PRIVACY POLICY

Last Updated: December 9, 2024

Thank you for visiting Winona, Inc. (“Winona”) website https://bywinona.com/ (the “Site”), contacting Winona, and/or using any Winona mobile and online applications or services (the “Services”). This Privacy Policy is intended to describe how Winona handles information that you provide, or that we learn about the individuals who: visit our website, use our Services, contact us by mail, email or telephone or in person, or who provide us with information through any other means. 

This Privacy Policy does not apply to personal information, including health information, used for diagnosis and provision of treatment that we collect on behalf of the medical providers and pharmacies who provide services to you through the Services. We handle this information in accordance with our agreements with those medical providers and pharmacies and applicable law.

IF YOU DO NOT AGREE WITH OUR POLICIES AND PRACTICES, YOUR CHOICE IS TO NOT USE THE SERVICES.  THE SERVICES ARE INTENDED FOR USERS LOCATED IN THE UNITED STATES AND YOUR INFORMATION WILL BE PROCESSED AND STORED IN THE UNITED STATES.  WE MAKE NO REPRESENTATION THAT THE SERVICES ARE APPROPRIATE OR AVAILABLE FOR USE OUTSIDE THE UNITED STATES.  ACCESS TO THE SERVICES FROM COUNTRIES OR TERRITORIES OR BY INDIVIDUALS WHERE SUCH ACCESS IS ILLEGAL IS PROHIBITED.  THE SERVICES MAY ONLY BE USED WITHIN CERTAIN STATES WITHIN THE UNITED STATES AS DESCRIBED IN OUR TERMS OF SERVICE.

WINONA IS NOT A MEDICAL PROVIDER.  WINONA CONNECTS USERS WITH MEDICAL PROVIDERS WHO PROVIDE MEDICAL CONSULTATIONS AND PHARMACIES THAT FILL PRESCRIPTIONS ISSUED BY THE MEDICAL PROVIDERS.  THE MEDICAL PROVIDERS INCLUDE WINONA MEDICAL OF CALIFORNIA, INC, (“MEDICAL PRACTICE”) AN INDEPENDENT MEDICAL GROUP WITH A NETWORK OF MEDICAL PROVIDERS (EACH, A “PHYSICIAN”).  WINONA IS NOT RESPONSIBLE FOR THE USE OR DISCLOSURE OF YOUR INFORMATION BY PHYSICIANS.  

Changes to This Privacy Policy

We may occasionally update this Privacy Policy. When we do, we will revise the “last updated” date at the top of the Privacy Policy. Any revised Privacy Policy will be effective when posted. We recommend that you periodically review our Privacy Policy for updates.

Children’s Privacy

The Winona website and Services are not intended for children under the age of 18 years, and Winona does not knowingly collect any information from children under 18 years old through its website. If the parent or guardian of a child under 18 believes that the child has provided us with any information, the parent or guardian of that child should contact us if they want this information deleted from our files. If Winona obtains knowledge from any source that it has information about a child under 18 in retrievable form in its files, we will delete that information from our existing files.

Sources of Personal Information

We may collect Personal information about you from the following sources:

• Directly from you. We may collect personal information you provide to us directly, such as when you contact us through our website; sign up for offers or newsletters; communicate with us; place or customize orders; or sign up for an account or other services.

• Data collected automatically and through tracking technologies. We may automatically collect information or inferences about you; such as through cookies and other tracking technologies, when you interact with our Services. This may include information about how you use and interact with our Services, information about your device, and internet usage information.  For more information about cookies and other tracking technologies, please see the “Our Use of Cookies and Analytical Tools” below.

• From third parties. We may collect personal information from third parties, such as service and content providers, our affiliated companies and subsidiaries, business partners, data brokers, social media companies or other parties who interact with us.

• From publicly available sources.  We may collect personal information about you from publicly available sources, such as public profiles and websites.

Personal Information We Collect

We may collect the following types of personal information:

• Identifiers, such as your name, email address, physical address, telephone number, other business contact information, and device identifiers (e.g., cookie IDs and IP address).

• Records about you, such as signatures; physical characteristics or a description of you; the content, timing, and method of communications you have with us, such as online chats, calls, and emails; and information you share with or upload to our Services.

• Demographic information, such as age (including birthdates) and gender.

• Commercial information, such as information related to your transactions; products or services purchased, obtained, or considered; subscription information; or other purchasing or consuming histories or tendencies.

• Internet or other electronic network activity information, such as your browsing history, search history, preference information (including marketing and purchasing preferences), account settings (including any default preferences), and other information regarding your interactions with and use of the Services. For more information about cookies and other device data, please see the “Cookies and Other Tracking Technologies” section of this Privacy Policy.

• Non-precise geolocation data, such as your approximate location based on your IP address.

