you reject cookies, you may still use our site, but some features on the site will not function properly.

Web Beacons.   Web beacons are electronic files that signal when a webpage, advertisement, video, other content, an email or newsletter has been viewed.  They are usually invisible to you.  We may use web beacons alone or in conjunction with cookies to compile information about our Service.  Web beacons may be used within the Service to track email open rates, web page visits or form submissions.  In some cases, we tie the information gathered by web beacons to your Personal Information to gauge the effectiveness of certain communications and our marketing campaigns.

Log Files.   A Log File is a file that records either events that occur in an operating system or other software runs, or messages between different users of a communication software.  Log file information is automatically reported by your browser or mobile application each time you access the Website or our Services.  Along with cookies and web beacons, log files help provide additional functionality to the Website and Services and help us analyze Website and Services usage more accurately.  We and our third party tracking-utility partners may use log files on our Service to gather automatically gather and store information including, but not limited to, internet protocol (“IP”) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data, for business purposes.  We may use Google Analytics, which uses cookies and other similar technologies to collect and analyze information about the use of the Service and report on activities and trends.  This service may also collect information regarding the use of other websites, apps and online resources.  You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

Embedded Scripts.   An embedded script is programming code that is designed to collect information about your interactions with the Service, such as the links you click on. The code is temporarily downloaded onto your Device from our web server or a third party service provider, is active only while you are connected to the Service, and is deactivated or deleted thereafter.

ETag, or entity tag. A feature of the cache in browsers. It is an opaque identifier assigned by a web server to a specific version of a resource found at a URL. If the resource content at that URL ever changes, a new and different ETag is assigned. Used in this manner ETags are a form of Device Identifier. ETag tracking may generate unique tracking values even where the consumer blocks HTTP, Flash and/or HTML5 cookies.

Children

The Children’s Online Privacy Protection Act of 1998 (COPPA) and its accompanying FTC regulation protects the privacy of American children aged 13 and under, who are using the Internet.  The GDPR sets the age at which an EU child can give their own consent in order to process their Personal Data at 16 years of age.  

The Website and our related Services are not intended for anyone under 16.  Anyone aged 16 or under should not submit any Personal Information without the permission of their parents or guardians.  Parents or guardians may, on behalf of their children, submit their children’s Personal Information.  By using the Website and our related Services, you are representing that you are at least 16 years old and that you have the relevant legal authority to submit your Personal Information or that of a third-party minor, to the Company or on the Company’s Website.

To the extent that a Website user is a child and submits his or her Personal Information to us, and we subsequently learn that the user is a child, we will take additional steps to protect the child’s privacy, including:

  • By way of this Privacy Policy, notifying parents about our information practices with regard to children, including the types of Personal Information we may collect from children, the uses to which we may put that information, and whether and with whom we may share that information; 
  • In accordance with applicable law, obtaining consent from parents for the collection of Personal Information from their children, or for sending information about our products and services directly to their children; 
  • Limiting even inadvertent collection of Personal Information from children to no more than is reasonably necessary to engage in our Services; and
  • Giving parents access or the ability to request access to Personal Information we have collected from their children and the ability to request that the Personal Information be changed or deleted.

Accordingly, the foregoing PARENTAL NOTICE REGARDING THE CHILDREN’S ONLINE PRIVACY PROTECTION ACT (“COPPA”), explains our information collection, disclosure, and parental consent practices with respect to information provided by children, and uses terms that are defined throughout this Privacy Policy.  This policy is in accordance with the U.S. Children’s Online Privacy Protection Act (“COPPA”).  Under the Children’s Online Privacy Protection Act (“COPPA”), we must provide you with direct notice before collecting Personal Information from your child. Effective July 1, 2013, the Federal Trade Commission (“FTC”) updated COPPA to reflect changes in technology, and now considers a photograph, video, or audio file containing a child’s image or voice to be a child’s Personal Information. For more information about COPPA, please visit https://www.ftc.gov/tips-advice/business-center/privacy-and-security/children%27s-privacy.  For an outline of our practices in the United States regarding collection of children’s Personal Information.  

