LUMA Health LLC and its affiliates ("Luma Health", "Luma", "we", or "us") own and operate this website located at www.luma.health (collectively, the "Platform"). Your access and use of the Platform, any part thereof, or anything associated therewith, including its content ("Content"), any products or services provided through the Platform or otherwise by Luma Health, and any affiliated website, software, or application owned or operated by Luma Health (collectively, including the Platform, the Providers, and the Content, the "Service") are subject to this Privacy Policy unless specifically stated otherwise. Capitalized terms not otherwise defined in this Privacy Policy have the same meaning as set forth in the Luma Health Terms of Service ("Terms of Service").

We are committed to respecting the privacy of users of the Service. We created this Privacy Policy to inform you how Luma Health collects, uses, and discloses information to provide you with the Service.

By creating, registering, or logging into an account through the Service, or otherwise accessing or using the Service, you are accepting and acknowledging the most recent version of this Privacy Policy. If we make any changes to our Privacy Policy, we will post the revised Privacy Policy and update the "Effective Date" at the top of the Privacy Policy.

If you are using the Service on behalf of an individual other than yourself, you represent that you are authorized by such an individual to act on their behalf and that such individual acknowledges the practices and policies outlined in this Privacy Policy.

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Service. By accessing or using the Service, you agree to this Privacy Policy. This Privacy Policy may change from time to time. Your continued use of the Service after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.

Limitations on Use by Minors

Our Service is only for use by individuals who are at least eighteen (18) years of age or such older age as may be required by applicable state laws in the jurisdiction in which an individual utilizes the Service. By using this website, you agree that you are at least eighteen (18) years of age. The Service is not designed or intended to attract, and is not directed to, children under eighteen (18) years of age. If we obtain actual knowledge that we have collected personal information through the Platform from a person under eighteen (18) years of age, we will use reasonable efforts to refrain from further using such personal information or maintaining it in retrievable form.

If you believe we might have any information directly from a child under 18, please contact us at service@luma.health

Information We Collect

We collect information from and about users of our Service:

Personal Information: Information by which you may be personally identified, such as name, postal address, email address, telephone number, and any other identifier by which you may be contacted online or offline.

Health Information: Information related to your health condition, treatment, or care, which may be considered protected health information under applicable laws.

Technical Information: Details of your visits to our Service, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Service.

How We Use Your Information

To provide you with information, products, or services that you request from us.

a. To fulfill any other purpose for which you provide it.

b. To provide you with notices about your account or subscription, including expiration and renewal notices.

c. To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.

d. To notify you about changes to our Service or any products or services we offer or provide through it.

e. To allow you to participate in interactive features on our Service.

In any other way we may describe when you provide the information. For any other purpose with your consent.

To comply with applicable federal, state, and local laws, rules, and regulations.

Protected Health Information

When you set up an account with LUMA Health, you are creating a direct customer relationship with LUMA Health that enables you to access and/or utilize the various functions of the Platform and the Service as a user. As part of that relationship, you provide information to LUMA Health, including but not limited to, your name, email address, shipping address, phone number and certain transactional information.  All identifying patient information, including name, email, social media profiles, date of birth, phone number, address, and transactional details utilized in patient account setup are deemed protected information--per HIPAA guidelines and we do not sell, share, or use this information in ways other than intended to deliver patient care. 

In using certain other components of the Service, you may provide additional health or medical information that may also be protected under applicable laws.

LUMA Health is considered a “covered entity” under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its related regulations and amendments from time to time (collectively, ” HIPAA“). One or more of the Labs, Pharmacies or Medical Groups (as defined in our Terms of Service) may or may not be a “covered entity” or “business associate” under HIPAA, and LUMA Health may in some cases be a “business associate” of a Pharmacy or Medical Group. It is important to note that HIPAA does not necessarily apply to an entity or person simply because there is health information involved, and HIPAA may not apply to all transactions or communications with LUMA Health, the Medical Groups, the Providers, the Labs, or the Pharmacies.

To the extent LUMA Health is deemed a "covered entity" and/or a “business associate” however, and solely in those roles, LUMA Health, may be subject to certain provisions of HIPAA with respect to “protected health information,” as defined under HIPAA. In addition, any medical or health information that you provide that is subject to specific protections under applicable state laws (collectively, with PHI, “Protected Information“), will be used and disclosed only in accordance with such applicable laws. However, any information that does not constitute Protected Information under applicable laws may be used or disclosed in any manner permitted under this Privacy Policy. Protected Information does not include information that has been de-identified in accordance with applicable laws.

