WINONA, INC. PRIVACY POLICY
(for Users)
Effective Date: 07.11.2021
Thank you for visiting Winona, Inc. (“Winona”) website https://bywinona.com/ (the “Site”), contacting Winona, and/or using any Winona mobile and online applications or services (the “Services”). This Privacy Policy is intended to describe how Winona handles information that you provide, or that we learn about the individuals who: visit our website, use our Services, contact us by mail, email or telephone or in person, or who provide us with information through any other means. We recommend that you carefully review this notice before providing us with any information. By accessing and using this Site or the Services, you agree to this Privacy Policy and our Terms of Service.
BY VISITING OR USING THE SERVICES, YOU EXPRESSLY CONSENT TO THE PROCESSING OF YOUR PERSONAL INFORMATION ACCORDING TO THIS PRIVACY POLICY. IF YOU DO NOT AGREE WITH OUR POLICIES AND PRACTICES, YOUR CHOICE IS TO NOT USE THE SERVICES. THE SERVICES ARE INTENDED FOR USERS LOCATED IN THE UNITED STATES AND YOUR INFORMATION WILL BE PROCESSED AND STORED IN THE UNITED STATES. WE MAKE NO REPRESENTATION THAT THE SERVICES ARE APPROPRIATE OR AVAILABLE FOR USE OUTSIDE THE UNITED STATES. ACCESS TO THE SERVICES FROM COUNTRIES OR TERRITORIES OR BY INDIVIDUALS WHERE SUCH ACCESS IS ILLEGAL IS PROHIBITED. THE SERVICES MAY ONLY BE USED WITHIN CERTAIN STATES WITHIN THE UNITED STATES AS DESCRIBED IN OUR TERMS OF SERVICE.
WINONA IS NOT A MEDICAL PROVIDER. WINONA CONNECTS USERS WITH MEDICAL PROVIDERS WHO PROVIDE MEDICAL CONSULTATIONS AND PHARMACIES THAT FILL PRESCRIPTIONS ISSUED BY THE MEDICAL PROVIDERS. THE MEDICAL PROVIDERS INCLUDE WINONA MEDICAL OF CALIFORNIA, INC, (“MEDICAL PRACTICE”) AN INDEPENDENT MEDICAL GROUP WITH A NETWORK OF MEDICAL PROVIDERS (EACH, A “PHYSICIAN”). WINONA IS NOT RESPONSIBLE FOR THE USE OR DISCLOSURE OF YOUR INFORMATION BY PHYSICIANS.
We Do Not Sell Your Personal Information
Winona does not, to the best of our knowledge, sell or rent personal information that we have collected or retained about you to any other third-party for any purpose. Accordingly, we do not offer individuals the ability to “opt-out” of the selling or renting of personal information because we do not engage in those practices.
Children’s Privacy
The Winona website and Services are not intended for children under the age of 18 years, and Winona does not knowingly collect any information from children under 18 years old through its website. If the parent or guardian of a child under 18 believes that the child has provided us with any information, the parent or guardian of that child should contact us if they want this information deleted from our files. If Winona obtains knowledge from any source that it has information about a child under 18 in retrievable form in its files, we will delete that information from our existing files.
What Information Does Winona Collect and How Is It Used?
Registration Information
Winona will only collect personal information that you voluntarily provide to us or our service providers. When you register to use the services, we may collect information from you that includes, among other things, your name, mailing address, birthdate, e-mail address, telephone number, image of your photo ID and the information contained thereon, and your interest in specific types of products and/or services. You may also voluntarily provide us with personal information when you contact us with a question or comment or otherwise interact with the Services.
Health Information
When you use the Services to request access to products offered for sale on the Services, you may provide us with additional information related to your general health, medical history, symptoms, pre existing conditions or other information that you may consider sensitive (“Health Information”). We collect this information for the Winona healthcare professional to use for consultation and treatment, and to coordinate the sale and dispensing of prescription medications by our affiliated pharmacies. You must truthfully, accurately, and thoroughly answer all of the health questions presented to you in order for the physicians reviewing your case to make an accurate assessment of the suitability of treatment options.
Winona is not a “covered entity” under the Health Insurance Portability and Accountability Act of 1996, and its related regulations (“HIPAA”). The medical professionals and pharmacies who provide services to you may or may not be covered entities under HIPAA. Click here for the Notice of Privacy Practices adopted by the Medical Practice, and the Notice of Privacy Practices adopted by the Pharmacies, that describe how the Medical Practice and Pharmacies use and disclose your Health Information. Winona is not responsible for the privacy, information or practices of third parties, including the Physicians. Winona may be considered a “business associate” of Medical Practice and our affiliated pharmacies. If we are considered a “business associate,” then we will protect your Health Information and disclose it only in accordance with HIPAA. However, we may use and disclose any information that does not constitute Health Information in any manner permitted under this Privacy Policy. This includes, for example, any information you provide to Winona in order to register and set up an account. In addition, Health Information does not include information that has been de-identified in accordance with applicable laws.
