OnlyYOU® AUTISM Privacy and Security Policies
Privacy Statements/ HIPAA Guidelines
Our Commitment to Privacy
OnlyYOU® AUTISM also follows the online Privacy Guidelines and the Guidelines on Ethical Business Practice of The Direct Marketing Association (DMA). For more information on these guidelines, visit the DMA at http://the-dma.org/
What Personally Identifiable Information is Collected on this Site?
When you visit our website, you may provide us with personal information (such as name, address, e-mail address, telephone numbers and credit card information that you knowingly choose to disclose, which is collected on an individual basis for various purposes. These purposes include registering to place orders for our Pharmacogenomics (PGx) lab tests to receive data or other materials, requesting further information from us about projects and services, making requests, submitting a form on our website, or simply asking a question. We receive and store all information you enter on our website or give us in any other way. We ask for personal information and or company information so that we can fulfill your requests. This information is retained and used in accordance with existing laws, rules, regulations, and other policies. OnlyYOU® does not collect personal information from your company or individuals, unless you provide it to us. If you choose not to provide any of that information, we may not be able to fulfill your request or complete your order, but you will still be free to browse the other sections of the websites owned and administered by OnlyYOU® AUTISM and OnlyYOU® Genomics Testing II LLC. This means that you can visit our site(s) without telling us who you are or revealing any personally identifiable information about yourself.
The Way We Use Information
When you supply information about yourself for a specific purpose, we use the information only for that purpose (such as to provide the service or information you have requested). For example, you may be asked to give us individual information to place and pay for an order for our services, receive information, or to apply for a job. Similarly, we use information you provide about you, your company, or yourself or someone else when requesting information, data, placing order only to ship the lab test kits and to confirm delivery, etc. We do not share this information with outside parties except to the extent necessary to complete your request or action.
You can register with our website if you would like to receive updates on our new projects and services. Information you submit on our website will not be used for this purpose unless you fill out the account registration form. We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties.
OnlyYOU® AUTISM does not sell, rent, give-away or share e-mail addresses with outside sources.
Should any material changes be made to the ways in which we use company or personally identifiable information, OY will take commercially reasonable measures to obtain e-mail consent from you. We will also post the changes to our use of personally identifiable information on our site at least 30 days prior to a change.
Our Commitment to Data Security
Personally identifiable information is stored on our encrypted server and is not publicly accessible. Further, corporate or personally identifiable information is only accessed by OY personnel on a “need to know” basis. To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online. Additionally, sensitive data such as credit card numbers are encrypted using SSL and other industry standard measures such as PCI compliance, to provide additional levels of security.
OnlyYOU® AUTISM operates within the guidelines and requirements of the Health Insurance Portability and Accountability Act (HIPAA). We are committed to comply with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Electronic Transaction standards. We have implemented policies, processes and procedures designed to ensure compliance with Federal and State information security laws, regulations, and rules. OnlyYOU® AUTISM provides a Secure File Transfer protocol, a secure method for communicating PHI (Patient Health Information) electronically to our clients. Clients wishing to receive PHI through the Internet can establish their personal compliant account on our website.
Choice/Opt-Out If you have registered to receive e-mail communications from us and later change your mind, you may contact us to have your name removed from our distribution lists. You have the following option to do this: You can send an e-mail to: [firstname.lastname@example.org]
Correct/Update If you would like to verify the data we have received from you or to make corrections to it, you may change your account information on our website.
What Anonymous Information is Collected on this Site? Anonymous information is collected for every visitor to this site. This includes pages viewed, date and time, and browser type. IP numbers are not stored, but are temporarily used to determine domain type and in some cases, geographic region. We do not make any association between this information and a visitor’s identity.
When you visit our website, our servers make a log of basic information corresponding to the sites and pages you have visited. This information is stored primarily to track the effectiveness of our website and individual sections and pages within them.
Cookies—How we may use these
Online Registration Information You choose to provide us with information about yourself when you register for our services. This information is not used for any other purpose than to fulfill your request and is not shared with outside parties. However, visitors should be aware that information collected through our web site may be subject to examination and inspection if such information is a public record or not otherwise protected from disclosure.
We use e-mail links located on this site to allow you to contact us directly via e-mail. We use the information provided in your e-mail to respond to your questions or comments. We may also store your comments for future reference.
