Privacy Policy

Exuma Wellness, Inc (“Exuma,” “we” or “us”) owns and operates the website www.getexuma.com and may have previously, now or in the future own and/or operate an Exuma mobile application (collectively the “Platform”). 

We take your privacy very seriously and we want you to know how we’re using your personal information and how you’re also able to access and update it, when necessary. When we materially edit our Privacy Policy, we will inform you of any changes via email.  You should also revisit our Platform from time to time to view our most current Privacy Policy then in effect.

This Privacy Policy only covers information collected at the Platform, and does not cover any information collected at any other web site or offline by Exuma (unless specifically stated). This Privacy Policy describes, among other things, the types of information we collect about you when you visit the Platform; how your information may be used; when it may be disclosed; how you can control the use and disclosure of your information; and how your information is protected. If you do not agree to our Privacy Policy, please do not use the Platform.

Please review our full Privacy Policy below – but here are some key points to be aware of:

We may collect information about you in a variety of ways, including: when you provide information to us directly, automatically as you use the Platform, and from third-party sources.

We primarily use the information collected from you in order to allow you to participate in the Platform and to communicate information and offers to you (on the Platform and elsewhere online). We may share your personal information under certain limited circumstances, such as with vendors providing services to us or for legal compliance. We may also share your personal information with third parties for their direct marketing purposes where you have consented to such sharing. 

When you view video content on the Platform, share information through a social-networking feature on the Platform, or post to one of the Platform’s Public Areas  (areas on our Platform where you may post or comment subject to compliance with our Terms of Use), third parties may have access to information on what videos you have watched.

Your Relationship With Us

Exuma is a technology company that makes available to registered users of the Platform certain products and services sold or offered by Exuma or by third party medical providers, pharmacies, or other vendors. Our Platform provides access to a provider network through GoGoCare who offers certain healthcare services through the Platform (the “Provider”).   Prescription fulfillment services are offered through GoGoMeds as an option to users (the “Pharmacy”). By accepting these Terms of Use, you acknowledge and agree that any services and products you receive from the Provider and/or Pharmacy (collectively, “Third Party Providers”) through the Platform are also subject to these Terms of Use and that they are third-party beneficiaries of this Agreement.

Protected Health Information

By setting up an account with Exuma, you are establishing a direct customer relationship with Exuma that enables you to access and/or use various functions of the Platform. As part of that relationship, you may provide information to Exuma, including but not limited to your name, email address, shipping address, and phone number, that we may collect, use and disclose in accordance with our Privacy Policy that we do not consider to be “health” or “medical” information.

In using certain services of the Platform, you may also provide certain medical information that may be protected under applicable laws. Exuma is not a “covered entity” under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its related regulations and amendments from time to time (collectively, “HIPAA”). One or more of the Third-Parties (as defined herein) may or may not be a “covered entity” or “business associate” under HIPAA, and Exuma may in some cases be a “business associate” of a Third Party.  It is important to remember that while state-specific privacy laws may apply, HIPAA does not necessarily apply to an entity or person simply because there is health information involved, and HIPAA may not apply to your transactions or communications with Exuma, or the Third Parties. To the extent Exuma is considered a “business associate” however, and solely in its role as a “business associate,” Exuma may be subject to certain provisions of HIPAA with respect to protected health information (“Protected Health Information”). Further, any medical or health information that you provide that is subject to specific protections under applicable state laws (collectively, with Protected Health Information, “Protected Information”), will be used and disclosed only in accordance with such applicable laws. Any information that does not constitute Protected Information under applicable laws may be used or disclosed in any manner permitted under our Privacy Policy. Protected Information does not include information that has been de-identified in accordance with HIPAA.

By using the Service, you are agreeing that even if HIPAA does apply to Exuma or the Third Party Providers, any information that you submit to Exuma that is not intended and used solely for the provision of diagnosis and treatment by the Third Party Providers, is not considered Protected Information, and will only be subject to our Privacy Policy and any applicable state laws that govern the privacy and security of such information.