We may collect your medical information on behalf of the Medical Practice and Pharmacies which may include:
Health and medical information that you submit for diagnosis and treatment purposes, including any information in a questionnaire,
Images or videos that you share for diagnosis or treatment purposes,
Communications with the Physicians.
In addition to information that we collect directly from you, we may also collect information from the Medical Practice and/or Pharmacies who provide treatment and other services to you in connection with the Services and enter your medical information in the electronic medical record provided to them on the Website. This information may include diagnoses and treatment plans (including prescription details).
Winona and/or Medical Practice may de-identify your information so that it is no longer considered protected health information. Winona may disclose, aggregate, sell, or otherwise disclose such de-identified information to third parties for analytics, research, or other purposes.
Purchase Information
Winona uses “Stripe,” a secure payment provider, to process your payments if you use the Services to make a purchase. Your payment information is subject to the privacy policy and terms of use of Stripe. We recommend you review these policies before uploading any credit card information. Stripe does not have access to your credit card information and does not store this information on our servers.
Non-Personal Information
Like most website operators, Winona collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request when visitors use the Services. Winona’s purpose in collecting non-personally identifying information is to better understand how Winona’s visitors use the Services. From time to time, Winona may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its Services. Winona also collects potentially personally-identifying information like Internet Protocol (IP) addresses and may collect statistics about the behavior of visitors to the Services. For instance, Winona may monitor the Services to help identify spam. We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking).
In addition to log data, we may also collect information about the device you’re using to access the Services, including the type of device, the operating system, device settings, device identifiers and crash data. Whether we collect some or all of this information often depends on what type of device you’re using and its settings. To learn more about the information your device makes available to us, please review the policies of your device manufacturer or software provider.
We do not collect personal information automatically, but we may tie this information to personal information about you that we collect from other sources or you provide to us.
In addition, we may use third party services such as Google Analytics that collect, monitor and analyze this type of information in order to increase the Services’ functionality. These third-party service providers have their own privacy policies addressing how they use such information.
How we use your information
We use the information we collect to provide you full access and functionality of the Services. Accordingly, your information may be used for the following purposes: (i) to provide and improve our services, features and content; (ii) to administer your use of our services and accounts; (iii) to enable users to enjoy and easily navigate the Services; (iv) to better understand your needs and interests; (v) to fulfill requests or to respond to questions or comments you may make; (vi) to personalize your experience; (vii) to provide you with announcements, notifications and advertisements related to your interests and use of the Services and other communications such as electronic newsletters, promotional emails or similar messaging; (viii) to provide service announcements; (ix) to protect against users seeking to hack into the Services; (x) to assess the level of general interest in the Services; (xi) for any other purpose with your consent.
Unless the information is fully anonymized and cannot be used to identify you as an individual, we will only use Health Information as reasonably necessary to provide you with services you directly request.
With Whom Do We Share Your Information?
Personal Information
In order to provide you with access to the Services, certain third parties that perform services for Winona, such as hosting, analytical, data management or other similar services or are otherwise acting on our behalf (“Service Providers”) may have access to your personal information, including your Health Information. Service Providers are authorized to use your information only to perform the service for which they are hired and may not share your information with any third parties. They are required to abide by the terms of our Privacy Policy including taking reasonable measures to ensure your personal information is secure. On occasion, we contract with trusted third-party providers who would receive your personal information or Health Information and conduct anonymized aggregate analyses of the data. Through our contractual arrangements, we require our contracting partners to maintain adequate security of personal information provided to them. We do not permit such third parties to sell your personal information to other third parties.
Other Ways We May Share your Personal Information
We may share the information you provide Winona, including your personal information and Health Information with the medical professionals and pharmacies that provide services to you to enable them to continue providing services to you via the Services.
We may disclose non-personally identifiable aggregated information about our users without restriction.
Other than to our employees, contractors and affiliated organizations or as described above, we disclose personally-identifying only when required to do so by law, or when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Winona, third parties or the public at large. If you send us a request (for example via chat, a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users.
