Privacy Policy

Last Updated: Feb 11, 2026

Your privacy is very important to us. This Privacy Policy describes how Hiya Health Products LLC (“we”, “us” or “our”) collects and uses the personal information you provide to us on our website (https://hiyahealth.com) and all other websites, mobile sites, services, applications, platforms and tools where this Privacy Policy appears or is linked (collectively the “Site”). It also describes the choices available to you regarding our use of your personal information and how you can access and update this information. 

We will collect, use and disclose your personal information only with your knowledge and consent, except where permitted or as required by law or defined in this Privacy Policy. When we do so we are subject to various laws in the United States and the United Kingdom General Data Protection Regulation, and we are responsible as “controller” of that personal information for the purposes of those laws. We will not rent, sell, or otherwise distribute your personal information without your permission, unless otherwise defined in this Privacy Policy.

By creating an account, providing information to us (by any means, whether in correspondence, via our Site, or otherwise), or continuing to use our Site, you acknowledge that you have read, understood, and consent to be bound by this Privacy Policy. 

IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY OR OUR PRACTICES, YOU MAY NOT USE OUR SITE. THIS PRIVACY POLICY MAY CHANGE FROM TIME TO TIME AND YOUR CONTINUED USE OF OUR SITE CONSTITUTES YOUR ACCEPTANCE OF THOSE CHANGES. WE ENCOURAGE YOU TO REVIEW THIS PRIVACY POLICY PERIODICALLY.

HIPAA

The information provided on this Site is not intended to serve as medical or other professional advice and is not to be used for diagnosis or treatment of any condition or symptom. You acknowledge and agree that we are not covered by, and therefore are not compliant with, The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and related regulations. The HIPAA privacy rules apply to health plans, health care clearinghouses to any health care provider who transmits health information in electronic form in connection with transactions for which the Secretary of HHS has adopted standards under HIPAA (the “covered entities”) and their service providers (“business associates”). You understand and agree that we are not an entity that is covered by HIPAA and we are not a medical provider and do not make clinical, medical, or other decisions related to your healthcare and any information provided on this Site does not constitute the provision or practice of medical or professional health care advice or services. This means that the information that you provide to us is not protected by the HIPAA privacy rules and regulations. You acknowledge that the Site may not be appropriate for the storage or control of access to sensitive data, such as medical or health information and “protected health information” (also known as PHI) as defined under HIPAA. We specifically disclaim any representation or warranty that the Site, as offered, complies with HIPAA. We do not sign “business associate agreements” and you acknowledge that we are not a business associate, subcontractor, or agent of yours pursuant to HIPAA.

Personal Information We Collect

We collect personal information from you to provide an efficient, meaningful and customized experience for you on Site. We may collect and use the following personal information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”):

• Identifiers such as your real name, email address, mailing address and phone number (“Category A”);

• Information that identifies, relates to, describes, or is capable of being associated with you, including, but not limited to: name, email address, mailing address, phone number, credit or debit card number, billing address, and unique identifiers such as username, account number and password. (“Category B”);Commercial information such as product wish lists, order history, products and services considered, marketing preferences, and reminder and notification preferences (“Category D”); and

• Internet or other electronic network activity information such as browsing history, search history, IP address, time and date of visit, browser type, referring/exit pages and operating system, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement). We may log this information for system administration, order verification, internal marketing and system troubleshooting purposes (“Category F”).

This personal information is required to provide the Site to you. If you do not provide the personal information we ask for, it may delay or prevent us from providing the Site to you.

Cookies and Other Tracking Technologies

Cookies

Cookies are small text files of information stored by the Internet browser on your computer’s hard drive. We may use these cookies to collect browsing data to keep track of your preferences and profile information and to collect general usage and volume statistical information. Our cookies do not collect personal or confidential information and are not spyware. 

There are a number of different types of cookies, however our Site uses:

• Essential – These cookies are necessary to the core functionality of our Site and some of its features, such as access to secure areas.

• Performance and Functionality – These cookies are used to enhance the performance and functionality of our Site. For example, we may use these cookies so that we recognize you on our Site and remember your previously selected preferences. These could include what language you prefer and your geographic location. These cookies are nonessential to the use of our Site, however, without these cookies, certain functionality may become unavailable. A mix of first-party and third-party cookies are used.