• Audio, electronic, visual, or other sensory information, such as photographs taken at events, call recordings, and video recordings of our premises.

• Inferences drawn from any of the information we collect to create a profile about you reflecting your preferences or behavior, including to assess the level of interest in our products and services based on frequency of visits and contact and determine your preferred frequency for receiving offers.

• Sensitive personal information, including the following:

  • Account log-in information.

  • Information about your health.

  • Racial or ethnic origin

  • Information concerning your sexual orientation.

How we use your information

We may use personal information for the following purposes:

• To provide you or your company with products and services, such as making our Services, products, and services available to you; registering, verifying, and maintaining your account with us; providing and delivering you the goods and services you or the company that you represent requests; providing customer service; processing or fulfilling orders and transactions (including processing payments); verifying customer information and eligibility for certain programs or benefits; communicating with you (including soliciting feedback and responding to requests, complaints, and inquiries); hosting informational sessions; and providing similar services or otherwise facilitating your relationship with us.

• For our internal business purposes, such as day-to-day operation of our business; maintaining internal business records, such as accounting, document management, and similar activities; enforcing our policies and rules; management reporting; auditing; and IT security and administration.

• For our internal research and product improvement purposes, such as verifying and maintaining the quality and safety of our products and services; improving our products and services; designing new products and services; evaluating the effectiveness of our advertising and marketing efforts; and debugging and repairing errors with our systems, networks, and equipment.

• For legal, safety or security reasons, such as complying with legal, reporting, and similar requirements; investigating and responding to claims against us, our personnel, and our customers; for the establishment, exercise or defense of legal claims; protecting our, your, our customers’, and other third parties’ safety, property or rights; detecting, preventing, and responding to security incidents and health and safety issues (including managing the spread of communicable diseases); and protecting against malicious, deceptive, fraudulent, or illegal activity.

• In connection with a corporate transaction, such as if we acquire assets of another business or sell or transfer all or a portion of our business or assets, including through a sale in connection with bankruptcy and other forms of corporate change.

• For marketing, such as marketing our products or services or those of our affiliates, business partners, or other third parties. For example, we may use personal information we collect to personalize advertising to you (including by developing product, brand, or services audiences and identifying you across devices/sites); to analyze interactions with us or our Services, or to send you newsletters, surveys, questionnaires, promotions, or information about events or webinars. You can unsubscribe to our email marketing via the link in the email or by contacting us using the contact information at the end of this Privacy Policy.

We may use anonymized, de-identified, or aggregated information for any purpose permitted by law.

How We Disclose Your Personal Information

We may disclose personal information to third parties, including the categories of recipients described below:

• Affiliates and subsidiaries, including parent entities, corporate affiliates, subsidiaries, business units, and other companies that share common ownership.

• Medical professionals and pharmacies that provide services to you via the Services

• Service providers that work on our behalf to provide the products and services you request or support our relationship with you, such as IT providers, internet service providers, web hosting providers, data analytics providers, and companies that provide business support services, financial administration, or event organization.

• Professional consultants, such as accountants, lawyers, financial advisors, and audit firms.

• Vendors necessary to complete transactions you request, such as shipping companies and logistics providers.

• Law enforcement, government agencies, and other recipients for legal, security, or safety purposes, such as when we share information to comply with law or legal requirements, to enforce or apply our Terms of Use and other agreements or policies; and to protect ours, our customers’, or third parties' safety, property, or rights.

• Other entities in connection with a corporate transaction, such as if we acquire, or sell or transfer all or a portion of our business or assets including through a sale in connection with bankruptcy and other forms of corporate change.

• Business partners that may use personal information for their own purposes, such as:

  • Advertisers, ad platforms and networks, and social media platforms;

  • Third parties whose cookies and tracking tools we use as described in the Cookies and Other Tracking Technologies section of this Privacy Policy

  • Commercial data partners to whom we make information available for their own marketing purposes; and

  • Partners who work with us on promotional opportunities, including co-branded products and services.

Where required by law, we will obtain your consent prior to disclosing your personal information to our business partners. Where recipients use your personal information for their own purposes independently from us, we are not responsible for their privacy practices or personal data processing policies. You should consult the privacy notices of those third-party services for details on their practices.   

• The public, such as when you have an opportunity to make comments regarding us or our products that we may share with the public, including comments on our blog posts and reviews on our product pages. Any personal information in comments, reviews, or other content that you share in public areas of our Services may be read, collected, or used by other users or the public. 

• Entities to which you have consented to the disclosure.

Security

We are committed to protecting your personal information. We regularly test our facilities and use a variety of security technologies and procedures to help protect your  information from unauthorized access, use or disclosure. Although we maintain reasonable security safeguards, no security measures or communications over the Internet can be 100% secure, and we cannot guarantee the security of your information.