Medical Information

We may also collect certain medical information on behalf of the Pharmacy and Provider, which may include but is not limited to:

Health and medical data you submit for diagnosis or treatment purposes, including information in any questionnaires or surveys you complete for these purposes;

Previous doctors or other healthcare providers you visited;

Date(s) of visit;

Images or videos you share for diagnosis or treatment purposes; and

Communications with Providers

Exuma does not collect or create biometric information about you. To use some of our services, however, we  or our Third Party Providers may require you to verify your identity. If you are asked to submit proof of identity (such as a driver’s license or passport) we may share the information you shared with our Third Party Providers who will perform a visual analysis of the identity verification photos that you have uploaded prior to allowing you submit any additional information to verify your proof of identity. 

Data Collection

Personal Information

To provide you with products and services you request, we may collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household. 

We obtain personal information from the following categories of sources:

Directly and Indirectly from you. Your name, email address, photographs to confirm your identity, shipping and billing address, phone number, and credit card number may be collected at the Platform. We or our Third Party Providers will all require you to provide your age, information regarding existing medical conditions and sexual identity in order to provide medical care through the Platform. We may also ask for your interests or preferences. You could be prompted to create a username and password to access your account. From time to time, we might also ask for the email addresses of your friends to share deals and discounts.  We also may lawfully obtain personal information about you from affiliated entities, business partners, and other independent third party sources and add it to your account information.  Examples of information we may receive includes updated contact information, purchase history, and demographic information.

Automatically from you. As is the case with most websites these days, please note we may also take in information about your computer that might include your IP address, device type, unique device identification numbers, browser type (such as Firefox, Safari, or Internet Explorer), your Internet Service Provider (ISP), a timestamp of your visit and time zone, broad geographic location (e.g., country or city-level location), network status, operating system and carrier, and the pages you have visited on the site or Platform, in addition to any referring website or exit pages once you leave our site. We may also collect information on your internet connection, information from cookies, web beacons and other similar technologies and interactions, such as the links clicked on and whether email messages were opened or forwarded.  We may combine the information you give us with information related to your transactions and information we receive about you from third parties who carry out services on our behalf.  The information received via cookies and web beacons may allow us to track your activities across devices and users’ clickstream data associated with cookies and web beacons.  Please see the “Cookies” and “Web Beacons” sections below for more information.  Collecting this information enables us to better understand the visitors who come to our Platform, where they come from, and what content on our Platform is of interest to them.  We may also use third party advertising platform pixels, which collect user data for retargeting and remarketing purposes.

You may choose not to provide us with your personal information. If you choose not to provide us with this information, you may still access and use portions of the Platform. However, you may not be able to use portions of the Platform which require you to provide personal information, such as to engage in a telehealth visit, obtain medical advice or prescriptions or to use the subscription features on the checkout page. 

Location

If you’re allowing your location to be tracked on your mobile device, we might take note of your location. You can always disable your location on your phone to prevent this from happening.

Cookies

Exuma’s site uses cookies. Cookies are small data files stored on your computer’s hard drive. This information helps us provide a more personal, customized experience on the Platform to help us recognize you as a previous visitor and remember any preferences that may have been set while your browser was visiting our Platform. While not currently doing so, we may also use cookies to customize the content and advertisements provided to you on the Platform and on other sites across the Internet.  For example, when you access a page on our Platform, a cookie could be automatically set by us, our Third Party Providers or other service providers to recognize you as you navigate on the Internet and to present you with information and advertising based on your apparent interests. Cookies may also help us measure and research the effectiveness of Platform features and offerings, advertisements, and email communications (by determining which emails you open and act upon).  Occasionally, we may share data obtained from cookies with our partners or Third Party Providers. If you do not want to allow information to be collected through the use of cookies, you can generally opt-out of providing this information by setting your browser to reject cookies. However, please be aware that some areas of the Platform may not provide you with an acceptable user experience if you have disabled the use of cookies.