Retention of Information.   In any instance that we collect Personal Information from a child, we will retain that information only so long as reasonably necessary to fulfill the provision of our Services, or as required by law.  In the event we discover we have collected information from a child in a manner inconsistent with COPPA’s requirements, we will either delete the information or immediately seek the parent’s consent for that collection.

Photos Containing Your Child/Children’s Likeness or Image.   On our Website, we may post photos containing your child or children’s image, and therefore, the Federal Trade Commission may classify this as “collecting” and “disclosing” your child’s Personal Information. This Personal Information will not be used for any other purpose, disclosed, or combined with any other information from your child, other than legitimate business purposes described herein.  Of course, your consent is required for the collection, use, or disclosure of your child’s information, as his or her image may appear in a photo on our Website.  We will not collect, use, or disclose any such information from the child if you do not consent. 

Email Contact with a Child.  To the extent a child visits the Website and emails the Company from his or her personal email address, and we know that the child is age 13 or under, Company will delete this information immediately after responding to the question or request.  In connection with certain activities or Services, we may collect a child’s online contact information, such as an email address, in order to communicate with the child more than once.  In such instances, we will retain the child’s online contact information to honor the request and for no other purpose such as marketing.  Whenever we collect a child’s online contact information for ongoing communications, we will simultaneously require a parent or guardian email address in order to notify the parent about the collection and use of the child’s information, as well as to provide the parent an opportunity to prevent further contact with the child.  

At any time, you may refuse to permit 1) your child’s participation in the Services, 2) further use of your information or your child/children’s information, or 3) further contact with your child/children, and request that we delete your information or your child/children’s information. To exercise any of your rights, please email us at [email protected]

 In conclusion, your privacy and your child/children’s privacy are important to us.  We only share or disclose Personal Information collected from a child/children in a limited number of instances, including the following:

  • We may share information with our service providers if necessary for them to perform a business, professional, or technology support function for us.
  • We may disclose Personal Information if permitted or required by law, for example, in response to a court order or a subpoena. To the extent permitted by applicable law, we also may disclose Personal Information collected from children (i) in response to a law enforcement or public agency’s (including schools or children services) request; (ii) if we believe disclosure may prevent the instigation of a crime, facilitate an investigation related to public safety or protect the safety of a child using our sites or applications; (iii) to protect the security or integrity of our sites, applications, and other technology, as well as the technology of our service providers; or (iv) enable us to take precautions against liability.

VII. Links to Other Websites   

This Privacy Policy does not address, and we are not responsible for the privacy, information or other practices of any third parties.  This Privacy Policy applies only to this Website and the Company’s Services.  It does not apply to any third-party sites, and the inclusion of a link does not imply endorsement of the linked site or service by us or by our affiliates.

We are not responsible for the collection, usage and disclosure policies and practices (including the data security practices) of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developers, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including any Personal Information you disclose to other organizations through or in connection with the Website, app, or Services. 

VIII. Security   

We maintain reasonable and appropriate, although not infallible, security precautions.  However, we cannot guarantee that hackers or unauthorized personnel will not gain access to your Personal Information, despite our reasonable efforts.  You should note that in using the Website, app, and/or our related Services, your information will travel through third-party infrastructures which are not under our control.  Please feel free to raise any questions, concerns or specific directions you may have regarding the privacy and security of your information to [email protected].

IX. Data Retention

We will retain your Personal Information for as long as needed to provide the applicable Services.  Our data retention period may change in the future if a longer retention period is required or permitted by law.

Do Not Track

Your browser setting may allow you to automatically transmit a “Do Not Track” signal to websites you visit.  The Company’s Website does not respond to “Do Not Track” signals or other mechanisms from a visitor’s browser.  If, in the future, we create a program or protocol to respond to such web browser “Do Not Track” signals, we will inform you of the details of that protocol in this Privacy Policy.  To find out more about “Do Not Track,” please visit https://www.allaboutdnt.com

XIII. Your California Privacy Rights   

California “Shine the Light” Law

Under California Civil Code Section 1798.83, California customers are entitled to request information relating to whether a business has disclosed Personal Information to any third parties for the third parties’ direct marketing purposes.  This code section applies to businesses with 20 or more full or part-time employees.  At this time, the Company does not need to comply with this law, but does so voluntarily in an effort to assure you that we value your privacy.