Our Data Retention Criteria

The period during which we store your personal information varies depending on the purpose for the processing. For example, we store personal information needed to provide you with products and services, or to facilitate transactions you have requested, for so long as you are a customer of Winona. We store your personal information for our marketing purposes until you have opted-out of receiving further direct marketing communications in accordance with applicable law. In all other cases, we store your personal information for as long as is needed to fulfill the purposes outlined in this Privacy Policy, following which time it is either anonymized (where permitted by applicable law), deleted or destroyed.  Once you have terminated your relationship with us, we may retain your personal information in our systems and records in order to ensure adequate fulfillment of surviving provisions in terminated contracts or for other legitimate business purposes, such as  to enable easier future user onboarding, demonstrate our business practices and contractual obligations, or provide you with information about our products and services in case of interest. 

Our Use of Cookies and Analytical Tools 

Our Services and authorized third parties use cookies and other tracking technologies to collect information about you, your device, and how you interact with our Services. This section contains additional information about: 

• The types of tracking technologies we use and the purposes for which we use them

• The types of information we collect using these technologies

• How we disclose or make information available to others

• Choices you may have regarding these technologies

Types of cookies and tracking technologies we use

We and the third parties that we authorize may use the following tracking technologies:

• Cookies, which are a type of technology that install a small amount of information on a user's computer or other device when they visit a website. Some cookies exist only during a single session and some are persistent over multiple sessions over time. 

• Pixels, web beacons, and tags, which are types of code or transparent graphics. In addition to the uses described below, these technologies provide analytical information about the user experience and help us customize our marketing activities. In contrast to cookies, which are stored on a user's computer hard drive, pixels, web beacons, and tags are embedded invisibly on web pages. 

• Session replay tools, which record your interactions with our Services, such as how you move throughout our Services and engage with our webforms. In addition to the uses described below, this information helps us improve our Services and identify and fix technical issues visitors may be having with our Services.

• Embedded scripts and SDKs, which allow us to build and integrate custom apps and experiences on our Services.

We use different analytic tools which serve the purpose of measuring, analyzing and optimizing our marketing measures and provide you with customized advertisements that could be of particular interest to you. For example, we use the following tools:

Google Analytics uses cookies which enable an analysis of your use of the Sites. The information collected (IP address, browsing activities and other data linked to your usage of the Sites) is usually transferred to a Google server in the USA and stored there.  You can prevent Google Analytics from recognizing you on return visits to the Sites by disabling cookies on your browser. To see how you can opt-out of certain Google features, visit: Google Analytics Opt Out Link.

Facebook Pixels allow user behavior to be tracked after they have been redirected to our website by clicking on a Facebook ad.  This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes.  Facebook may link his information in your Facebook account and use it for its own promotional purposes.   

Mixpanel analyzes customer-driven event data and creates funnel reports so we can better understand how our users interact with the Services.  

Segment collects user events from the Services and provides a data toolkit to allow us to use the data more efficiently.

Purposes for using these technologies

We and authorized third parties use these technologies for purposes including:

• Personalization, such as remembering language preferences and pages and products you have viewed in order to enhance and personalize your experience when you visit our Services; 

• Improving performance, such as maintaining and improving the performance of our Services; 

• Analytics, such as analyzing how our websites are used. 

• Advertising, such as conducting advertising and content personalization on our Services and those of third parties; tracking activity over time and across properties to develop a profile of your interests and advertise to you based on those interests (“interest-based advertising”); providing you with offers and online content that may be of interest to you; and measuring the effectiveness of advertising campaigns and our communications with you, including identifying how and when you engage with one of our emails; and

• Security, such as preventing fraud and malicious behavior.

Information collected

These tracking technologies collect data about you and your device, such as your IP address, location (both approximate and precise) cookie ID, device ID, Ad ID, operating system, browser used, browser history, search history, and information about how you interact with our Services (such as pages on our Services that you have viewed).

Disclosures of your information

We may disclose information to third parties or allow third parties to directly collect information using these technologies on our Services, such as social media companies, advertising networks, companies that provide analytics including ad tracking and reporting, security providers, and others that help us operate our business and Services.  

Your choices

Some of the third parties we work with participate with the Digital Advertising Alliance ("DAA") and Network Advertising Initiative ("NAI"). The DAA and NAI provide mechanisms for you to opt out of interest-based advertising performed by participating members at http://www.aboutads.info/choices/ and https://optout.networkadvertising.org/. We adhere to the DAA’s Self-Regulatory Principles for Online Behavioral Advertising. You may also click on the AboutAds icon on a Company advertisement and follow the instructions on how to opt out. 