• Advertising – These cookies are used to make advertising messages more relevant to you. They prevent the same ad from continuously reappearing, ensure that ads are properly displayed for advertisers, and in some cases select advertisements that are based on your interests. We sometimes share online data collected through these cookies with our advertising partners. This means that when you visit another Site, you may be shown advertising based on your browsing patterns on our Site.

• Analytics and Customization – We use these cookies and technologies to analyze how the Site is accessed, used, or performing in order to improve your user experience and to maintain, operate and continually improve the Site. For example, we use Google Analytics on the Site to collect: page url/page title and user browser/system information, which includes browser type, referrer, language, java/flash support, IP address, and ad-serving data. For information on how Google Analytics collects and processes data, visit www.google.com/policies/privacy/partners/. To opt-out of Google Analytics, visit Google’s “How you can control the information collected by Google on these sites and apps” article available here.

• Social Media – These are cookies used to connect our Site to a third-party social media platform. For example, these cookies enable you to share our Site’s content through third-party social networks and other websites. They remember your details after you sign in to a social media account from a website. These cookies may also be used for advertising purposes.

• Unclassified – These are cookies that have not yet been categorized. We are in the process of classifying these cookies with the help of their providers.

Web Beacons and Similar Tracking Technologies

Our Site uses web beacons, pixels, software development kits, and similar tracking technologies, along with cookies, to improve your website experience, compile aggregated statistics to analyze how our Site is used, and assist in our marketing efforts. These technologies may collect browsing activity, preferences, and personal information, and may be used in some of our emails to let us know which emails and links have been opened by recipients. This allows us to gauge the effectiveness of our customer communications and marketing campaigns. We use a third party to gather information about how you and others use our Site. For example, we will know how many users access a specific page and which links they clicked on. We use this aggregated information to understand and optimize how our Site is used.

Targeted Advertising

Targeted Advertising (also known as online behavioral advertising) uses information collected on an individual’s web browsing behavior such as the pages they have visited or the searches they have made. Third parties collect this information by placing or accessing cookies in your browser when you visit this Site, or other websites. If you would like to learn more about the third party advertisers that may be aware of the fact that you visit this Site, and to understand your choices about having such advertisers’ cookies turned off, please visit http://www.aboutads.info/choices/, http://www.youronlinechoices.com/, or www.networkadvertising.org.

How to Manage Cookies. 

You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our Site features may not function as a result. Essential cookies cannot be rejected, as they are strictly necessary to provide you with our Site.

How Your Personal Information is Collected.

We collect most of this personal information directly from you—in person, by telephone, text or email and/or via our Site. However, we may also collect information:

• From publicly accessible sources;

• Directly from a third party (e.g., SNS’);

• From a third party with your consent (e.g., your bank or credit card companies);

• From cookies on our Site; 

• Via our IT systems, including automated monitoring of our websites and other technical systems, such as our computer networks and connections, email and instant messaging systems if you talk to one of our chat bots or receive a text; and

• Survey responses, if applicable.

How and Why We Use Your Personal Information.

Under data protection laws, we can only use your personal information if we have a proper reason for doing so, e.g.:

• To comply with our legal and regulatory obligations;

• For the performance of our contract with you or to take steps at your request before entering into a contract;

• For our legitimate interests or those of a third party; or

• Where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

The list below explains what we use (process) your personal information for and our reasons for doing so. We use this information to:

• Fulfill your order, Send you an order confirmation, Send you requested product or service information- For the performance of our contract with you or to take steps at your request before entering into a contract;

• Respond to customer service requests, administer your account, respond to your questions and concerns - For the performance of our contract with you or to take steps at your request before entering into a contract, to comply with our legal and regulatory obligations, and for our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our customers about existing orders and new products;

• Send you a newsletter and other marketing communications, send product updates or warranty information, recommend products you may be interested in purchasing display content based upon your interests, send you reminders about your habits - For our legitimate interests or those of a third party, i.e. to promote our business to existing and former customers;

• Operational reasons, such as improving our Site and marketing efforts, improving efficiency, training and quality control - For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you at the best price;

• Conduct research and analysis to help us manage our business, e.g. in relation to our financial performance, customer base, product range or other efficiency measures - For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you at the best price;

• To prevent and detect fraud against you or our organization - For our legitimate interests or those of a third party, i.e. to minimize fraud that could be damaging for us and for you;

• Ensuring business policies are adhered to, e.g. policies covering security and internet use - For our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures so we can deliver the best service to you;

• Conducting checks to identify our customers and verify their identity and other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. under health and safety regulation or rules issued by a professional regulator - To comply with our legal and regulatory obligations.