You may request and obtain from us once a year, free of charge, certain information about the Personal Information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year.  If applicable, this information would include a list of the categories of Personal Information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year.  If you are a California resident and would like to make such a request, please submit your request in writing to [email protected].

California Consumer Privacy Act

Organizations who are subject to the California Consumer Privacy Act (CCPA) must provide a clear and conspicuous link titled “Do Not Sell My Personal Information” on their homepage and in their privacy policy in order to meet the requirements of the new CA privacy law effective as of January 1, 2020.  The law applies to businesses with over $25 million in revenue, those handling information from 50,000 consumers, or deriving 50%+ annual revenue from selling consumer personal information.  At this time, the Company does not need to comply with this law, but does so voluntarily in an effort to assure you that we value your privacy.

You may opt out of the Company’s sale of your personal information at any time by emailing us at [email protected]. Under the CCPA, “personal information” is defined to include  information that identifies or relates to a particular consumer or household including, but not limited to, name, postal address, email address, IP address, social security number, personal property records, purchasing histories, biometric information, internet activity such as browsing or search history, geolocation data, employment information, education information and inferences drawn from this information, in so far as it is not publicly available information.  The Company’s “sale” of personal information is broadly defined by the law to include selling, renting, releasing, disclosing, disseminating, making available, transferring or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.  In other words, most business to business transfers of personal information will fall within the definition of a sale.

The Company has provided visitors to our Website with a link to an Internet Web page on our Website enabling visitors to opt out of the “sale” of their “personal information.”  Our Website also contains a recognizable and uniform opt-out logo or button to promote consumer awareness of the option to opt-out.  Please feel free to access both for more information and to effectively opt out.

Additionally, If you are a California resident age 16 or older, as of January 1, 2020, the CCPA gives you certain rights with respect to the processing of your personal information.

  1. RIGHT TO KNOW REQUEST – Under the CCPA, you may have a right to request information about our collection, use, and disclosure of your personal information over the prior 12 months, and ask that we provide you with the following information: 
  • Categories of and specific pieces of personal information we have collected about you.
  • Categories of sources from which we collect personal information.
  • Purposes for collecting, using, or selling personal information.
  • Categories of third parties with which we share personal information.
  • Categories of personal information disclosed about you for a business purpose.
  • If applicable, categories of personal information sold about you and the categories of third parties to which the personal information was sold, by category or categories of personal information for each third party to which the personal information was sold.
  1. RIGHT TO DELETE REQUEST – You may also have a right to request that we delete personal information, subject to certain exceptions.  They can be invoked if it is necessary for the Company to maintain the personal information pursuant to the exception.
  • Transactional: Complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business’s ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer.
  • Security: Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
  • Errors: Debug to identify and repair errors that impair existing intended functionality.
  • Free Speech: Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
  • CalECPA Compliance: Comply with the California Electronic Communications Privacy Act
  • Research in the Public Interest: Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
  • Expected Internal Uses: To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business.
  • Legal Compliance: Comply with a legal obligation.
  • Other Internal Uses: Otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.

Absent an exception, under the CCPA, we have 45 days to comply with your request. 

  1. DISCLOSURES OF PERSONAL INFORMATION FOR BUSINESS PURPOSE – In the preceding 12 months, we may have disclosed certain personal information to the categories of recipients listed in Section III of this Privacy Policy for one or more business purposes.  If you are a California resident 16 years of age or older and would like to make a verifiable request for information about the personal information we have collected about you or a request for deletion of such personal information, please submit your request in writing to [email protected].

