Last Updated: December7, 2020
Exuma Wellness, Inc (“Exuma,” “we” or “us”) owns and operates the website www.getexuma.com and may have previously, now or in the future own and/or operate an Exuma mobile application (collectively the “Platform”).
We may collect information about you in a variety of ways, including: when you provide information to us directly, automatically as you use the Platform, and from third-party sources.
We primarily use the information collected from you in order to allow you to participate in the Platform and to communicate information and offers to you (on the Platform and elsewhere online). We may share your personal information under certain limited circumstances, such as with vendors providing services to us or for legal compliance. We may also share your personal information with third parties for their direct marketing purposes where you have consented to such sharing.
Your Relationship With Us
Protected Health Information
We may also collect certain medical information on behalf of the Pharmacy and Provider, which may include but is not limited to:
Health and medical data you submit for diagnosis or treatment purposes, including information in any questionnaires or surveys you complete for these purposes;
Previous doctors or other healthcare providers you visited;
Date(s) of visit;
Images or videos you share for diagnosis or treatment purposes; and
Communications with Providers
Exuma does not collect or create biometric information about you. To use some of our services, however, we or our Third Party Providers may require you to verify your identity. If you are asked to submit proof of identity (such as a driver’s license or passport) we may share the information you shared with our Third Party Providers who will perform a visual analysis of the identity verification photos that you have uploaded prior to allowing you submit any additional information to verify your proof of identity.
To provide you with products and services you request, we may collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household.
We obtain personal information from the following categories of sources:
Directly and Indirectly from you. Your name, email address, photographs to confirm your identity, shipping and billing address, phone number, and credit card number may be collected at the Platform. We or our Third Party Providers will all require you to provide your age, information regarding existing medical conditions and sexual identity in order to provide medical care through the Platform. We may also ask for your interests or preferences. You could be prompted to create a username and password to access your account. From time to time, we might also ask for the email addresses of your friends to share deals and discounts. We also may lawfully obtain personal information about you from affiliated entities, business partners, and other independent third party sources and add it to your account information. Examples of information we may receive includes updated contact information, purchase history, and demographic information.
Automatically from you. As is the case with most websites these days, please note we may also take in information about your computer that might include your IP address, device type, unique device identification numbers, browser type (such as Firefox, Safari, or Internet Explorer), your Internet Service Provider (ISP), a timestamp of your visit and time zone, broad geographic location (e.g., country or city-level location), network status, operating system and carrier, and the pages you have visited on the site or Platform, in addition to any referring website or exit pages once you leave our site. We may also collect information on your internet connection, information from cookies, web beacons and other similar technologies and interactions, such as the links clicked on and whether email messages were opened or forwarded. We may combine the information you give us with information related to your transactions and information we receive about you from third parties who carry out services on our behalf. The information received via cookies and web beacons may allow us to track your activities across devices and users’ clickstream data associated with cookies and web beacons. Please see the “Cookies” and “Web Beacons” sections below for more information. Collecting this information enables us to better understand the visitors who come to our Platform, where they come from, and what content on our Platform is of interest to them. We may also use third party advertising platform pixels, which collect user data for retargeting and remarketing purposes.
You may choose not to provide us with your personal information. If you choose not to provide us with this information, you may still access and use portions of the Platform. However, you may not be able to use portions of the Platform which require you to provide personal information, such as to engage in a telehealth visit, obtain medical advice or prescriptions or to use the subscription features on the checkout page.
If you’re allowing your location to be tracked on your mobile device, we might take note of your location. You can always disable your location on your phone to prevent this from happening.
The Platform and any communications sent by the Platform may contain electronic images (generally, single-pixel “.gif” images) called “web beacons.” These web beacons would allow Exuma and third parties to monitor and collect certain information about the viewer of the web page, web-based document, e-mail message, or other communication, such as the type of browser requesting the web beacon, a unique identifier of the device that the web beacon is sent to and the time the web beacon was viewed. Web beacons may also be used to deliver or read cookies, to understand whether you have come to our site from an online advertisement displayed on a third-party website, to help us understand the performance of our marketing efforts (i.e., interaction with social media advertisements or web site traffic and performance activity), and, in the future, to improve site performance. We also may allow our Third Party Providers to use web beacons to, for example, help us understand which emails have been opened by recipients and to track the visitor traffic and actions on our site. This helps us measure the effectiveness of our content and other offerings.
An embedded script is programming code that is designed to collect information about your interactions with the Platform, such as the links you click on. The code is temporarily downloaded onto your device from our server or a third-party service provider, is active only while you are connected to the Platform, and is deactivated or deleted thereafter. In addition, we may use a variety of other technologies that collect similar information for security and fraud detection purposes.