We may also anonymize, aggregate or de-identify personal information so the end-product does not identify you or any other individual. Such aggregated, anonymized or de-identified information is not considered personal information for purposes of this Privacy Policy and we may use it for any purpose. For example, we may use this information to, among other things, generate norms by industry, geography, level, etc., enable us to understand where our products are being utilized, conduct ongoing validation studies, compile reports, and improve our Site and products. 

To review and update your personal information to ensure it is accurate, contact us at:  supportUK@hiyahealth.com.

Promotional Communications. 

We may use your personal information to send you updates (by email, text message, telephone or post) about our products, including exclusive offers, promotions or new products.

We have a legitimate interest in processing your personal information for promotional purposes (see above “How and why we use your personal information”). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.

When you sign up for one of our text messaging programs, you are expressly consenting to receive text messages on your cell phone or other mobile device about our products and/or programs which may be sent by automated means. Text messages will only be sent to the mobile phone number used to opt into the applicable text message program. In some instances, you may have the opportunity to reply to a message, which may result in additional response messages. Your consent to enrollment in any text message program is not a condition of purchase.

Message and data rates may apply. We do not charge a fee for our text message programs and assume no responsibility for charges by your carrier that you may incur when you sign up to receive text messages from us. 

You may choose to stop receiving our newsletter or marketing communications by following the unsubscribe instructions included in these emails, texting the “STOP” number in texts, or contacting us at supportUK@hiyahealth.com. You may change any of your personal information in your account by editing your profile within your account or by sending an e-mail to us at the e-mail address set forth above. 

We may ask you to confirm or update your marketing preferences if you instruct us to provide further products in the future, or if there are changes in the law, regulation, or the structure of our business. You may receive a final confirmation message to confirm that you will no longer receive email or text messages from the applicable program unless you opt back into such program. 

Who We Share Your Personal Information With

We will share your personal information with third parties only in the ways that are described in this Privacy Policy. We do not sell your personal information to third parties, and we do not authorize the collection of our members’ or visitors’ personal information by any third parties for the third parties’ use. We may provide your personal information to: 

• Our Business Partners. We disclose your personal information to other companies with whom we partner to provide the Site and products, to promote our products, and carry out other activities described in this Privacy Policy;

• Our Service providers. We disclose your personal information to third parties that provide business, professional, or technical support services to us, to help deliver our Site products to you, such as website hosts, payment service providers, warehouses and delivery companies;

• Our Analytics Providers. We disclose your personal information to parties that assist us in performing analytics and help us measure the effectiveness of the Site and our marketing and advertising efforts;

• Our Marketing and Advertising Partners. We disclose your personal information to third parties that assist us  in serving, measuring the performance of, and optimizing our advertisements, such as marketing agencies, third party advertising networks, social media networks, or other marketing and advertising partners;

• Public posting and social sharing. When you post public comments on our Site, on public forums like our social media sites, blogs, and online reviews, your comments are accessible by other members of the public; and

• Third parties approved by you, including SNS, or that you choose to link your account to.

These companies are authorized to use your personal information only as necessary to provide these services to us and only if we are satisfied they take appropriate measures to protect your personal information. 

We may also disclose your personal information:

• With law enforcement agencies and regulatory bodies as required by law such as to comply with a subpoena, court order, investigative demand, request for cooperation from a law enforcement agency, or similar request from a self-regulatory body or government agency or similar legal process;

• When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud or respond to a government request; 

• To relevant third parties in connection with a business transfer, including to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction as well as in the event of any insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets; or

• To any other third party with your prior consent to do so.

We may share non-personal information (such as the number of daily visitors to a particular web page or the size of an order placed on a certain date) with third parties such as advertising partners. This information does not directly personally identify you or any user.

Third-Party Payment Processing

Online payments made through our Site are handled by our third-party payment services provider. We do not process, record or maintain your credit card or bank account information. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, and dealing with complaints and queries relating to such payments and refunds. If you have any questions about payments or would like to dispute a charge, you can contact us at supportUK@hiyahealth.com.

Third Party Websites

Our Site may contain links to third party websites. When you click on a link to any other website or location, you will leave our Site and go to another site, and another entity may collect personal data or anonymous data from you. We have no control over, do not review, and cannot be responsible for, these outside websites or their content, or how that party may use or disclose any information you may provide to them. As such, we urge that you exercise caution before providing them with your personal information. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content or to any collection of your personal information after you click on links to such outside websites. We encourage you to read the privacy policies of every website you visit. The links to third party websites or locations are for your convenience and do not signify our endorsement of such third parties or their products, content or websites. 

