IntroductionKYO© Health, Inc. and its subsidiaries ("KYO©" "we," or "us") owns and operates websites (the "Websites") located at www.kyorx.com and www.forhers.com and may have previously, now or in the future own and/or operate a KYO mobile application (collectively, the " Platform"). Your access and use of the Platform, any part thereof, or anything associated therewith, including its content ("Content"), any products or services provided through the Platform or otherwise by KYO©, and any affiliated website, software or application owned or operated by KYO© (collectively, including the Platform and the Content, the "Service") are subject to this Privacy Policy unless specifically stated otherwise. Capitalized terms not otherwise defined in this Privacy Policy have the same meaning as set forth in the KYO© Terms and Conditions ("Terms and Conditions").We are committed to respecting the privacy of users of the Service. We created this Privacy Policy ( "Privacy Policy" ) to tell you how KYO© collects, uses and discloses information in order to provide you with the Service.By creating, registering, or logging into an account through the Service, or otherwise accessing or using the Service, you are acknowledging the most recent version of this Privacy Policy. If we make any changes to our Privacy Policy, we will post the revised Privacy Policy and update the "Last updated" date of the Privacy Policy.If you are using the Service on behalf of an individual other than yourself, you represent that you are authorized by such individual to act on such individual's behalf and that such individual acknowledges the practices and policies outlined in this Privacy Policy.Limitations on Use by MinorsOur Service is generally intended for use by individuals who are at least eighteen (18) years of age or such older age as may be required by applicable state laws in the jurisdiction in which an individual utilizes the Service. Individuals who are between the ages of thirteen (13) and eighteen (18) (or such older age of majority) may use the Service for the sole purpose of obtaining a medical consultation for the treatment of acne using topical skincare products (to the extent made available) if a parent or legal guardian provides consent to such use in accordance with the requirements set forth in our Terms and Conditions and the Service. The Service is not designed or intended to attract, and is not directed to, children under thirteen (13) years of age. If we obtain actual knowledge that we have collected personal information through the Platform from a person under thirteen (13) years of age, we will use reasonable efforts to refrain from further using such personal information or maintaining it in retrievable form.Furthermore, if you are under sixteen (16) years of age, then you (or your parent or legal guardian if you are under age 13) may at any time request that we remove content or information about you that is posted on the Platform. Please submit any such request ("Request for Removal of Minor Information") to either of the following:
By mail: KYO RX., Attn: Privacy Officer, 750 N Saint Paul St. Suite 209Dallas TX 75201 United States with a subject line of "Removal of Minor Information. If you send by mail, please send by U.S. Certified Mail, Return Receipt Requested to allow for confirmation of mailing, delivery and tracking.
By email: contact@kyorx.com, with a subject line of "Removal of Minor Information"
By email: contact@kyorx.com, with a subject line of "Removal of Minor Information"
For each Request for Removal of Minor Information, please state "Removal of Minor Information" in the email or letter subject line, and clearly state the following in the body of the request:
The nature of your request
The identity of the content or information to be removed
The location of the content or information on the Platform (e.g. by providing the URL)
That the request is related to the "Removal of Minor Information"
Your name, street address, city, state, zip code and email address, and whether you prefer to receive a response to your request by mail or email
We will not accept any Request for Removal of Minor Information via telephone or facsimile. KYO© is not responsible for failing to comply with any Request for Removal of Minor Information that is incomplete, incorrectly labeled or incorrectly sent.Please note that we are not required to erase or otherwise eliminate, or enable erasure or elimination of such content or information in certain circumstances, such as, for example, when an international, federal, state, or local law, rule or regulation requires KYO© to maintain the content or information; when KYO© maintains the content or information on behalf of your Providers (as defined in our Terms and Conditions) as part of your electronic medical record; when the content or information is stored on or posted to the Site by a third party other than you (including any content or information posted by you that was stored, republished or reposted by the third party); when KYO© anonymizes the content or information, so that you cannot be individually identified; when you do not follow the aforementioned instructions for requesting the removal of the content or information; and when you have received compensation or other consideration for providing the content or information.The foregoing is a description of KYO©' voluntary practices concerning the collection of personal information through the Service from certain minors, and is not intended to be an admission that KYO© is subject to the Children's Online Privacy Protection Act, the Federal Trade Commission's Children's Online Privacy Protection Rule(s), or any similar international, federal, state, or local laws, rules, or regulations.Protected Health InformationWhen you set up an account with KYO©, you are creating a direct customer relationship with KYO© that enables you to access and/or utilize the various functions of the Platform and the Service as a user. As part of that relationship, you provide information to KYO©, including but not