By visiting, accessing or using the Platform, you acknowledge and agree in each instance that you are giving Exuma permission to monitor or otherwise track your activities on the Platform, and that Exuma may use the aforementioned technologies and/or other tracking, data aggregation and data analysis technologies. Notwithstanding the foregoing, Exuma does not permit third parties or third-party cookies to access to any communications you have with the Third Party Providers, or medical information that you submit to the Third Party Providers for diagnosis and treatment purposes.
In connection with the Platform and providing the services and products, we and our affiliates may use your information, subject to certain limitations, for a number of purposes, but not limited to:
Provide you with electronic newsletters, information, special offers, and promotional materials on behalf of us or third parties;
Fulfill your requests for products, services, and information and complete a transaction that you have requested;
Verifying your identity;
Enable you to participate in Platform features;
Analyze the use of Platform and information about visitors to our Platform to understand and improve your experience on the Platform, improve our service offerings generally, and for other internal business purposes and to prevent and detect fraud;
Customize the advertising and content you see, both on the Platform and elsewhere online;
Manage your account including processing payments;
Generate products for Exuma;
Communicate with you in general and provide customer services;
Resolve disputes, collect fees, or troubleshoot problems;
Prevent potentially prohibited and illegal activities;
For other purposes disclosed when you provide your information; and
We may de-identify your information and use, create and sell such de-identified information, or any business or other purpose not prohibited by applicable law.
Please note that information submitted to the Platform via a “Contact Us,” “Send Your Comments,” or other similar mechanism will not necessarily receive a response. We will not use any such information you provide for marketing purposes unrelated to your request, although we may contact you regarding your submission.
Subject to the limitations described in the Protected Health Information section herein, we may disclose your information to third parties in connection with the Platform or as otherwise permitted or required by law. For example, we may disclose your information to:
Our Third Party Providers and other vendors (collectively “Vendors”) that provide services to enable us to provide the Platform, such as the hosting of the Platform, data analysis, IT services and infrastructure, customer service, e-mail delivery, and other similar services;
Our Vendors that provide services to enable us to run our business and administrative operations, such as legal and financial advisory services, auditing services, analytics and similar services;
Our Vendors that provide services to enable us to promote and advertise the Platform and the products and/or services offered via the Platform, such as ad platforms or ad-retargeting services, as well as comply with contact removal requests or requirements, such as mailing list removal services, do not call registries, and similar services;
The Third Party Providers to enable them to provide services to you via the Platform and to collect payment on their behalf;
Vendors as we believe necessary or appropriate to comply with applicable laws;
A third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, liquidation or other disposition of all or any portion of our business, assets or stock with such third party;
We may de-identify your information and disclose such de-identified information for any purpose not prohibited by applicable law.
Summary of Information Practices
We have in place various procedures to safeguard your information, including technical, administrative and physical procedures intended to keep your information secure. However, please note that although we take reasonable steps to protect your information, no website, Internet transmission, computer system or wireless connection is completely secure.
In addition, we take steps to retain personal information about you only for so long as is necessary for the purpose for which it was collected, as required under contract, or as required by or permissible under applicable law. We will only hold your information for as long as necessary to fulfill the purposes for which it was collected, before making it non-identifiable or deleting it.
Other Important Information
We make it easy to say goodbye to marketing emails, but you can’t unsubscribe to emails pertinent to your account, such as billing or shipping notices. You may unsubscribe to marketing emails by following the unsubscribe instructions included in those emails or contacting us at [email protected]
Correcting or Updating Your Personal Information
You may change any of your personal information in your account by editing your profile within your account or by sending an email to us at [email protected]
We do reserve the right to hold on to personal information necessary for doing business with you. You can always ask us to delete your personal information, too, by emailing [email protected]
Live in California?
Do Not Track
Some Internet browsers include the ability to transmit “Do Not Track” signals. Since uniform standards for “Do Not Track” signals have not been adopted, this Web Site does not process or respond to “Do Not Track” signals. To learn more about “Do Not Track,” please visit “All About Do Not Track” at www.allaboutdnt.com/.
Individuals Under 18
This Platform is not intended for individuals under the age of 18. No one under the age of 18 may provide any personal information to the Platform. We do not knowingly solicit or collect personal information from individuals under 18 nor do we knowingly market or otherwise target our Platform or its products or services to individuals under the age of 18. If you are under 18, do not use or provide any information on this Platform. If we learn we have collected this information, we will delete it. If you’re concerned that we’ve collected information from individuals under 18, please reach out at [email protected]
You can Contact Us with questions or about updating or accessing your information by emailing us at [email protected] or calling us at 1-866-438-3986
Read on if you are a California resident!