The Medical Groups and Providers have adopted a Notice of Privacy Practices that describes how they use and disclose Protected Information. By accessing or using any part of the Service, you are acknowledging receipt of the Notice of Privacy Practices from your Medical Group and Provider(s).

By accessing or using any part of the Service, you are agreeing that where HIPAA does apply to LUMA Health, the Medical Groups, the Providers, the Labs or the Pharmacies, any information that you submit to LUMA Health that is not considered Protected Information will only be subject to our Privacy Policy and any applicable state laws that govern the privacy and security of such information. 

Collection of Information

We collect any information you provide when you use the Service, including, but not limited to:

1. Personally identifying information such as your name and contact data such as your e-mail address, phone number, and billing and physical addresses.
   
   

2. Your login and password and other account (“Account“) registration details
   
   

3. Information that you provide by filling in forms on our Website. This includes information provided at the time of registering to use our Website, subscribing to our service, or requesting further services.
   
   

4. Records and copies of your correspondence (including email addresses), if you contact us; Details of transactions you carry out through our Website and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Website.
   
   

5. Demographic data (such as your gender, date of birth and zip code)
   
   

6. Computer, mobile device and/or browser information (e.g., IP address, mobile device ID information, operating system, connection speed, bandwidth, browser type, referring/exist web pages, web page requests, cookie information, hardware attributes, software attributes).
   
   

7. Third-party website, network, platform, server and/or application information (e.g., Facebook, Twitter, Instagram)
   
   

8. Usage activity concerning your interactions with the Service and/or third-party websites, networks or applications accessed through the Service (e.g., viewing habits, viewing preferences, viewing history, number of clicks on a page or feature, amount of time spent on a page or feature, identify of third-party websites, networks, etc.)
   
   

9. Billing, payment and shipping information
   
   

10. Electronic signature
    
    

11. Any other information you provide when you contact or communicate with us.

    
    

If you use your mobile device to visit, access or use the Service, then additional categories of information that we collect may include

a. Your name associated with your mobile device
b. Your telephone number associated with your mobile device

c. Your geolocation

d. Your mobile device ID information

We also collect certain medical information on behalf of the Medical Groups and your Providers, which may include, but is not limited to:

a. Health and medical data you submit for diagnosis or treatment purposes, including information in any questionnaires or surveys you complete for these purposes

b. Date of visit

c. Images or videos you share for diagnosis or treatment purposes

d. Communications with Providers

We may also receive information about you from our partners. For example, as part of our identity verification process, our vendor may send us information they have independently collected, such as your name, age, and estimated location. Our marketing partners may also send us information about you, even if you have not visited or registered on our site.

LUMA Health does not collect or create biometric information about you. To use some of our services, however, we may be required to verify your identity. If you are asked to submit proof of identity (such as a driver’s license or passport) we may share that and the selfie you shared with us with our identity verification partner, who may create biometric information about your face in order to verify that your selfie matches your proof of identity. Biometric information is not shared with LUMA Health and is deleted by our identity verification partner after completing the identity verification. LUMA Health may receive information extracted from your photos, such as information from your driver’s license and the confidence that there is a “match” between your two photos. We use this information to help verify your identity.

How Information Is Collected

LUMA might collect personal and non-personal information directly from you when you visit, access or use the Service; when you register with or subscribe to the Service or any products or services available through the Service; when you “sign in,” “log in,” or the like to the Service; when you allow the Service to access, upload, download, import or export content found on or through, or to otherwise interact with, your computer or mobile device (or any other device you may use to visit, access or use the Service) or online accounts with third-party websites, networks, platforms, servers or applications (e.g., your online social media accounts, your cloud drives and servers, your mobile device service provider); or whenever LUMA Health asks you for such information, such as, for example, when you process a payment through the Service, or when you answer an online survey or questionnaire. In addition, if you or a third party sends LUMA Health a comment, message or other communication (such as, by way of example only, email, chat, letter, fax, phone call, or voice message) about you or your activities on or through the Site and/or the App, then LUMA Health may collect any personal or non-personal information provided therein or therewith.

In addition to the information we collect directly from you, we may also collect certain information from the Medical Group and/or Providers who provide treatment or other services to you in connection with our Service. This information may include, but is not limited to, diagnoses, treatment plans (including prescription details) and notes, and is accessible and visible through certain components of the Service.

We may also receive information from third parties that pay for your care or provide you with treatment, laboratory care or prescription medication, which may include, for example, your prescription history and laboratory test results.

We also may receive personal information about you from our service providers who assist us with identity verification in connection with our Services, which may include information parsed from your driver’s license or passport, your estimated location, your address and how long you have lived there, and your contact information.