XIV. Public Forum on our Website   

Our Website offers publicly accessible message boards, blogs, and community forums to which you may contribute.  You may submit ideas, photographs, user profiles, writings, music, video, audio recordings, computer graphics, pictures, data, questions, comments, suggestions or other content, including Personal Information (collectively, “User Content”), such as on profiles, blogs and message boards.  We or others may store, display, reproduce, publish, distribute or otherwise use User Content online or offline in any media or format (currently existing or hereafter developed), and may or may not attribute it to you.  

Please think carefully before deciding what information you share, including Personal Information, in connection with your User Content. Please note that the Company does not control who will have access to the information that you choose to make public, and cannot ensure that parties who have access to such publicly available information will respect your privacy or keep it secure.  Our promises regarding handling of your Personal Information under this Privacy Policy do not apply to any information that you disclose publicly, share with others or otherwise upload onto the publicly available positions of our Website. We are not responsible for the accuracy, use, or misuse of any User Content that you disclose or receive from third parties through the Website.

To request removal of your Personal Information from our blog or community forum, contact us at  [email protected].  In some cases, we may not be able to remove your Personal Information, especially if it was already re-posted by another user.  If this is the case, we will let you know if we are unable to do so and why in response to your request.

XVI. Testimonials, Ratings and Reviews  

If you submit testimonials, ratings, or reviews of the Services directly on our Website, any Personal Information you include will be displayed on the Website.  We may also partner with third-party service providers to collect and display ratings and review content on our Website.  If you provide our third-party service providers with your Personal Information in the process of submitting your rating and review, the content and Personal Information collected by a third party will be posted on our Website, absent your express instruction not to do so.  If you want your testimonial, rating, or review removed from our Website at any time, please contact us at [email protected]

XVII. Changes   

This Privacy Policy may be updated from time to time for any reason, at our sole discretion.  We will notify you of any material changes to our Privacy Policy by posting the new Privacy Policy on our Website, and emailing you a copy of the revised Privacy Policy or a link to it.  You are advised to consult our Website regularly for any changes. 

XIX. Incorporation into Terms of Service

By using or accessing the Website or the Services, you are accepting the practices described in this Privacy Policy, and you are consenting to our processing of your information as set forth in this Privacy Policy and as amended by us. This Privacy Policy is incorporated into, and considered a part of, the Company’s Terms of Service.

Opt-Out Policy

If, at any time after registering, you change your mind about receiving information from us or about the use of information volunteered by you, or if you prefer that we do not share your Personal Information with third parties for marketing purposes, please contact us at [email protected].

XXI. Contact Us   

If you have any questions or concerns relating to our use of your Personal Information, please email [email protected].  Additionally, you may reach us by postal mail at:

323 N. Larchmont Ave #376, Los Angeles, CA 90004

Definitions: 

Processing.   “Processing” covers a wide range of operations performed on personal data, including by manual or automated means. It includes the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.  See Article 4(2) and (6) of the GDPR.

Personal Information.   “Personal Information” may include, but is not limited to information that identifies you as an individual or relates to an identifiable person, such as name, postal address, telephone number, email address, etc.  The Company does not collect any Personal Information from visitors to its website that is not voluntarily provided.  The Company only collects your Personal Information if you register for an account with the Company’s Website, when you use the Company’s Services, and when you send the Company communications in connection with your use of the Services.  

Third Party Personal Information.   We may obtain your Personal Information from third parties, such as third parties with whom we affiliate in providing the Company’s services.  If you provide the Company with Personal Information about third parties, you warrant to the Company that any Personal Information that you provide to the Company about any third party individuals was obtained by you with full consent, that you have the legal authority to provide us with such information, and that the individual has not communicated to you that they wish to opt out of receiving communications from the Company or having the Company collect information about him or her. 

Authorized service providers are companies that perform certain services including, but not limited to, fulfilling orders, processing credit card payments, delivering packages, providing customer service and marketing assistance, performing business and sales analyses, supporting the functionality of the Services, and supporting contests, sweepstakes, surveys and other features we offer, on our behalf.  These service providers may have access to your Personal Information, but to the extent necessary to perform or fulfill their business purpose.  We do not permit them to share or use any of your Personal Information for any other purpose.