YOUR CALIFORNIA RIGHTS
[Updated July 1, 2020]
As a California resident you may be entitled to additional rights with respect to your personal information that Exuma collects and stores about you.
Under the CCPA you have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (Right to Know). Once we receive and confirm your verifiable consumer request, we will disclose to you, if applicable:
The categories of personal information we collected about you;
The categories of sources for the personal information we collected about you;
Our business or commercial purpose for collecting that personal information;
Our business or commercial purpose for disclosing the category of personal information about you and
The specific pieces of personal information we collected about you.
If we disclosed your personal information for a business purpose, we will also disclose:
The categories of personal information that we disclosed about you; and
The categories of third parties to whom your personal information was disclosed, by category or categories of personal information for each third party to whom the personal information was disclosed.
Right to Deletion
As a California resident you have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (Right to Delete). Once we receive and confirm your verifiable consumer request, we will delete (and direct our Third Party Providers to delete) your personal information from their records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
Debug products to identify and repair errors that impair existing intended functionality;
Exercise free speech to ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
Comply with a legal obligation; and
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Access and Data Portability Rights
As a California resident you may also have the right to access your personal information for purposes of correcting, modifying or replacing your existing personal data that we have on file (Right to Access). If appropriate you may also have the right to data portability and if requested we may provide your data in the form of a [zip file/ftp/other encrypted file] for your use and portability of your data (Right to Data Portability).
Right to Opt Out
Exercising Your California CCPA Rights
In order to enforce any of the foregoing Right to Know, Right to Delete, Right to Access, Right to Opt Out or Right to Data Portability you may contact us in one of the following two ways:
Toll-free Number: 1-866-438-3986
By sending an email to:
“Your California Privacy Rights” to the email address: [email protected]
or you may send a letter by US Mail to:
2046 Hillhurst Ave #130
Los Angeles, CA 90027
Email: [email protected]
Only you may make a verifiable consumer request related to your Right to Know, Delete, Access, Opt Out or Data Portability set forth above. In order to verify your request we will need you to provide at a minimum:
-Your full name
-Street Address, City, State and Zip Code
This information will allow us to verify your identity by confirming that you are the person about whom we collected personal information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We will not share the information you submit with anyone and we will not use it for any other purpose other than verifying your identity.
Once we have verified your identity we will keep a record of the request only for purposes of complying with our obligations under the CCPA and for no other purpose.
We will not be able to respond to your request if we are unable to locate your personal information on our systems due to typos, misinformation or if we are unable to verify your identity. If you are requesting sensitive personal information such as credit card information, financial data or other such information then we may require additional procedures to verify your identity by means of a sworn declaration or other confirming method in our discretion as required under the CCPA.
We will generally confirm receipt of a verifiable consumer request within 10 business days and provide information about how we will process the request. Generally, we will respond to your request, free of charge, within 45 days of its receipt. However, if we require additional time to evaluate and fulfill your request, we will inform you of the reason and extension period (up to 90 days); in writing, within the initial 45-day period.
If a disclosure of your personal information is provided, it will only cover a period of 12 months preceding the date we receive your verifiable consumer request. For requests related to your Right to Data Portability we will select a format to provide your personal information that is readily useable and should allow you to transmit the information without hindrance, specifically by electronic mail communication. If applicable, the response we provide to you will explain the reasons we cannot fulfill your request.
We do not charge a fee to process or respond to your verifiable consumer request unless it is unfounded, excessive, or repetitive. If we determine that your request warrants a reasonable fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. We are not required to provide personal information to a consumer more than twice in a 12-month period.
If you are an Authorized Agent as defined in the CCPA we may require you to submit a declaration that you are an Authorized Agent that represents a particular California resident prior to responding to your requests. We may also request that you submit a declaration from the represented California resident designating you as an Authorized Agent to make requests on there behalf.
We will not discriminate against you because you exercise your rights. For example, Exuma will not deny you goods or services or deny or limit your access to the website.
CALIFORNIA SHINE THE LIGHT
If you are a California resident and have an established business relationship with us, you can request a notice disclosing the categories of personal information we have shared with third parties, for the third parties’ direct marketing purposes, during the preceding calendar year. To request a notice, please submit your request to:
2046 Hillhurst Ave #130
Los Angeles, CA 90027
Email: [email protected]