Changes to this Privacy Statement
We may disclose personal information when required by law or in the good-faith belief that such action is necessary in order to conform to the edicts of the law or comply with legal process.
For More Information
If you have any questions, concerns or comments about privacy at our website, please send us a description of your concern via e-mail to email@example.com.
EU/EEA Residents: Data Subject Rights under the GDPR May 25, 2018
INTERNATIONAL DATA TRANSFERS:
- We may share your personal data within OnlyYOU® Autism and OnlyYOU® Genomics Testing LLC group of companies. This will involve transferring your data outside the European Economic Area (EEA).
- Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
- If you are located outside United States and choose to provide information to us, please note that we store the data, including Personal Data, in the United States and process it there. Information may also be stored internationally via our business relationship and web servers utilizing Amazon Web Services.
- We ensure your personal data is protected by requiring all our group companies to follow the same rules when processing your personal data. These rules are called “binding corporate rules”.
- Some of our external third parties are based outside the European Economic Area so their processing of your personal data will involve a transfer of data outside the EEA.
- Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring the following safeguard is implemented: Where we use certain service providers, we will use specific guidelines approved by the European Commission which give personal data the same protection it has in Europe.
- Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Non-U.S. Website Users: Rights Requests:
- Upon request, we will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please contact us emailing firstname.lastname@example.org. When you make a request we may ask you for information in order to verify your request, including your email address that may have been provided to us.
- You may also access, correct, or request deletion of your personal information by contacting us through the above options. We will respond to these requests within a reasonable timeframe.
- Subject to applicable law, we may retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements. We may not remove your Personal Information when there is a legal storage requirement, such as accounting rules or when there are other legal grounds to keep the data, such as an ongoing contractual relationship. 4.You may sign-up to receive newsletter or other communications from us. If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you.
- EU/EEA Residents: Data Subject Rights under the GDPR: Grants individuals who are in the European Union and European Economic Area (EU/EEA) the following rights, with some limitations. Users may contact us, at the address provided in the “How to Contact us” section, to exercise any of those rights and we will respond with the requested action or information, or we will let you know why that right does not apply to you.
- Right Not to Provide Consent or to Withdraw Consent: We may seek to rely on your consent in order to process certain personal data. Where we do so, you have the right not to provide your consent, and the right to withdraw your consent at any time. If you withdraw your consent, this will not affect the lawfulness of the processing c Right of Access: You have the right to obtain confirmation as to whether or not we collect or process personal data concerning you and, if this is the case, you have the right to request a copy of such personal data in digital format.
- Right of Rectification: You have the right to require that we correct any inaccurate personal data concerning you, and that we complete incomplete personal data. 8.Right of Erasure: In certain circumstances, you have the right to request that we erase personal data concerning you; for example, if it is no longer necessary for the purposes for which it was originally collected. 9.Right to Restrict Processing: In certain circumstances, you have the right to request that we restrict the processing of the personal data that we have collected about you; for example, where you believe that the personal data held about you is not accurate or lawfully held.
- Right to Data Portability: In certain circumstances, you have the right to receive the personal data concerning you that you have provided us in a structured, commonly used, machine readable format, and the right to obtain that we transmit the data to another entity where technically feasible.
- Right to Object to the Processing: In certain circumstances, you may have the right to request that we stop processing your personal data.
- Right to Object to the Processing for Direct Marketing Purposes: You have the right to request that we stop sending you marketing communications. You can do this by selecting “Unsubscribe” on any email or contacting us (see “Contact Us” section).
- Right Not to be Subject to Decisions Based Solely on Automated Processing that Produce Legal Effects: In certain circumstances, you have the right no to be subject to a decision based solely on automated processing – including profiling – that produces legal effects or similarly affects you.
- Right to Complain to a Supervisory Authority: You have the right to lodge complaint with a supervisory authority if you believe that our processing of personal data relating to you infringes the GDPR.
This website is for information purposes only. By providing the information contained herein we are not diagnosing, treating, curing, mitigating, or preventing any type of disease or medical condition. We explicitly do not endorse any products, services or organizations shown on our website. Before beginning any type of treatment or clinical treatment, it is highly advisable to seek the advice of a licensed healthcare professional. This information is intended to be patient education, does not create any patient-physician relationship, and should not be used as a substitute for professional diagnosis and treatment