Affiliate businesses are those businesses with whom we may affiliate to sell our products or Services.  We may share information we collect, including Personal Information, with affiliated businesses.  Sharing such information with our affiliates enables us to provide you with information about a variety of products and Services that might interest you.  We instruct all affiliated businesses to comply with applicable privacy and security laws and, at a minimum, in any commercial email they send to you, to give you the opportunity to choose not to receive such email messages in the future.

Business partners are typically merchants offering the products, services, promotions, contests and/or sweepstakes in connection with or somehow related to our own products and Services.  We will not share your Personal Information with business partners unless you choose to participate in their offer or program.  When you choose to engage in a particular offer or program, you authorize us to share your email address and other Personal Information with the relevant business partner.

Addendum 1: Notice of Privacy Practices

Bundle Birth, A Nursing Corporation

Policy

Bundle Birth is committed to maintaining and protecting the confidentiality of an individual’s PHI. Bundle Birth is required by federal and state law, including the Health Insurance Portability and Accountability Act (“HIPAA”), to protect an individual’s PHI and other personal information. Bundle Birth is providing this Notice of Privacy Practices to inform the individual about Bundle Birth’s policies, safeguards, and practices aimed at protecting and handling PHI. When Bundle Birth uses or discloses an individual’s PHI, Bundle Birth is bound by the terms of this Notice of Privacy Practices, or the revised notice of Privacy Practices, if applicable.

Bundle Birth’s obligations:

  • Maintain the privacy of PHI (with certain exceptions).
  • Give the individual this notice of the Bundle Birth legal duties and privacy practices regarding health information about the individual.
  • Follow the terms of this Bundle Birth Notice of Privacy Practices.

Roles and Responsibilities

  • The Privacy Officer is responsible for updating, reviewing, and maintaining this policy.
  • The Administrative Coordinator is responsible for posting a copy of Bundle Birth’s current Notice of Privacy at the Bundle Birth office.
  • The Administrative Coordinator is responsible for making sure all clients have a printed or email copy of this policy.
  • The Administrative Coordinator is responsible for sending information regarding changes to this policy via email with an explanation of how they can obtain a new copy.

Procedures

How Bundle Birth may use and disclose PHI:

The following describes the ways Bundle Birth may use and disclose PHI. Except for the purposes described below, Bundle Birth will use and disclose PHI only with the individual’s written permission. The individual may revoke such permission at any time by writing to Bundle Birth’s Compliance Team at [email protected].

  • For Treatment
    • Bundle Birth may use and disclose PHI for the individual’s services. For example, Bundle Birth may disclose PHI to doctors, nurses, technicians, or other personnel, including people outside Bundle Birth, who are involved in the individual’s medical care, and need the information to provide the individual with medical care.
  • For Payment
    • If applicable, Bundle Birth may use and disclose PHI so that Bundle Birth or others may bill and receive payment from the individual, an insurance company, or third party for the treatment and services the individual received.
  • For Health Care Operations
    • Bundle Birth may use and disclose PHI for health care operation purposes. For example, Bundle Birth may share information with doctors, residents, nurses, technicians, clerks, and other personnel for quality assurance and educational purposes. Bundle Birth also may share information with other entities that have a relationship with the individual (for example, the individual’s insurance company and anyone other than the individual who pays for the individual’s services) for the individual’s healthcare operation activities.
  • Third Parties Involved in an Individual’s Care or Payment for an Individual’s Care
    • When appropriate, Bundle Birth may share PHI with a person who is involved in the individual’s medical care or payment for the individual’s care, such as the individual’s family or a close friend. Bundle Birth also may notify the individual’s family about the individual’s location or general condition or disclose such information to an entity (such as the Red Cross) assisting in a disaster relief effort.
  • Research
    • Under certain circumstances, Bundle Birth may use and disclose PHI for research. For example, a research project may involve comparing the health of patients who received one treatment to those who received another, for the same condition. Bundle Birth will generally ask for the individual’s written authorization before using the individual’s PHI or sharing it with others to conduct research. Under limited circumstances, Bundle Birth may use and disclose PHI for research purposes without the individual’s permission. Before Bundle Birth uses or discloses PHI for research without the individual’s permission, the project will go through a special approval process to ensure that the research conducted poses minimal risk to the individual’s privacy. The individual’s information will be de-identified. Researchers may contact the individual to see if the individual is interested in or eligible to participate in a study.