limited to, your name, email address, shipping address, phone number and certain transactional information, that we do not consider to be "protected health information" or "medical information".However, in using certain components of the Service, you may also provide certain health or medical information that may be protected under applicable laws. KYO© is not a "covered entity" under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its related regulations and amendments from time to time (collectively, " HIPAA"). One or more of the Labs, Pharmacies or Medical Groups (as defined in our Terms and Conditions) may or may not be a "covered entity" or "business associate" under HIPAA, and KYO© may in some cases be a "business associate" of a Pharmacy or Medical Group. It is important to note that HIPAA does not necessarily apply to an entity or person simply because there is health information involved, and HIPAA may not apply to your transactions or communications with KYO©, the Medical Groups, the Providers, the Labs, or the Pharmacies. To the extent KYO© is deemed a "business associate" however, and solely in its role as a business associate, KYO©, may be subject to certain provisions of HIPAA with respect to "protected health information," as defined under HIPAA, that you provide to KYO©, the Medical Group or the Providers (" PHI"). In addition, any medical or health information that you provide that is subject to specific protections under applicable state laws (collectively, with PHI, "Protected Information" ), will be used and disclosed only in accordance with such applicable laws. However, any information that does not constitute Protected Information under applicable laws may be used or disclosed in any manner permitted under this Privacy Policy. Protected Information does not include information that has been de-identified in accordance with applicable laws.The Medical Groups and Providers have adopted a Notice of Privacy Practices that describes how they use and disclose Protected Information. By accessing or using any part of the Service, you acknowledge receipt of the Notice of Privacy Practices from your Medical Group and Provider(s).By accessing or using any part of the Service, you understand that even if HIPAA does apply to KYO©, the Medical Groups, the Providers, the Labs, or the Pharmacies, any information that you submit to KYO© that is not intended and used solely for the provision of diagnosis and treatment by the Medical Group and Providers, laboratory services by the Labs or prescription fulfillment by the Pharmacies, is not considered Protected Information, and will only be subject to our Privacy Policy and any applicable state laws that govern the privacy and security of such information. For purposes of clarity, information you provide to KYO© in order to register and set up an account on the Platform, including name, username, email address, shipping address and phone number, are not considered Protected Information.Collection of Personal InformationThe personal data we collect depends on how you interact with us, the services you use, and the choices you make.We collect information about you from different sources and in various ways when you use our services, including information you provide directly, information collected automatically, information from third-party data sources, and data we infer or generate from other data.Information you provide directly. We collect personal data you provide to us. For example:
Name and contact information, such as your name, email address, phone number, and billing and physical addresses.
Demographic data, such as your gender, date of birth, and zip code.
Third-party website, network, platform, server and/or application information (e.g., Facebook, Twitter, Instagram)
Payment information, such as your credit card number, financial account information, and other payment details.
Content and files, such as photographs, videos, documents, and other files you upload to our Service. This includes email messages and other communications you send to us.
Government ID. We may collect government-issued identifiers such as driver’s license, passport number, and social security numbers.
Photographic or video images submitted for identification or non-diagnosis or treatment purposes, including photographs of your driver’s license or passport
Account access information. We collect information such as a username or account number in combination with a password, security or access code, or other credential that allows access to an account.
Sensitive demographic data. We collect information about racial or ethnic origin.
Contents of communications. We collect the contents of communications that you make via our Service.
Biometric information. We or our service providers may use biometric information to verify your identity prior to your use of our Service.
Health data. We collect and analyze information concerning your health.
Sexuality. We collect and analyze information about your sex life or sexual orientation.
Information we collect automatically. When you use our services, we collect some information automatically. For example:
Identifiers and device information. When you visit our websites, our web servers automatically log your Internet Protocol (IP) address and information about your device, including device identifiers (such as MAC address); device type; and your device’s operating system, browser, and other software including type, version, language, settings, and configuration. As further described in the “Cookies, Mobile IDs, and Similar Technologies” section below, our websites and online services store and retrieve cookie identifiers, mobile IDs, and other data.
Geolocation data. Depending on your device and app settings, we collect geolocation data when you use our apps or online services. This information may include precise geolocation data, meaning data derived from a device and that is used to locate you within a circle with a radius of 1,850 feet or less, which is considered a type of sensitive personal information.