In addition, in some cases we may choose to buy or sell assets. In these types of transactions, user information is typically one of the business assets that is transferred. Moreover, if Winona or substantially all of its assets were acquired, or in the unlikely event that Winona goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Winona may continue to use your personal and non-personal information only as set forth in this policy. Otherwise, we will not rent or sell potentially personally-identifying and personally-identifying information to anyone.
We may also disclose your personally-identifying information if you expressly consent to the disclosure.
Security
We are committed to protecting your Personal Information and Health Information. We regularly test our facilities and use a variety of security technologies and procedures to help protect your information from unauthorized access, use or disclosure.
Our Data Retention Criteria
The period during which we store your personal information varies depending on the purpose for the processing. For example, we store personal information needed to provide you with products and services, or to facilitate transactions you have requested, for so long as you are a customer of Winona. We store your personal information for our marketing purposes until you have opted-out of receiving further direct marketing communications in accordance with applicable law. In all other cases, we store your personal information for as long as is needed to fulfill the purposes outlined in this Privacy Policy, following which time it is either anonymized (where permitted by applicable law), deleted or destroyed. The medical providers may dispose of or delete any such information except as set forth in any other agreement or document executed by the medical providers or as required by law.
Our Use of Cookies and Analytical Tools
Cookies are text files containing small amounts of information which are downloaded to your hard disk or to your browser's memory when you visit one of our Sites. Cookies are useful because they help arrange the content and layout of our Sites and allow us to recognize those computers or other devices that have been to our Sites before. Winona does not permit third parties or third-party cookies to access any communications that you have with medical providers or medical information that you submit to medical providers for diagnosis and treatment purposes. Cookies do many different jobs, such as allowing our Sites to remember your preference settings and helping us to enhance the usability and performance of our Sites and your experience using them. Our Sites also may contain electronic images known as web beacons – sometimes called single-pixel gifs – that allow us to count the number of users who have visited specific pages. We may also include web beacons in promotional e-mail messages or newsletters in order to determine whether messages have been opened and acted upon. The type of cookie or similar technology that may be used on our Sites can be categorized as follows: Strictly Necessary, Performance, Functionality & Profile, and Advertising.
Strictly Necessary Cookies. These cookies are essential for basic functionalities of the Site, and they enable you to move around our Sites and use their features, particularly in connection with information searches and order placement. Without these cookies, services you have asked for cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet. Examples of strictly necessary cookies are a shopping basket cookie, which is used to remember the products that you wish to purchase when you add products to your shopping basket or proceed to checkout, a login/ authentication cookie which allows and manages your login to the Site and identifies you after logging in for a single session, a session cookie which is required to carry out the data transmission and provide the Site to you, a security cookie that detects repeat failed login attempts or similar abuses of the Sites. These types of cookies are regularly stored only as long as required for their purpose.
Performance Cookies. These cookies collect information about how you use our Sites, for example which pages you go to most often and if you get any error messages from certain pages. These cookies collect information that is used to improve how our Sites work. Without these cookies we cannot learn how our Sites are performing and make relevant improvements that could better your browsing experience. Examples of performance cookies that our Sites use include cookies from Google and Adobe Analytics (see further discussion below).
Functionality & Profile Cookies. These cookies allow our Sites to store information that you provide, such as preferences, and to store technical information useful for your interactions with our Sites. For instance, they remember your user ID and elements of your user profile. They also ensure that your experience using the Sites is relevant to you. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. These cookies will not be used to track your browsing activity on other websites. Without these cookies, a website cannot remember choices you have previously made or personalize your browsing experience. For example, we use a cookie to store your language preferences, which allows us to present you with product search results in the correct language, and we use a cookie to store your choice about the appearance of the cookie information banner that we display on our Sites. This cookie will help us remember your choice about the appearance of the cookie information banner when you subsequently visit the same site where you made your choice about the banner and any other Winona sites with the same domain or the same top-level domain.
Advertising Cookies and Similar Technologies. These cookies or similar technologies may be used to deliver advertisements that are more relevant to you and your interests. They may also be used to limit the times you see an advertisement as well as help to measure the effectiveness of the advertising campaign. These cookies may track your visits to other websites. Without these cookies or other technologies, online advertisements you encounter will be less relevant to you and your interests.
Setting your cookie preference
You can usually modify your browser settings to decline cookies and you can withdraw your consent at any time by modifying the settings of your browser to reject or disable cookies or by opting out of specific cookies through the opt-out options shared below. If you choose to decline cookies altogether, you may not be able to fully experience the features of the Sites that you visit.