Finally, LUMA Health might use various tracking, data aggregation and/or data analysis technologies, including, for example, the following:

Cookies, which are small data files (e.g., text files) stored on the browser or device you use to view a website or message. They may help store user preferences and activity and may allow a website to recognize a particular browser or device. There are several types of cookies, including, for example, browser cookies, session cookies, and persistent cookies. Cookies may record information you access on one page of a website to simplify subsequent interaction with that website, or to help streamline your transactions on related pages of that website. Most major browsers are set up so that they will initially accept cookies, but you might be able to adjust your browser’s or device’s preferences to issue you an alert when a cookie is downloaded, or to block, reject, disable, delete or manage the use of some or all cookies on your browser or device. Cookies can be set by the website owner (i.e., us), or they can be set by third parties (e.g., Facebook, Google, etc.) Cookies are used to help us speed up your future activities or to improve your experience by remembering the information that you have already provided to us. Third party cookies may also be used to enable analytics (e.g. Google Analytics) or advertising functionality (e.g., ad re-targeting on third-party websites) that enables more customized services and advertising by tracking your interaction with our Service and collecting information about how you use the Service.

Flash cookies, which are cookies written using Adobe Flash, and which may be permanently stored on your device. Like regular cookies, Flash cookies may help store user preferences and activity, and may allow a website to recognize a particular browser or device. Flash cookies are not managed by the same browser settings that are used for regular cookies. Web beacons, which are pieces of code embedded in a website or email to monitor your activity on the website or your opening of the email, and which can pass along information such as the IP address of the computer or device you use to view the website or open the email, the URL page on which the web beacon is located, the type of browser that was used to access the website, and previously set cookie values. Web beacons are sometimes used to collect advertising data, such as counting page views, promotion views or advertising responses. Disabling your computer’s, device’s or browser’s cookies may prevent some web beacons from tracking or recording certain information about your activities.

Scripts, which are pieces of code embedded in a website to define how the website behaves in response to certain key or click requests sent by the user. Scripts are sometimes used to collect information about the user’s interactions with the website, such as the links the user clicks on. Scripts are often times temporarily downloaded to the user’s computer or device from the website server, active only while the user is connected to the Site and/or the App, and deactivated or deleted when the user disconnects from the website.

Analytic tools and services, which are sometimes offered by third parties, and which track, measure and/or generate information about a website’s or program’s traffic, sales, audience and similar information, and which may be used for various reasons, such as, for example, statistical research, marketing research, and content ratings research, and conversion tracking. Examples of the analytic tools and services which LUMA Health might use include Google Analytics. LUMA Health may also use other third-party analytic tools and services.

Please be advised that if you choose to block, reject, disable, delete or change the management settings for any or all of the aforementioned technologies and/or other tracking, data aggregation and data analysis technologies, then certain areas of the Platform might not function properly.

By visiting, accessing or using the Service, you acknowledge and agree in each instance that you are giving LUMA Health permission to monitor or otherwise track your activities on the Service, and that LUMA Health may use the aforementioned technologies and/or other tracking, data aggregation and data analysis technologies. Notwithstanding the foregoing, LUMA Health does not permit third parties or third-party cookies to access to any communications you have with the Providers, or medical information that you submit to the Providers for diagnosis and treatment purposes.

5. Use of Information

In connection with providing the Service, we and our affiliates and service providers may use your information, subject to the limitations addressed in the Protected Health Information Section above, for a number of purposes, including, but not limited to:

Verifying your identity;

Confirming your location;

Administering your account;

Fulfilling your requests;

Processing your payments;

Facilitating your movement through the Service;

Facilitating your use of the Service and/or products or services offered through the Service;

Communicating with you by letter, chat, email, text, telephone or other forms of communication, including on behalf of your Provider(s) to facilitate medical services;

Providing you with information about LUMA Health, the Labs, the Pharmacies, the Medical Groups, the Providers and/or their businesses, products and services by letter, email, text, telephone or other forms of communication;

Providing you with customer support;

Providing you with information about third-party businesses, products and services by letter, email, text, telephone or other forms of communication; Developing, testing or improving the Service and content, features and/or products or services offered via the Service;

Identifying or creating new products, services, marketing and/or promotions for LUMA Health or the Service;

Promoting and marketing LUMA Health, the Service, and the products and/or services offered via the Service;

Improving user experiences with the Service;

Analyzing traffic to and through Service;

Analyzing user behavior and activity on or through the Service;

Conducting research and measurement activities for purposes of product and service research and development, advertising claim substantiation, market research, and other activities related to LUMA Health, the Service or products and services offered via the Service;

Monitoring the activities of you and others on or through the Service;

Placing and tracking orders for products or services on your behalf;

Protecting or enforcing LUMA Health’ rights and properties;

Protecting or enforcing the rights and properties of others (which may include you);

When required by applicable law, court order or other governmental authority (including, without limitation and by way of example only, in response to a subpoena or other legal process); or

LUMA Health believes in good faith that such use is otherwise necessary or advisable (including, without limitation and by way of example only, to investigate, prevent, or take legal action against someone who may be causing injury to, interfering with, or threatening the rights, obligations or properties of LUMA Health, a user of the Service, which may include you, or anyone else who may be harmed by such activities or to further LUMA Health’ legitimate business interests).