Web Beacons

The Platform and any communications sent by the Platform may contain electronic images (generally, single-pixel “.gif” images) called “web beacons.” These web beacons would allow Exuma and third parties to monitor and collect certain information about the viewer of the web page, web-based document, e-mail message, or other communication, such as the type of browser requesting the web beacon, a unique identifier of the device that the web beacon is sent to and the time the web beacon was viewed.  Web beacons may also be used to deliver or read cookies, to understand whether you have come to our site from an online advertisement displayed on a third-party website, to help us understand the performance of our marketing efforts (i.e., interaction with social media advertisements or web site traffic and performance activity), and, in the future, to improve site performance. We also may allow our Third Party Providers to use web beacons to, for example, help us understand which emails have been opened by recipients and to track the visitor traffic and actions on our site. This helps us measure the effectiveness of our content and other offerings.

Embedded Scripts 

An embedded script is programming code that is designed to collect information about your interactions with the Platform, such as the links you click on. The code is temporarily downloaded onto your device from our server or a third-party service provider, is active only while you are connected to the Platform, and is deactivated or deleted thereafter. In addition, we may use a variety of other technologies that collect similar information for security and fraud detection purposes.

By visiting, accessing or using the Platform, you acknowledge and agree in each instance that you are giving Exuma permission to monitor or otherwise track your activities on the Platform, and that Exuma may use the aforementioned technologies and/or other tracking, data aggregation and data analysis technologies. Notwithstanding the foregoing, Exuma does not permit third parties or third-party cookies to access to any communications you have with the Third Party Providers, or medical information that you submit to the Third Party Providers for diagnosis and treatment purposes.

Data Use

In connection with the Platform and providing the services and products, we and our affiliates may use your information, subject to certain limitations, for a number of purposes, but not limited to:

Provide you with electronic newsletters, information, special offers, and promotional materials on behalf of us or third parties;

Fulfill your requests for products, services, and information and complete a transaction that you have requested; 

Verifying your identity; 

Enable you to participate in Platform features;

Contact you about the Platform, including, without limitation, in our discretion to notify you of changes to this Privacy Policy, the Terms of Use, or other policies that affect your use of the Platform;

Analyze the use of Platform and information about visitors to our Platform to understand and improve your experience on the Platform, improve our service offerings generally, and for other internal business purposes and to prevent and detect fraud;

Customize the advertising and content you see, both on the Platform and elsewhere online;

Comply with and monitor compliance with our Terms of Use and other applicable agreements and policies;

Manage your account including processing payments;

Generate products for Exuma; 

Communicate with you in general and provide customer services; 

Resolve disputes, collect fees, or troubleshoot problems;

Prevent potentially prohibited and illegal activities; 

For other purposes disclosed when you provide your information; and

To enforce our Terms of Use and other agreements.

We may de-identify your information and use, create and sell such de-identified information, or any business or other purpose not prohibited by applicable law.

Please note that information submitted to the Platform via a “Contact Us,” “Send Your Comments,” or other similar mechanism will not necessarily receive a response. We will not use any such information you provide for marketing purposes unrelated to your request, although we may contact you regarding your submission.

Data Sharing

Subject to the limitations described in the Protected Health Information section herein, we may disclose your information to third parties in connection with the Platform or as otherwise permitted or required by law. For example, we may disclose your information to:

Our Third Party Providers and other vendors (collectively “Vendors”) that provide services to enable us to provide the Platform, such as the hosting of the Platform, data analysis, IT services and infrastructure, customer service, e-mail delivery, and other similar services;

Our Vendors that provide services to enable us to run our business and administrative operations, such as legal and financial advisory services, auditing services, analytics and similar services;

Our Vendors that provide services to enable us to promote and advertise the Platform and the products and/or services offered via the Platform, such as ad platforms or ad-retargeting services, as well as comply with contact removal requests or requirements, such as mailing list removal services, do not call registries, and similar services;

The Third Party Providers to enable them to provide services to you via the Platform and to collect payment on their behalf;

Vendors as we believe necessary or appropriate to comply with applicable laws;

A third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, liquidation or other disposition of all or any portion of our business, assets or stock with such third party;

Investigate, prevent, or take action regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of our Terms of Use or other agreements, or as required by law.

We may de-identify your information and disclose such de-identified information for any purpose not prohibited by applicable law.