You can also refuse or delete cookies using your browser settings. If you refuse or delete cookies, some of our Services’ functionality may be impaired. Please refer to your browser’s Help instructions to learn more about how to manage cookies and the use of other tracking technologies. If you change computers, devices, or browsers; use multiple computers, devices, or browsers; or delete your cookies, you may need to repeat this process for each computer, device, or browser. Opting out of interest-based advertising will not opt you out of all advertising, but rather only interest-based advertising from us or our agents or representatives. 

Do Not Track. Some web browsers may transmit “do-not-track” signals to the Sites with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals.

Email Marketing 

Marketing. You have the right to opt-out of receiving electronic direct marketing communications from us.  All electronic direct marketing communications that you may receive from us, such as email messages, will give you an option of not receiving such communications from us in the future.

Supplemental Information for Residents of California, Colorado, and Other U.S. States 

A. Data Subject Rights

Depending on our relationship with you and in which state you reside within the United States, you may have certain rights regarding Personal Data:

• Right to Know. You may have the right to request information about the categories of Personal Data we have collected about you, the categories of sources from which we collected the Personal Data, the purposes for collecting, selling, or sharing the Personal Data, and to whom we have disclosed your Personal Data and why. You may also request the specific pieces of Personal Data we have collected about you.

• Right to Delete. You may have the right to request that we delete Personal Data that we have collected from you.

• Right to Correct. You may have the right to request that we correct inaccurate Personal Data that we maintain about you.

• Right to Opt Out of Sales and Sharing for Targeted Advertising. You may have the right to opt out of (i) the sale or sharing of your Personal Data and (ii) targeted advertising.

• Right to Limit Use and Disclosure of Sensitive Personal Information. You have the right to limit the use and disclosure of Sensitive Personal Information.

You may exercise any of the rights available to you via our webform https://bywinona.com/contact, or by emailing us at hello@bywinona.com. 

In order to fully exercise the Right to Opt Out of Sales/Sharing/Targeted Advertising you must undertake both of the following steps:

1. Submit an Opt Out of Sales/Sharing/Targeted Advertising request through our webform https://bywinona.com/contact.

2. Disable the use of advertising cookies and other tracking technologies in the preference center here.  You must complete this step on each of our websites from each browser and on each device that you use.  These steps are necessary so that we can place a first-party cookie signaling that you have opted out on each browser and each device you use.  Please note:

   1. If you block cookies, we will be unable to comply with your request to opt out of sales/sharing/targeting with respect to device data that we automatically collect and disclose to third parties online using cookies, pixels, and other tracking technologies. 

   2. If you clear cookies, you will need to disable the use of all advertising cookies and tracking technologies in the preference center again on each browser on each device where you have cleared cookies. 

To the extent required by law, we will honor opt-out preference signals sent in a format commonly used and recognized by businesses, such as an HTTP header field or JavaScript object. We will process opt-out preference signals at the browser level.

We will not discriminate against you for exercising your privacy rights.

Nevada residents: Individuals may contact us at hello@bywinona.com to inquire about your right to opt out of the sale of your Personal Data.

Verification: In order to process rights requests, we may need to obtain information to locate you in our records or verify your identity depending on the nature of the request. In most cases we will collect some or all of the following data elements: first and last name, email address, and telephone number. In some cases, we may request different or additional information, including a signed declaration that you are who you say you are, and will inform you if we need such information. 

Authorized Agents: Authorized agents may exercise rights on behalf of you by submitting a request by email at hello@bywinona.com and indicating that they are submitting the request as an agent. We may require the agent to demonstrate authority to act on behalf of you by providing signed permission from you. We may also require you to verify your own identity directly with us or to directly confirm with us that you provided the authorized agent permission to submit the request.

Appeal: If we deny your rights request, you may have the right to appeal. To submit an appeal, contact us by email at hello@bywinona.com. We will inform you in writing our response to your appeal.

B. Additional Data Processing Disclosures for California Residents

In addition to the disclosures above, this section provides supplemental information about how we process Personal Data. These additional disclosures apply only to individuals who reside in California as required by the California Consumer Privacy Act (“CCPA”).

Disclosure of Personal Data

Although we have not "sold" Personal Data for money in the past 12 months, we engage in routine practices with our Digital Properties involving third parties that could be considered a "sale" or “sharing” as defined under California law. We do not knowingly sell or share any Personal Data of minors under the age of 16. 

Below please find a chart detailing the categories of Personal Data we collected and with whom it was sold, shared, or disclosed for a business purpose in the past 12 months.

California Shine the Light: If you are a California resident, you may opt out of sharing your Personal Data subject to California Civil Code §1798.83 (the “Shine the Light law”) with third parties for those third parties’ direct marketing purposes by emailing us at hello@bywinona.com. 

Links to Third-Party Websites

The Services may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party sites or services. 

Contact Us

If you have questions regarding this Privacy Policy, our handling of your personal information, or would like to request more information or exercise a data right, please contact us using the webpage at hello@bywinona.com or by telephone at (844) 929-1586.