Special Situations:

  • As Required by Law
    • Bundle Birth will disclose PHI when required to do so by international, federal, state, or local law.
  • To Avert a Serious Threat to Health or Safety
    • Bundle Birth may use and disclose PHI when necessary to prevent a serious threat to the individual’s health and safety or the health and safety of others. Disclosures, however, will be made only to someone who may be able to help prevent or respond to the threat, such as law enforcement or a potential victim. For example, Bundle Birth may need to disclose information to law enforcement when a patient reveals participation in a violent crime.
  • Business Associates
    • Bundle Birth may disclose PHI to Bundle Birth’s business associates that perform functions on Bundle Birth’s behalf or provide Bundle Birth with services if the information is necessary for such functions or services. For example, Bundle Birth may use another company to perform billing services on Bundle Birth’s behalf. All of Bundle Birth’s business associates are obligated to protect the privacy of the individual’s information and are not allowed to use or disclose any information other than as specified in our contract.
  • Lawsuits and Disputes
    • If an individual is involved in a lawsuit or a dispute, Impulse Dynamic may disclose PHI in response to a court or administrative order. Bundle Birth also may disclose PHI in response to a subpoena, discovery request, or other lawful request by someone else involved in the request or to allow the individual to obtain an order protecting the information requested.
  • Law Enforcement
    • Bundle Birth may release PHI if asked by a law enforcement official if the information is:
      • (1) in response to a court order, subpoena, warrant, summons or similar process;
      • (2) limited to information to identify or locate a suspect, fugitive, material witness, or missing person;
      • (3) about the victim of a crime even if, under certain very limited circumstances, Bundle Birth is unable to obtain the individual’s agreement;
      • (4) about a death that Bundle Birth believes may be the result of criminal conduct;
      • (5) about criminal conduct on Bundle Birth’s premises; and
      • (6) in an emergency to report a crime, the location of the crime or victims, or the identity, description or location of the person who committed the crime.

Uses and Disclosures that Require Bundle Birth to Give the Individual an Opportunity to Object/Opt-Out

  • Third Parties involved in the Individual’s Care or Payment for Individual’s Care
    • Unless the individual objects, Bundle Birth may disclose to a member of the individual’s family, a relative, a close friend or any other person the individual identifies, the individual’s PHI that directly relates to that third party’s involvement in the individual’s health care. If the individual is unable to agree or object to such a disclosure, Bundle Birth may disclose such information as necessary if Bundle Birth determines that it is in the individual’s best interest based on Bundle Birth’s professional judgment.

Individual’s Rights Regarding PHI:

The following uses and disclosures of the individual’s PHI will be made only with the individual’s written authorization:

  1. Uses and disclosures of PHI for marketing purposes;
  2. Disclosures that constitute a sale of the individual’s PHI; and
  3. Disclosures of psychotherapy notes.

Other uses and disclosures of PHI not covered by this Notice of Privacy Company or the laws that apply to Bundle Birth will be made only with the individual’s written authorization. If the individual gives Bundle Birth authorization, the individual may revoke it at any time by submitting a written revocation to the Bundle Birth Compliance Office and we will no longer disclose PHI under the authorization. But disclosure that Bundle Birth made in reliance on an individual’s authorization before the individual revoked it will not be affected by the revocation.