You should contact the site administrator for such third party website if you have any complaints, claims, concerns or questions regarding such third party website or its privacy practices.

Security

The security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. We endeavor to protect the personal information we receive, gather and store, by such means as password protection, firewalls and other means. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality. We also require that third party service providers acting on our behalf or with whom we share your information also provide appropriate security measures in accordance with industry standards. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. Any such transmission of information by you over the internet is at your own risk. If you have any questions about security on our Site, you can contact us at supportUK@hiyahealth.com. 

We will maintain a record of every breach of security safeguards involving personal information under our control. We will notify you of any breach of our security safeguards involving your personal information if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to you.

Where your Personal Information is Held

Information may be held at our offices and those of our third party agencies, service providers, representatives and agents as described above (see above: “Who We Share Your Personal Information with”).

Some of these third parties may be based outside the country where we originally collected your personal information. For more information, including on how we safeguard your personal information when this occurs, see below: “International Transfers of Personal Information”.

International Transfers of Personal Information

To bring you our Site, we operate globally. Therefore, it is sometimes necessary for us to share your personal information outside the country where we originally collected your personal information, e.g.:

• With our offices in the United States;

• With your and our service providers located throughout the world; or

• If you are based outside the UK or Canada; 

These transfers may be subject to special rules under local data protection law. The countries to which we may transfer personal information may not have the same data protection laws as the country where we originally collected the personal information. In particular, you are advised that the United States uses a sectoral model of privacy protection that relies on a mix of legislation, governmental regulation, and self-regulation. We will, however, ensure that the transfer complies with data protection law and all personal information will be secure. If you are located outside the United States, we will only transfer your personal information if:

• You provide your explicit consent;

• The country to which the personal information will be transferred has been granted an appropriate adequacy decision by your local supervisory authority; or 

• We have put in place appropriate safeguards in respect of the transfer, for example we have entered into the appropriate standard contractual clauses and required additional safeguards with the recipient, or the recipient is a party to binding corporate rules approved by a supervisory authority.

We are headquartered in the United States and utilize service providers both in the United States and throughout the world. As such, we and our service providers may transfer your personal information to, or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction.

Where the laws of your country allow you to do so, by using the Site or our products, you consent and authorize us to transfer, store, and use all such information in the United States and any other country where we operate which may not offer an equivalent level of protection to that required in the country where you reside and to the processing of that information by us on its servers located in the United States as described in this Privacy Policy. If you do not want your personal information transferred to the United States and any other country where we operate, please do not submit any information to us or use our Site or products.

If you would like further information, please contact us at supportUK@hiyahealth.com.

A Note About Children

Our Site is not directed to children, and you may not use our Site if you are under the age of 13. If you are under 13, do not access the Site, or provide any information about yourself including, without limitation, your name, address, email address or any screen name or user name you may use, unless you possess legal parental or guardian consent. We do not intentionally gather personal information from visitors who are under the age of 13. If a child under 13 submits personal information to us and we learn that the personal information is the information of a child under 13, we will, in compliance with the Children’s Online Privacy Protection Act, delete the information as soon as possible and cancel the corresponding accounts. If you believe that we might have any personal information from a child under 13, please contact us at supportUK@hiyahealth.com. Please visit the FTC's website at www.ftc.gov for tips on protecting children's privacy online.

How Long Your Personal Information Will Be Kept. 

We will keep your personal information while you have an account with us or while we are providing products to you. Thereafter, we will keep your personal information for as long as is necessary:

• To respond to any questions, complaints or claims made by you or on your behalf;

• To show that we treated you fairly; or

• To comply with legal or regulatory obligations or to keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in this Privacy Policy. Different retention periods apply for different types of personal information. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of personal information; the potential risk from unauthorized use or disclosure of the personal information; the purpose(s) for which we use or may use the personal information; whether we can achieve the purpose(s) through other means; and the applicable legal requirements.

When it is no longer necessary to retain your personal information, we will delete or anonymize it. If we anonymize or de-identify information, we will maintain and use the information in anonymize or de-identified form and not attempt to re-identify the information except as required or permitted by law.