Summary of Information Practices

The following summarizes our personal information collection, use and sharing practices. See “Medical Information”,  “Data Collection – Personal Information” and “Data Collection – Data Sharing” above.  In addition, while we do not currently sell any of your information, we may do so in the future.  To the extent the information being sold contains Protected Health Information, it will only be sold on a de-identified basis.  Please review this Privacy Policy frequently for any updates.

Security

We have in place various procedures to safeguard your information, including technical, administrative and physical procedures intended to keep your information secure.  However, please note that although we take reasonable steps to protect your information, no website, Internet transmission, computer system or wireless connection is completely secure.

In addition, we take steps to retain personal information about you only for so long as is necessary for the purpose for which it was collected, as required under contract, or as required by or permissible under applicable law.  We will only hold your information for as long as necessary to fulfill the purposes for which it was collected, before making it non-identifiable or deleting it.

Third Parties

This Privacy Policy does not address or apply to, and we are not responsible for, the privacy, information or other practices of any third parties, including, without limitation, the Third Party Providers we work with, the manufacturer of your mobile device, and any other third-party mobile application or website to which our Platform may contain a link. These third parties may at times gather information from or about you. We do not control and are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of each website and application you visit and use.

Other Important Information

Unsubscribe Anytime    

We make it easy to say goodbye to marketing emails, but you can’t unsubscribe to emails pertinent to your account, such as billing or shipping notices. You may unsubscribe to marketing emails by following the unsubscribe instructions included in those emails or contacting us at hello@getexuma.com. 

Correcting or Updating Your Personal Information

You may change any of your personal information in your account by editing your profile within your account or by sending an email to us at hello@getexuma.com. 

We do reserve the right to hold on to personal information necessary for doing business with you. You can always ask us to delete your personal information, too, by emailing hello@getexuma.com.

Live in California?

If you are a resident of California, you may have additional rights available to you under the provisions of the California Consumer Privacy Act of 2018 (CA Civil Code Section Sections 1798.100 – 1798.199) (“CCPA”) and California’s Shine the Light Law.  See “Your California Rights” at the end of this Privacy Policy for requests under the CCPA.

Do Not Track

Some Internet browsers include the ability to transmit “Do Not Track” signals. Since uniform standards for “Do Not Track” signals have not been adopted, this Web Site does not process or respond to “Do Not Track” signals. To learn more about “Do Not Track,” please visit “All About Do Not Track” at www.allaboutdnt.com/.

Individuals Under 18

This Platform is not intended for individuals under the age of 18. No one under the age of 18 may provide any personal information to the Platform. We do not knowingly solicit or collect personal information from individuals under 18 nor do we knowingly market or otherwise target our Platform or its products or services to individuals under the age of 18. If you are under 18, do not use or provide any information on this Platform. If we learn we have collected this information, we will delete it. If you’re concerned that we’ve collected information from individuals under 18, please reach out at hello@getexuma.com.

Updates to this Privacy Policy

We may revise this Privacy Policy at any time.  Changes to this Privacy Policy will be made when required in response to changing legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make, and in accordance with applicable law. You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Privacy Policy.

If you have any questions about changes to this Privacy Policy, please contact us as specified below.

Contact Us

You can Contact Us with questions or about updating or accessing your information by emailing us at hello@getexuma.com

Read on if you are a California resident!

YOUR CALIFORNIA RIGHTS

[Updated July 1, 2020]

As a California resident you may be entitled to additional rights with respect to your personal information that Exuma collects and stores about you.

Under the CCPA you have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (Right to Know). Once we receive and confirm your verifiable consumer request, we will disclose to you, if applicable:

The categories of personal information we collected about you;

The categories of sources for the personal information we collected about you;

Our business or commercial purpose for collecting that personal information;

Our business or commercial purpose for disclosing the category of personal information about you and

The specific pieces of personal information we collected about you.

If we disclosed your personal information for a business purpose, we will also disclose:

The categories of personal information that we disclosed about you; and

The categories of third parties to whom your personal information was disclosed, by category or categories of personal information for each third party to whom the personal information was disclosed.