We may de-identify your information and use, create and sell such de-identified information, or any business or other purpose not prohibited by applicable law.

6. Disclosure of Information

Subject to the limitations described in the Protected Health Information section above, we may disclose your information to third parties in connection with the provision of our Service or as otherwise permitted or required by law. For example, we may disclose your information:

To our subsidiaries and affiliates;

To our third-party and service providers (collectively “vendors”) that provide services to enable us to provide the Service, such as the hosting of the Service, data analysis, IT services and infrastructure, customer service, e-mail delivery, and other similar services;

To our vendors that provide services to enable us to run our business and administrative operations, such as legal and financial advisory services, auditing services, analytics and similar services;

To our vendors that provide services to enable us to promote and advertise the Service and the products and/or services offered via the Service, such as ad platforms or ad-retargeting services, as well as comply with contact removal requests or requirements, such as mailing list removal services, do not call registries, and similar services;

To our contractors, service providers, and other third parties we use to support our business. These entities provide IT and infrastructure support services, payment processing services and marketing software.  Our payment processors’ privacy policies may be found at http://PayPal.com/us/privacy;

To the Labs, Pharmacies, Medical Group or its Providers to enable them to provide services to you via the Service and to collect payment on their behalf;

To vendors as we believe necessary or appropriate to comply with applicable laws;

and

To a potential or actual buyer or other successor in the event of a planned or actual merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of LUMA Health’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by LUMA Health about our Website’s users is among the assets transferred;

To fulfill the purpose for which you provide it;

For any other purpose disclosed by us when you provide the information; and With your consent;

To comply with any court order, law, or legal process, including to respond to any government or regulatory request;

To enforce or apply our Terms of Service and other agreements, including for billing and collection purposes; and If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of LUMA Health, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

We may de-identify your information and disclose such de-identified information for any purpose not prohibited by applicable law.

7. Data Retention

LUMA Health may retain your information for as long as it believes necessary; as long as necessary to comply with its legal obligations, resolve disputes and/or enforce its agreements; and/or as long as needed to provide you with the products and/or services of the Service or LUMA Health. LUMA Health may dispose of or delete any such information at any time, except as set forth in any other agreement or document executed by LUMA Health or as required by law.

Similarly, the Medical Groups and Providers may retain your information for as long as they believe necessary; as long as necessary to comply with their respective legal obligations, resolve disputes and/or enforce its agreements; and/or as long as needed to provide you with the products and/or services of the Medical Groups and Providers. The Medical Groups and Providers may dispose of or delete any such information at any time, except as set forth in any other agreement or document executed by the Medical Groups or Providers or as required by law.

8. Data Security

Information transmitted over the Internet is not completely secure, but we do our best to protect your Personal Data. You can help protect your Personal Data and other information by keeping your password to our Websites confidential.

We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our Website. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures deployed on the Website.

9. Transactions

In connection with any transaction that you conduct through the Service (e.g., the purchase or sale of any products or services on or through the Service), you may be asked to supply certain information relevant to the transaction, including, without limitation, your credit card number and expiration date, your billing address, your shipping address, your phone number and/or your email address. By submitting such information, you grant LUMA Health without charge the irrevocable, unencumbered, universe-wide and perpetual right to provide such information to third parties (e.g., payment processing companies, buyers on the Service, sellers on the Service) for the purpose of facilitating the transaction.

All credit card, debit card and other monetary transactions on or through the Service occur through an online payment processing application(s) accessible through the Service. This online payment processing application(s) is provided by LUMA Health’ third-party online payment processing vendor, PayPal (“PayPal“) and other vendors. Additional information about PayPal, its privacy policy and its information security measures (collectively, the ” PayPal Policies“) should be available on the PayPal website or by contacting PayPal directly. Reference is made to the PayPal Policies for informational purposes only and are in no way incorporated into or made a part of this Privacy Policy. LUMA Health’ relationship with PayPal, if any, is merely contractual in nature, as PayPal nothing more than a third-party vendor to LUMA Health, and is in no way subject to LUMA Health’ direction or control; thus, their relationship is not, and should not be construed as, one of fiduciaries, franchisors-franchisees, agents-principals, employers-employees, partners, joint venturers or the like.