Usage data. We automatically log your activity on our websites, apps and connected products, including the URL of the website from which you came to our sites, pages you viewed, how long you spent on a page, access times, and other details about your use of and actions on our website. In some instances, such usage data may be sensitive personal information if it relates to browsing activity on health-specific sites.
Information we create or generate. We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”). For example, we infer your general geographic location (such as city, state, and country) based on your IP address.
Information we obtain from third-party sources. We also obtain the types of information described above from third parties.
Uses and Disclosures of PHI
We may use and disclose your PHI for the following purposes:a. Treatment: We may use and disclose your PHI to provide, coordinate, or manage your healthcare and related services. This may include communication with other healthcare providers about your treatment and coordinating your care with other providers.b. Payment: We may use and disclose your PHI to obtain payment for healthcare services provided to you. This may include contacting your insurance company to verify your coverage, billing and collection activities, and sharing PHI with other healthcare providers, insurance companies, or collection agencies.c. Healthcare Operations: We may use and disclose your PHI for healthcare operations, including quality assessment, improvement activities, case management, accreditation, licensing, credentialing, and conducting or arranging for medical reviews, audits, or legal services.d. As Required by Law: We may use and disclose your PHI when required to do so by federal, state, or local law.e. Public Health and Safety: We may use and disclose your PHI to prevent or control disease, injury, or disability, to report child abuse or neglect, to report reactions to medications or problems with products, and to notify persons who may have been exposed to a communicable disease or may be at risk of spreading a disease or condition.f. Health Oversight Activities: We may disclose your PHI to health oversight agencies for activities authorized by law, such as audits, investigations, inspections, and licensure.g. Judicial and Administrative Proceedings: We may disclose your PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process.h. Law Enforcement: We may disclose your PHI for law enforcement purposes, such as to report certain types of wounds or injuries, or to comply with a court order, warrant, or other legal process.i. Research: We may use and disclose your PHI for research purposes when the research has been approved by an institutional review board and privacy protections are in place.j. Organ and Tissue Donation: If you are an organ donor, we may disclose your PHI to organizations that handle organ procurement, transplantation, or donation.k. Workers' Compensation: We may disclose your PHI for workers' compensation or similar programs that provide benefits for work-related injuries or illnesses.l. Military and Veterans: If you are a member of the armed forces, we may disclose your PHI as required by military authorities.m. Inmates: If you are an inmate, we may disclose your PHI to the correctional institution or law enforcement official having custody of you.Your Rights Regarding PHI
You have the following rights with respect to your PHI:a. Right to Inspect and Copy: You have the right to inspect and copy your PHI that we maintain, with certain exceptions. To request access, submit a written request to our Privacy Officer. We may charge a reasonable fee for the costs of copying, mailing, or other supplies associated with your request.b. Right to Amend: You have the right to request an amendment to your PHI if you believe it is incorrect or incomplete. To request an amendment, submit a written request to our Privacy Officer, specifying the information you believe is incorrect and why. We may deny your request if we believe the information is accurate and complete, or if we did not create the information.c. Right to an Accounting of Disclosures: You have the right to request an accounting of disclosures of your PHI made by us in the past six years, except for disclosures made for treatment, payment, or healthcare operations, and certain other disclosures. To request an accounting, submit a written request to our Privacy Officer.d. Right to Request Restrictions: You have the right to request a restriction on our use or disclosure of your PHI for treatment, payment, or healthcare operations. We are not required to agree to your request but will consider it. To request a restriction, submit a written request to our Privacy Officer, specifying the restriction you are requesting and to whom it applies.e. Right to Request Confidential Communications: You have the right to request that we communicate with you about your PHI in a certain way or at a certain location. To request confidential communications, submit a written request to our Privacy Officer, specifying how or where you wish to be contacted.f. Right to a Paper Copy of This Notice: You have the right to receive a paper copy of this Notice, even if you have agreed to receive it electronically. To obtain a paper copy of this Notice, contact our Privacy Officer.g. Right to be Notified of a Breach: You have the right to be notified in the event that we discover a breach of your PHI.Transmission of PHI
We are committed to protecting the privacy of your PHI and will ensure that any electronic transmission of PHI complies with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule (45 CFR 164). This includes the use of Secure-Socket Layer (SSL) or equivalent technology for the transmission of PHI, as well as adherence to all applicable security standards for online transmissions of PHI.Changes to This Notice