Individual’s Rights Regarding PHI:

  • Right to Inspect and Copy
    • The individual has a right to inspect and copy PHI that may be used to make decisions about the individual’s care or payment for the individual’s care. This includes medical and billing records, other than psychotherapy notes. To inspect and copy the individual’s PHI, the individual must make their request, in writing, to the Department in which their care was provided.
    • Bundle Birth has up to 30 days to make the individual PHI available to the individual and Bundle Birth may charge the individual a reasonable fee for the costs of copying, mailing or other supplies associated with the individual’s request. Bundle Birth may not charge the individual a fee if the individual needs the information for a claim for benefits under the Social Security Act or any other state or federal needs-based benefit program. Bundle Birth may deny the individual’s request in certain limited circumstances. If Bundle Birth does deny the individual’s request, the individual has the right to have the denial reviewed by a licensed healthcare professional that was not directly involved in the denial of the individual’s request, and Bundle Birth will comply with the outcome of the review.
  • Right to Get Notice of a Breach
    • Bundle Birth is committed to safeguarding the individual’s PHI. If a breach of the individual’s PHI occurs, Bundle Birth will notify the individual in accordance with state and federal law.
  • Right to Amend, Correct or Add an Addendum
    • If the individual feels that the PHI Bundle Birth has is incorrect, incomplete, or the individual wishes to add an addendum to the individual’s records, the individual has the right to make such request for as long as the information is kept by or for the Bundle Birth office. The individual must make their request in writing to the Department that is in possession of the individual’s records. In the case of claims that the information is incorrect, incomplete, or if the record was not created by Bundle Birth, Bundle Birth may deny the individual’s request. However, if the Bundle Birth denies any part of the individual’s request, Bundle Birth will provide the individual with a written explanation of the reasons for doing so within 60 days of the individual’s request.
  • Right to an Accounting of Disclosures
    • Individuals have the right to request a list of certain disclosures Bundle Birth made of PHI for purposes other than treatment, payment, health care operations, and certain other purposes consistent with law, or for which the individual provided written authorization. To request an accounting of disclosure, individuals must make their request, in writing, to the Department that is in possession of the individual’s records. The individual may request an accounting of disclosures for up to the previous six years of services provided before the date of the individual’s request. If more than one request is made during a 12-month period, Bundle Birth may charge a cost-based fee.
  • Right to Request Restrictions
    • Individuals have the right to request a restriction or limitation on the PHI Bundle Birth uses or discloses for treatment, payment, or health care operations. Individuals also have the right to request a limit on the PHI we disclose to someone involved in the individual’s care or the payment for the individual’s care, like a family member or friend. For example, the individual could ask that Bundle Birth not share information about a particular diagnosis or treatment with the individual’s spouse. To request a restriction, the individual must make their request, in writing, to the Department that is in possession of the individual’s records.
  • Right to Request Confidential Communications
    • Individuals have the right to request that Bundle Birth communicate with them about medical matters in a certain way or at a certain location. For example, the individual can ask that Bundle Birth only contact individuals by mail or at work. To request confidential communications, individuals must make their request, in writing, to the Department that is in possession of the individual’s records. The individual’s request must specify how or where the individual wishes to be contacted. Bundle Birth will accommodate reasonable requests.
  • Right to Choose Someone to Act for the Individual.
    • If the individual gives someone medical power of attorney or if someone is the individual’s legal guardian, that person can exercise the individual’s rights and make choices about the individual’s PHI. Bundle Birth will use our best efforts to verify that the person has the authority to act for the individual before Bundle Birth takes any action.
  • Right to a Paper Copy of This Notice of Privacy Practices
    • Individuals have the right to a paper copy of this Notice of Privacy Practices. Individuals may ask Bundle Birth to give the individual a copy of this Notice of Privacy Practices at any time.

Contact Information

Please reach out to [email protected] with any inquiries, complaints, and disputes related to this policy.

Changes to this Notice of Privacy Practices:

Bundle Birth reserves the right to change this Notice of Privacy Practices and make the new Notice of Privacy Practices apply to PHI Bundle Birth already has as well as any information Bundle Birth receives in the future. Bundle Birth will post a copy of Bundle Birth’s current Notice of Privacy at our office. The Notice of Privacy Practices will contain the effective date on the first page, in the top right-hand corner. Individuals will be sent information regarding the changes via email or via mail on how they can obtain a new copy. Individuals will be asked to sign off on the new Notice of Privacy Practices at the individual’s next scheduled appointment.

Applicable Regulations 45 C.F.R. § 164.520