Your Rights and Choices

If you are located in the located in the UK or you reside in Canada or the State of California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia please go to our Privacy Notice Addendum to learn about additional rights you may have under applicable data protection laws.

Notification of Privacy Policy Changes

This Privacy Policy was published on the date “Last Updated” above. 

We may update this Privacy Policy to reflect changes to our information practices. Changes to this Privacy Policy will be made by updating this page.  . We encourage you to periodically review this Privacy Policy for the latest information on our privacy practices.

Contact Information

Hiya Health Products LLC is accountable for our compliance with applicable privacy laws, and for the day-to-day collection and processing of personal information described in this Privacy Policy.

Our contact details are shown below:

 

PRIVACY NOTICE ADDENDUM

This Privacy Notice Addendum (“Notice”) supplements the information contained in the above Privacy Policy and applies solely to all visitors, users, and others located in the UK, or who reside in Australia, Canada or the State of California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia, ("consumers" or "you").  

We adopt this Notice to comply with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), the UK version of the General Data Protection Regulation (“UK GDPR”), the California Shine the Lights law, the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Colorado Privacy Act, the Connecticut Data Privacy Act, the Delaware Personal Data Privacy Act, the Iowa Consumer Data Protection Act, the Maryland Online Data Privacy Act, the Minnesota Consumer Data Privacy Act, the Montana Consumer Data Privacy Act, Nebraska Data Privacy Act, New Hampshire Senate Bill 255, New Jersey Senate Bill 332, the Oregon Consumer Privacy Act, the Tennessee Information Protection Act, the Texas Data Privacy and Security Act, the Utah Consumer Privacy Act, the Virginia Consumer Data Protection Act, and certain other privacy and data protection laws, as applicable (collectively, the "Statutes"). Any terms defined in the Statutes will have the same meaning when used in this Notice. Any terms used in this Notice but undefined herein shall have the meaning provided in the Privacy Policy.

As further set forth in our Privacy Policy, we may collect certain information that is (i) linked or reasonably linkable to an identified or identifiable individual or natural person, or (ii) that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a consumer or household, or (iii) as further defined in the Statutes as “Personal Data” or “Personal Information,” as further described in our Privacy Policy.

Shine the Light Law

California Civil Code Section 1798.83, also known as the "Shine The Light" law permits individuals who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided.

Personal Information We Sold or Disclosed for a Business Purpose

In the preceding 12 months, we have sold to one or more third parties the following categories of personal information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:

• Category A

• Category B

• Category D

• Category F

In the preceding 12 months, we have disclosed for a business purpose to one or more third parties the following categories of personal information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:

• Category A

• Category B

• Category D

• Category F

Your Rights Under the CCPA

You may have the right under the California Consumer Privacy Act of 2018 (CCPA), the California Privacy Rights Act of 2020 (CPRA), and certain other privacy and data protection laws, as applicable, to exercise free of charge:

Your Rights Under Other State Privacy Laws

Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia, also provide consumers who are residents of these states with certain rights regarding their Personal Data. This section describes the rights you may have under these state privacy laws, under certain circumstances and subject to certain exceptions. Please contacts us if you have any questions about your rights under these state privacy laws.

Your Rights under the UK GDPR

In the UK, you have certain rights under applicable data protection laws. These rights include:

• Right to Access - The right to be provided with a copy of your personal data;

• Right to Rectification - The right to require us to correct any mistakes in your personal data.

• Right to be Forgotten - The right to require us to delete your personal data—in certain situations. At your request, we will delete your personal data promptly if:

• it is no longer necessary to retain your personal data;

• you withdraw the consent which formed the basis of your personal data processing;

• you object to the processing of your personal data and there are no overriding legitimate grounds for such processing;

• the personal data was processed illegally; or

• the personal data must be deleted for us to comply with our legal obligations.

We may decline your request for deletion if processing of your European Personal Data is necessary:

• To comply with our legal obligations;

• In pursuit of a legal action;

• To detect, predict and monitor fraud; or

• For the performance of a task in public interest.

• Right to Restriction of Processing - The right to require us to restrict processing of your personal data—in certain circumstances, e.g. if you contest the accuracy of the data, if your personal data was processed unlawfully and you request a limitation on processing, rather than the deletion of your personal data, we no longer need to process your personal data, but you require your personal data in connection with a legal claim, or you object to the processing pending verification as to whether an overriding legitimate ground for such processing exists. We may continue to store your personal data to the extent required to ensure that your request to limit the processing is respected in the future.