We reserve the right to change this Notice and the revised Notice will be effective for PHI we already have about you, as well as any information we receive in the future. We will post a copy of the current Notice in our office and on our website. The Notice will contain the effective date on the first page.Complaints
If you believe your privacy rights have been violated, you may file a complaint with our Privacy Officer or with the Secretary of the Department of Health and Human Services. You will not be retaliated against for filing a complaint.Contact Information
To exercise any of your rights, or if you have any questions about this Notice or our privacy practices, please contact our Privacy Officer at:
This Notice is provided in accordance with the Notice of Privacy Practices for Protected Health Information from the Department of Health and Human Services' Model and is applicable across all US states. Rights of Specific Jurisdictions within the US Certain states may have additional privacy protections that apply to your PHI. The following is an example of specific rights in the state of California. If you reside in a state with additional privacy protections, you may have additional rights related to your PHI.California Residents:
a. Right to Access: In addition to the rights described above, California residents have the right to request access to their PHI in a readily usable electronic format, as well as any additional information required by California law. To request access, submit a written request to our Privacy Officer.b. Right to Restrict Certain Disclosures: California residents have the right to request restrictions on certain disclosures of their PHI to health plans if they paid out-of-pocket for a specific healthcare item or service in full. To request such a restriction, submit a written request to our Privacy Officer.c. Confidentiality of Medical Information Act (CMIA): California residents are protected by the Confidentiality of Medical Information Act (CMIA), which provides additional privacy protections for medical information. We are required to comply with CMIA in addition to HIPAA.d. Marketing and Sale of PHI: California residents have the right to request that their PHI not be used for marketing purposes or sold to third parties without their authorization. To request a restriction on the use of your PHI for marketing or the sale of your PHI, submit a written request to our Privacy Officer.e. Minor's Rights: If you are a minor (under the age of 18), you have the right to request that certain information related to certain sensitive services, such as reproductive health, mental health, or substance use disorder treatment, not be disclosed to your parent or guardian without your consent. To request a restriction on the disclosure of such information, submit a written request to our Privacy Officer.If you reside in a state other than California, please consult your state's specific privacy laws for information about any additional rights you may have regarding your PHI. You may also contact our Privacy Officer for more information about your rights under specific state laws.KYO Privacy Policy: Notice of Privacy Practices for Protected Health Information (PHI) - State-Specific Provisions
In addition to the privacy practices described in our Notice of Privacy Practices for Protected Health Information, we comply with applicable state-specific privacy laws related to PHI.The following are examples of a few states with additional privacy protections:New York:
For residents of New York, we comply with the New York State Confidentiality of Information Law, which provides additional privacy protections for HIV-related information, mental health records, and genetic testing results. We will obtain written consent before disclosing such information, even for treatment, payment, or healthcare operations.Texas:
For residents of Texas, we comply with the Texas Medical Privacy Act, which offers privacy protections beyond HIPAA, including requiring consent for certain disclosures of PHI, additional safeguards for electronic PHI, and specific requirements for the destruction of PHI. We also adhere to Texas's specific privacy protections for mental health records and substance use treatment records.Florida:
For residents of Florida, we comply with Florida's privacy laws, which offer additional protections for mental health records, HIV/AIDS-related information, and substance abuse treatment records. We will obtain written consent before disclosing such information, even for treatment, payment, or healthcare operations. We also implement specific security measures to protect electronic PHI, as required by Florida law.Illinois:
For residents of Illinois, we comply with Illinois's specific privacy laws related to mental health records, HIV/AIDS-related information, and genetic testing results. We will obtain written consent before disclosing such information, even for treatment, payment, or healthcare operations. In addition, we will notify patients of any unauthorized access to their electronic PHI, as required by Illinois law.Massachusetts:
For residents of Massachusetts, we comply with Massachusetts's specific privacy laws related to mental health records, HIV/AIDS-related information, and genetic testing results. We will obtain written consent before disclosing such information, even for treatment, payment, or healthcare operations. We also implement specific security measures to protect electronic PHI, as required by Massachusetts law.California:
For residents of California, we comply with the Confidentiality of Medical Information Act (CMIA), as well as California's specific privacy laws related to marketing, sale of PHI, and minors' rights. We will obtain written consent before disclosing certain information and adhere to additional privacy protections, as required by California law.