Our use of web analytics
We use different analytic tools which serve the purpose of measuring, analyzing and optimizing our marketing measures and provide you with customized advertisements that could be of particular interest to you. In particular, we use the following tools:
Google Analytics uses cookies which enable an analysis of your use of the Sites. The information collected (IP address, browsing activities and other data linked to your usage of the Sites) is usually transferred to a Google server in the USA and stored there. You can prevent Google Analytics from recognizing you on return visits to the Sites by disabling cookies on your browser. To see how you can opt-out of certain Google features, visit: Google Analytics Opt Out Link.
Facebook Pixels allow user behavior to be tracked after they have been redirected to our website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. Facebook may link his information in your Facebook account and use it for its own promotional purposes.
Mixpanel analyzes customer-driven event data and creates funnel reports so we can better understand how our users interact with the Services.
Segment collects user events from the Services and provides a data toolkit to allow us to use the data more efficiently.
Your Rights and Responsibilities
You are permitted, and hereby agree, to only provide personal information to Winona if such personal information is accurate, reliable, and relevant to our relationship and only to the extent such disclosure will not violate any applicable data protection law, statute, or regulation.
You may have certain rights under applicable data protection law with respect to personal information about you that is collected through the Sites or when you contact or otherwise engage with us. To exercise any of these data privacy rights, please contact us, or have your authorized agent contact us, in accordance with the “Contact Us” section listed below. In the event you submit, or your authorized agent submits on your behalf, a data request, you (and your authorized agent) hereby acknowledge and agree, under penalty of perjury, that you are (or the authorized agent of) the consumer whose personal information is the subject of the request. We will respond to any data requests within the timeframes required by law, and we may charge a fee to facilitate your request where permitted by law.
Marketing. You have the right to opt-out of receiving electronic direct marketing communications from us. All electronic direct marketing communications that you may receive from us, such as email messages, will give you an option of not receiving such communications from us in the future.
California Privacy Rights. California Civil Code Section § 1798.83 permits users of the Sites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. Pursuant to the California Consumer Privacy Act of 2018, as amended (“CCPA”), California residents may have certain data privacy rights, such as the right to be notified about what personal information categories are collected about you, and our intended use and purpose for collecting your personal information. You may have the right to request access to your personal information and, to the extent feasible, request that it be transmitted in certain forms and formats. You may have the right to request that we (and any applicable service provider) delete your personal information. You have the right not to be subject to discrimination for asserting your rights under the CCPA. If you make, or an authorized agent on your behalf makes, any request related to your personal information, Winona will ascertain your identity to the degree of certainty required under the CCPA before addressing your request. Winona may require you to match at least three pieces of personal information we have previously collected from you before granting you access or otherwise responding to your request.
Do Not Track. Some web browsers may transmit “do-not-track” signals to the Sites with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals.
European Union (EU) Privacy Disclaimer
Winona processes personal information in accordance with the legal bases set forth in the EU General Data Protection Regulation (GDPR) or EU Member State law. For example, our processing of Personal Data on individuals (as described above) is justified based on statutory provisions that (1) processing is based on the consent; (2) processing is necessary for Winona’s legitimate interests as set out herein; and (3) processing is necessary for the performance of a contract to which you are a party. If you are in the EU or afforded protection under the GDPR, you may have certain rights with respect to the Personal Data. To the extent permitted by applicable data protection laws, you may access the Personal Data we hold about you; request that inaccurate, outdated, or no longer necessary information be corrected, erased, or restricted; and, request that we provide your Personal Data in a format that allows you to transfer it to another service provider. You also may withdraw your consent at any time where we are relying on your consent for the processing of your Personal Data. You may object to our processing of your Personal Data where that processing is based on our legitimate interest. You have the right to lodge a complaint with your competent data protection authority. If you wish to exercise any of these rights, please contact us in accordance with the instructions provided below.
Nevada Privacy Disclaimer
Pursuant to Nevada law, a Nevada “consumer” (as the term is defined therein), may, at any time, submit a verified request through a designated request address to an “operator” directing the operator not to make any sale of his or her personal information that the operator has collected or will collect about the consumer. For clarity purposes, Winona does not sell or exchange your personal information for monetary consideration to a third party for the third party to license or sell the information to additional persons or parties.
Links to Third-Party Websites
The Services may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
Changes to This Privacy Policy
We may occasionally update this Privacy Policy. When we do, we will revise the “last updated” date at the top of the Privacy Policy and take such additional steps as may be required by law. We recommend that you periodically review our Privacy Policy for updates.
Contact Us
If you have questions regarding this Privacy Policy, our handling of your personal information, or would like to request more information or exercise a data right, please contact us using the webpage at hello@bywinona.com or by telephone at (844) 929-1586.