Right to Deletion

As a California resident you have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (Right to Delete). Once we receive and confirm your verifiable consumer request, we will delete (and direct our Third Party Providers to delete) your personal information from their records, unless an exception applies. 

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;

Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;

Debug products to identify and repair errors that impair existing intended functionality;

Exercise free speech to ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;

Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);

Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;

Comply with a legal obligation; and

Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Access and Data Portability Rights

As a California resident you may also have the right to access your personal information for purposes of correcting, modifying or replacing your existing personal data that we have on file (Right to Access). If appropriate you may also have the right to data portability and if requested we may provide your data in the form of a [zip file/ftp/other encrypted file] for your use and portability of your data (Right to Data Portability).

Right to Opt Out

You have the Right to Opt Out if we are selling your information.  Currently, we do not sell your information.  Some people consider our use of Cookies as a means of selling information.  You always have a right to opt out of our use of Cookies.  Please see our description of our use of Cookies in this Privacy Policy.  However, you may also call us or send an email to enforce your rights to Opt Out of our use of Cookies.

Exercising Your California CCPA Rights

In order to enforce any of the foregoing Right to Know, Right to Delete, Right to Access, Right to Opt Out or Right to Data Portability you may contact us in one of the following two ways:

By sending an email:

 “Your California Privacy Rights” to the email address: hello@getexuma.com

or you may send a letter by US Mail to: 

Exuma Wellness

Attn: Legal

2046 Hillhurst Ave #130

Los Angeles, CA 90027

Email: hello@getexuma.com

Only you may make a verifiable consumer request related to your Right to Know, Delete, Access, Opt Out or Data Portability set forth above.  In order to verify your request we will need you to provide at a minimum: 

-Your full name

-Street Address, City, State and Zip Code

-Email Address

This information will allow us to verify your identity  by confirming that you are the person about whom we collected personal information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We will not share the information you submit with anyone and we will not use it for any other purpose other than verifying your identity.

Once we have verified your identity we will keep a record of the request only for purposes of complying with our obligations under the CCPA and for no other purpose.  

We will not be able to respond to your request if we are unable to locate your personal information on our systems due to typos, misinformation or if we are unable to verify your identity.  If you are requesting sensitive personal information such as credit card information, financial data or other such information then we may require additional procedures to verify your identity by means of a sworn declaration or other confirming method in our discretion as required under the CCPA.

We will generally confirm receipt of a verifiable consumer request within 10 business days and provide information about how we will process the request. Generally, we will respond to your request, free of charge, within 45 days of its receipt. However, if we require additional time to evaluate and fulfill your request, we will inform you of the reason and extension period (up to 90 days); in writing, within the initial 45-day period. 

If a disclosure of your personal information is provided, it will only cover a period of 12 months preceding the date we receive your verifiable consumer request. For requests related to your Right to Data Portability we will select a format to provide your personal information that is readily useable and should allow you to transmit the information without hindrance, specifically by electronic mail communication.  If applicable, the response we provide to you will explain the reasons we cannot fulfill your request.

We do not charge a fee to process or respond to your verifiable consumer request unless it is unfounded, excessive, or repetitive. If we determine that your request warrants a reasonable fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. We are not required to provide personal information to a consumer more than twice in a 12-month period.

Authorized Agents:

If you are an Authorized Agent as defined in the CCPA we may require you to submit a declaration that you are an Authorized Agent that represents a particular California resident prior to responding to your requests.  We may also request that you submit a declaration from the represented California resident designating you as an Authorized Agent to make requests on there behalf.  

Non-Discrimination:

We will not discriminate against you because you exercise your rights. For example, Exuma will not deny you goods or services or deny or limit your access to the website.  

CALIFORNIA SHINE THE LIGHT

If you are a California resident and have an established business relationship with us, you can request a notice disclosing the categories of personal information we have shared with third parties, for the third parties’ direct marketing purposes, during the preceding calendar year. To request a notice, please submit your request to:

Exuma Wellness

Attn: Legal

2046 Hillhurst Ave #130

Los Angeles, CA 90027

Email: hello@getexuma.com