LUMA Health reserves the right to switch to any other payment processor at their discretion, at which point the above terms of this Privacy Policy related to Payment Processors will be bound to and in accordance with the Privacy Policies of the new Payment Processor. If we switch permanently to a new payment processor, this Privacy Policy will be updated. 

10. Jurisdictional Issues

The Service may only be used within certain states within the United States as described in our Terms and Conditions. Accordingly, this Privacy Policy, and our collection, use, and disclosure of your information, is governed by U.S. law.

Your California Privacy Rights

If you are a resident of California, you have the additional rights described in the California Privacy Addendum.

11. Third Parties

This Privacy Policy does not address or apply to, and we are not responsible for, the privacy, information or other practices of any third parties, including, without limitation, the Medical Group or its Providers, the manufacturer of your mobile device, and any other third-party mobile application or website to which our Service may contain a link. These third parties may at times gather information from or about you. We do not control and are not responsible for the privacy practices of these third parties. We encourage you to review the Medical Group’s Notice of Privacy Practices and the privacy policies of each website and application you visit and use.

12. Your Rights Regarding Your Information and Accessing and Correcting Your Information

You may have certain rights under applicable data protection laws, including the right to access and update your Personal Data, restrict how it is used,  and the right to have us erase certain Personal Data about you. You also have the right to complain to a supervisory authority about our processing of your Personal Data.

Applicable data protection laws may provide you with certain rights with regards to our processing of your Personal Data.

Access and Update. You can review and change your Personal Data by logging into the Website and visiting your “Account” page. You may also notify us through the Contact Information below or through our Website’s Contact Us form of any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.

You have the right to restrict our processing of your Personal Data under certain circumstances. In particular, you can request we restrict our use of it if you contest its accuracy, if the processing of your Personal Data is determined to be unlawful, or if we no longer need your Personal Data for processing but we have retained it as permitted by law.

Right to be Forgotten. You have the right to request that we delete all of your Personal Data. We cannot delete your Personal Data except by also deleting your user account, and we will only delete your account when you have requested that we do so. We may not accommodate a request to erase information if we believe the deletion would violate any law or legal requirement or cause the information to be incorrect. In all other cases, we will retain your Personal Data as set forth in this policy. In addition, we cannot completely delete your Personal Data as some data may rest in previous backups. These will be retained for the periods set forth in our disaster recovery policies.

You have the right to lodge a complaint with the applicable supervisory authority in the country you live in, the country you work in, or the country where you believe your rights under applicable data protection laws have been violated. However, before doing so, we request that you contact us directly in order to give us an opportunity to work directly with you to resolve any concerns about your privacy.

How You May Exercise Your Rights. You may exercise any of the above rights by contacting us through any of the methods listed under Contact Information below and through our Website’s Contact Us form. If you contact us to exercise any of the foregoing rights, we may ask you for additional information to verify your identity. We reserve the right to limit or deny your request if you have failed to provide sufficient information to verify your identity or to satisfy our legal and business requirements. Please note that if you make unfounded, repetitive, or excessive requests (as determined in our reasonable discretion) to access your Personal Data, you may be charged a fee subject to a maximum set by applicable law.

13. Do Not Track Signals

We may use automated data collection technologies to track you across websites. We currently do not honor do-not-track signals that may be sent by some browsers.

We also may use automated data collection technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. At this time, we do not honor such signals and we do not modify what information we collect or how we use that information based upon whether such a signal is broadcast or received by us.

14. Changes to Our Privacy Notice

We may change this Privacy Notice at any time. It is our policy to post any changes we make to our Privacy Notice on this page. If we make material changes to how we treat our users’ Personal Data, we will notify you through a notice on the Website’s home page. The date this Privacy Notice was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this Privacy Notice to check for any changes. By using this website you consent to abide by the latest privacy practices posted on the website 

15. Contact Information

You may contact us through the contact information below. If you wish to contact us, you may contact both us through the contact information below or through the Contact Us form  on our Website.

If you have any questions, concerns, complaints or suggestions regarding our Privacy Notice, have any requests related to your Personal Data pursuant to applicable laws, or otherwise need to contact us, you may Contact Us at the contact information below or through the Contact Us  page on our Website.

www.LUMA.Health

LUMA Health LLC

Service@luma.health

30 N Gould St Ste R 

Sheridan WY 82801

415 622 8506