• Right to Data Portability - The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations. At your request, we will provide you free of charge with your personal data in a structured, commonly used and machine readable format, if you provided us with personal data, the processing of your personal data is based on your consent or required for the performance of a contract, or the processing is carried out by automated means.

• Right to Object – The right to object at any time to your personal data being processed for direct marketing (including profiling), and in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests. We will comply with your request unless we have compelling legitimate grounds for the processing which override your rights and freedoms, or where the processing is in connection with the establishment, exercise or defense of legal claims. Please note that even if we stop all marketing communications, you may still receive administrative communications from us.

• Right Not to be Subject to Automated Individual Decision-Making - The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you, unless you have given us your explicit consent or where they are necessary for a contract with us.

• Right to Withdraw Consent - You have the right to withdraw any consent you may have previously given us at any time.

For further information on each of those rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner's Office (ICO) on individual rights under the General Data Protection Regulation.

We hope that we can resolve any query or concern you raise about our use of your information. However, the UK General Data Protection Regulation also gives you right to lodge a complaint with the ICO. 

Canada’s Personal Information Protection and Electronic Documents Act

The Personal Information Protection and Electronic Documents Act (PIPEDA) provides consumers who are Canadian residents with specific rights regarding their Personal Information. This section describes your rights under PIPEDA and explains how to exercise those rights.

• You have a right to know how your Personal Information will be used. We will explain why we need your Personal Information before or when we collect it, if the purpose is not already clear.

• We will collect Personal Information only for the purposes we’ve identified or for the primary uses described in our Privacy Policy. We shall collect information by fair and lawful means only.

• We will not use or disclose your Personal Information other than for the purposes for which it was collected unless we receive your consent or unless we are required or permitted to by law.

• We will keep your Personal Information only for as long as it needs to for the purposes identified in our Privacy Policy, as required by law, or as necessary to resolve any disputes you may have concerning our Site or services. We will follow internally set guidelines and use care in the disposal, destruction, or de-identification of Personal Information to prevent unauthorized parties from gaining access to such Personal Information.

• We will maintain accurate, complete and up-to-date Personal Information as required for the identified purposes associated with its collection. Please let us know if your contact or other Personal Information changes.

• Upon your written request, and subject to exceptions as permitted or mandated by law, we will inform you of the existence, use and disclosure of your Personal Information and will give you access to that Personal Information. You may challenge the accuracy and completeness of your Personal Information and have it amended as appropriate.

We maintain procedures for addressing and responding to all inquiries or complaints from you about our handling of Personal Information. We will inform individuals who make inquiries or lodge complaints of the existence of relevant complaint procedures. We may seek external advice where appropriate before providing a final response to individual complaints. We shall investigate all complaints. If a complaint is found to be justified, we will take appropriate measures, including, if necessary, amending our policies and procedures.

How to Exercise Your Rights

If you would like to exercise any of your rights as described in this Privacy Notice, please:

• Call us, toll-free, at 844-388-4492; or

• Email us at supportUK@hiyahealth.com.

Please note that you may be restricted on the number of data access or data portability disclosures you may make within a 12-month period.

If you choose to contact us by phone or email, we will take steps to verify your identity before granting you access to your personal information or complying with your request. In order to help protect your privacy and maintain security, you will need to provide us with:

• Enough information to identify you (e.g., your full name, email address, or phone number);

• Proof of your identity and address; and

• A description of what right you want to exercise and the information to which your request relates.

In addition, if you ask us to provide you with specific pieces of personal information, we may require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.

You may use a representative, called an "authorized agent," to submit a request to us. 

In some states, an authorized agent must be a natural person, or a business entity registered with the appropriate Secretary of State, that you have authorized to act on your behalf. 

In order to protect your privacy, Company requires you to confirm that you have provided the authorized agent permission to submit the request and you must provide the authorized agent with signed permission. "Signed" means that the written attestation, declaration, or permission has either been physically signed or provided electronically pursuant to the Uniform Electronic Transactions Act. In California, an authorized agent that has power of attorney pursuant to California Probate Code section 4121 to 4130 must submit proof of statutory power of attorney, but in such cases, consumer verification will not be required.

Company may deny a request from an authorized agent that does not submit proof that they have been authorized to act on your behalf. Requests submitted by an authorized agent will still require verification of the person who is the subject of the request in accordance with the process described above. 

We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf.

Any personal information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification.