Privacy Policy

Last Updated & Effective as of January 1, 2023.

Please read this Privacy Policy carefully before you use www.craftandclinic.com (the “Website”). The terms “you” or “yours” refer to the user of the Website. Your privacy is important to Craft & Clinic Naturopathic Medicine® (“Craft & Clinic,” “we,” “our,” or “us”) the owner of the Website. This Privacy Policy describes the types of information we may collect from you or that you may provide when you visit the Website, the ways in which we use, maintain, protect and disclose that information, & your rights with respect to such information. By accessing or using this Website, you consent to this Privacy Policy & the data collection practices described herein, whether or not you have read it. If you do not agree to these terms, please do not access or use the Website. 

This Privacy Policy applies to information we collect on & through this Website including in email, text or other electronic messages between you & the Website. It does not apply to any information you may provide to us or that we may collect offline and/or through other means (for example, at a live event, via telephone, through the mail or as a patient or client of Craft & Clinic. For avoidance of doubt, if you are a patient of Craft & Clinic, it does not apply to your personal health information stored on our HIPPA-secured Electronic Medical Record Patient Portal. Our separate HIPAA notice of privacy practices that discusses how we collect & treat health information of patients of Craft & Clinic is supplied to new patients of Craft & Clinic upon registration as new patients, is located on the Patient Portal and can be found under the Patients drop-down menu of the Website. While there is a link to the HIPAA-compliant Patient Portal on this Website, the Patient Portal is hosted on a separate server and is not part of this Website.

Changes to our Privacy Policy

We may need to & we reserve our right to change this Privacy Policy from time to time, in which case the updated Privacy Policy will be posted on this page & we will update the Effective Date at the top of the Privacy Policy to reflect the date of the changes. By continuing to use the Website after we post any such changes, you accept the Privacy Policy as modified, so please check this Privacy Policy from time to time to be aware of any modifications.

If we make material changes to how we treat our users’ personal information, we will notify you by through a notice on the Website home page.

Children Under the Age of 13 and Children’s Online Privacy Protection Act

This Website & any products & services offered herein are not intended for children under 13 years of age. No one under age 13 may provide any personal information to or on the Website. We do not knowingly collect information from anyone under 13. Craft & Clinic prohibits children under the age of 13 from using all interactive portions of this Website, including leaving any comments, filling out forms, or otherwise submitting information and will not knowingly collect personally identifiable information from children under 13. If we learn we have collected or received any information from anyone under the age of 13, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at assistant@craftandclinic.com.

Information We Collect & How We Collect It

When you access the Website, its content & its services, we will learn certain information about you during your visit. We collect this information:

• Directly from you when you provide it to us.
• Automatically as you navigate through the Website. Information collected automatically may include usage details, IP addresses & information collected through cookies, web beacons & other tracking technologies.
• From third parties, for example, our business partners.

Information You Provide to Us. 

The Website provides various places for visitors to provide information. We collect information when you voluntarily sign up for our e-mails, fill out any type of form on the Website including a contact form or a request for a complimentary consult, leave comments including on social media, purchase a service or product through our Website if that option is offered, or otherwise contact us via an online form located on our Website or e-mail. The information collected may include your name, e-mail, phone number, records & copies of your correspondence such as e-mail messages together with your e-mail address & our responses, your contributions to public areas of the Website, & if you make a purchase from Craft & Clinic through the Website, your address, billing information, & details of purchase transactions you carry out through the Website (collectively, “personal information”). You are not required to provide any personal information to merely access or visit the Website.

If you are located in the European Economic Area (EEA), this means we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) & we are responsible as data controller of that personal information for the purposes of those laws.

Information Collected from Other Sources

We provide links to our online HIPAA compliant supplement dispensary platform Fullscript from the Supplements page of our Website. This Privacy Policy does not apply to the privacy practices of Fullscript as Fullscript has its own privacy policies; however, we will have access to the information you provide when you register for an account on Fullscript through the link on this Website as well as the orders you place, & such information we receive will be treated in the same manner as other information you provide through this Website.

For the avoidance of doubt, if you are patient of Craft & Clinic all such information you provide through Fullscript will be protected under our HIPPA privacy policy as part of your medical record. Furthermore, if you are not a patient of Craft & Clinic and you create a free account on Fullscript, this does not create a doctor-patient relationship between you and Craft & Clinic.

Information We Collect Through Automatic Data Collection Technology.

As you visit and navigate through the Website, we may use automatic data collection technologies such as “cookies” (small files saved on your hard drive by your web browser) like Google Analytics to collect certain nonpersonal information about your equipment, browsing actions & patterns. This nonpersonal information will generally include information about your location, your traffic pattern through our Website, & any communications between your computer & our Website. Among other things, we may collect data about your computer hardware & software, your Internet connection, your IP address, your operating system, your browser type, domain names, access dates & times, referring website addresses, & information about the areas of the Website you visit & search terms you use on this Website & about the links you may select from within this Website to other areas of the Internet. We also may use these technologies to collect information about your online activities over time & across third-party websites or other online services (behavioral tracking) such as the websites you visited just before and just after this Website.

Any such information collected automatically is used for statistical data & will not include personal information. We use such technologies & the information collected by them to improve the Website & our service as it enables us to analyze Website performance, estimate our audience size, track usage patterns, save information from your previous visits about your preferences to customize your experience & speed up your searches & recognize you when you return to our Website.

If we use cookies, we will ask for your consent to allow us to use cookies. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if we use cookies & you select this setting, you may be unable to access certain parts of our Website.

We also reserve the right to use technological equivalents of cookies, including social media pixels. These pixels allow social media sites to track visitors to outside websites so as to tailor advertising messages users see while visiting that social media website. We reserve the right to use these pixels in compliance with the policies of the various social media sites.​

If your browser sends a “Do Not Track” signal, our Website will honor it.

To the extent that you voluntarily provide personal information to us, our systems will associate the automatically collected information with your personal information.

Google Analytics

This Website may also use Google Analytics so that we can understand & analyze the usage trends & preferences of visitors in order to improve our service & develop new features & functionalities. Google Analytics is a web analytics service offered by Google that tracks & reports website traffic. Google uses the data collected to track & monitor the use of our Website. This data is shared with other Google services. Google may use the collected data to contextualize & personalize the ads of its own advertising network. To learn more about Google Analytics & how they may collect & use your data, please visit: “How Google uses data when you use our partners’ sites or apps,” located at https://policies.google.com/technologies/partner-sites. 

You can opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on available here: https://tools.google.com/dlpage/gaoptout/. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visitors activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en

How We Use Your Information

We use information that we collect about you or that you provide to us, including any personal information, to send you e-mails when you sign up for our newsletter or request information from us, to respond to comments & questions & to provide support to users of the Website, to provide you with information about our services, to notify you about changes to our Website, to provide you with information, products or services you request from us, to carry out our obligations & enforce our rights arising from any contracts entered into between you & us, in any other way we may describe when you provide the information, to provide us with an overview of how people are accessing & using this Website, to understand & analyze usage trends & preferences of our visitors & users so that we can improve our service & develop new products, services, features & functionalities & improve our Website performance & customer service. If there is an option to make a payment or purchase through this Website, we will also use the information that we collect to fulfill orders & deliver services & products & complete customer transactions, to process payments, & for billing & collection.

Email Policies & CAN-SPAM Act

We are committed to keeping your e-mail address confidential. We do not sell, rent, or lease your personal information to third parties, & will not disclose your email address to any third parties except as allowed in the section titled Disclosure of Your Information: Who We Share Your Information With. We will maintain the information you send via e-mail in accordance with applicable federal law.

In compliance with the CAN-SPAM Act, all e-mails sent from Craft & Clinic will clearly state who the e-mail is from & provide clear information on how to contact the sender. In addition, all e-mail messages provide users the opportunity to opt-out of receiving future communications from us by clicking on the unsubscribe link located at the bottom of any e-mail they receive from us at any time. After unsubscribing we will discontinue sending the messages as soon as technically feasible.

Disclosure of Your Information: Who We Share Your Information With

Craft & Clinic respects your privacy & we do not sell, rent, lease, trade or otherwise transfer any information collected whether automatically or through your voluntary action to third parties (beyond what is necessary for the basic functionality of an online service or for fulfilling a customer transaction if applicable) without your consent.

We may disclose personal information that we collect, including that you provide as described in this Privacy Policy:

• To our subsidiaries & affiliates.
• To third parties including, for example: contractors, service providers & ‘data processors’ as described below, that we use to support our business & our Website. All such third parties will always be bound by contractual obligations to keep personal information confidential & use it only for the purposes for which we disclose it to them.
• To a third party, including a lawyer or collection agency, when necessary to enforce our Website Terms & Conditions or any other applicable terms of use, terms & conditions or agreement between you & Craft & Clinic, including for billing & collection purposes.

·       To any successor in interest in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Craft & Clinic’s asserts and/or business.

·       If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Craft & Clinic, other users of the Website or the general public. This includes exchanging information with other companies & organizations for the purposes of fraud protection & credit risk reduction.

·       To comply with any legal obligations such as court order, law or legal process, including to respond to any government or regulatory request & when compelled by a court or other governmental entity to do so.

·       For any other purpose disclosed by us when you provide the information.

·       With your consent.

We are the ‘data controller” of any personal information collected through the Website & determine the purposes for which & the manner in which any personal information is used & processed. However, we pay for the services of third party ‘data processors’ who hold and/or process personal information of users of the Website on our behalf. We may have multiple data processors at any given time, including, but not limited to:

• our email marketing & email management software service provider (currently ActiveCampaign)
• our Website hosting service provider (currently Blue Host)
• our platform service provider (currently WordPress & Ontraport)
• our scheduling service provider (currently Calendly)
• various payment merchants if we offer an option to purchase through our Website
• Google
• Other social media sites

Note that, while the above entities act as data processors on our behalf, some or all of them may also act as data controllers in their own rights. For example, if you purchase a product or service through our Website, payment merchants decide which information they need from our customers in order to process their payments correctly. The payment merchants or other data processing entities may also exercise control over the other purposes that a customer’s data is used for, for example direct marketing of their products and services, which is not within our control. The payment merchants or other data processing entities also have legal requirements of their own to meet, such as regulations relating to the use & retention of payment card data or other personal data. And, finally, each data processor has its own terms & conditions & privacy policies that apply directly to our website users.

Use & Transfer of Your Information Out of the European Economic Area (EEA), the UK & Switzerland

The General Data Protection Regulation (GDPR) requires certain safeguards when transferring personal data from outside the European Economic Area (EEA), the United Kingdom (UK) & Switzerland to “third countries,” which are all countries outside these protected areas, including the United States. This Website is operated in the United States & third parties with whom we might share your personal information as explained above are also located in the United States. If you are located in the EEA, the UK, Switzerland or elsewhere outside of the United States, please be aware that any information you provide will be transferred to the United States. By using this Website, participating in any of its services and/or providing your information, you consent to this transfer.

The United States does not have the same data protection laws as the EEA, United Kingdom & Switzerland. While the European Commission has not given a formal decision that United States provides an adequate level of data protection similar to those which apply in the EEA, the UK & Switzerland, any transfer of your personal information will be subject to the derogation in Article 49 permitting non-repetitive transfers that concern only a limited number of data subjects, as permitted by Article 49 of the General Data Protection Regulation that is designed to help safeguard your privacy rights & give you remedies in the unlikely event of a misuse of your personal information.

If you would like further information, see How to Contact Us below.  We will not otherwise transfer your personal data outside of the EEA, the UK or Switzerland, or to any organization (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

How Long Your Personal Information Will Be Kept

We will retain all non-client or customer personal information until you let us know you would like for us to delete it or unsubscribe from our email contacts, which you are free to do at any time. However, if you make a purchase from our Website, we will hold personal data in our files for six years as advised by the IRS.

This does not apply to information from patients of Craft & Clinic. We will hold patient health information in our files as required by applicable law and until at least one (1) year after any relevant statute of limitation on professional liability has run.

How We Protect Your Information: Data Security and Information Storage

We employ commercially reasonable methods to ensure the security of the information you provide to us & the information we collect automatically. This includes using standard security protocols & working only with reputable third-party vendors. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorized manner & are subject to a duty of confidentiality.

If Craft & Clinic collects sensitive personal information (such as credit card data), that information is encrypted & transmitted to Craft & Clinic in a secure way. Customers can verify this by looking for a closed lock icon at the bottom of their web browser or looking for “https” at the beginning of the address of the web page.

However, unfortunately, please note that no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website.  You acknowledge that (a) there are security and privacy limitations of the Internet which are beyond our control; (b) the security, integrity, & privacy of any & all information & data exchanged between you & us through this Website cannot be guaranteed; and (c) any such information & data may be viewed or tampered within transit by a third party. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

We will notify you & any applicable authorities of a suspected data security breach where we are legally required to do so.

Please note that any comments or information that you post on the Website, including Craft & Clinic social media pages, become public & third parties may use your information. Craft & Clinic is not responsible for any unauthorized uses by third parties in such context. You disclose such information at your own risk.

Passwords for Patients to Access Patient Portal

If you are a patient of Craft & Clinic, this Privacy Policy does not apply to your personal health information stored on our HIPPA-secured Electronic Medical Record Patient Portal. Our separate HIPAA notice of privacy practices that discusses how we collect & treat health information of patients of Craft & Clinic is supplied to new patients of Craft & Clinic upon registration as new patients, is located on the Patient Portal & can be found under the Patients drop-down menu of the Website. While there is a link to the HIPAA-compliant Patient Portal on this Website for easy patient access, the Patient Portal is hosted on a separate server & is not part of this Website.

As a patient of Craft & Clinic, in order to access the Patient Portal you will be sent a link to create a unique password. You are responsible for maintaining the confidentiality of the password & account & are responsible for all activities (whether by you or by others) that occur under your password or account.

To protect your health information, please do not share your password with anyone. If you share your password with another person, Craft & Clinic cannot & will not be liable for any loss or damage arising from your failure to protect your password. If you share your password with anyone, they may be able to obtain access to your personal health information at your own risk.

Third-party Use of Cookies & Other Tracking Technologies

Some content or applications on the Website, including for example, our online supplement dispensary platform Fullscript & our scheduling software, may be served by third parties, content providers & application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Website.

We do not control these third parties’ tracking technologies or how they may be used. If you have any questions, you should contact the responsible provider directly.

Third-Party Links & Online Supplement Dispensaries

We provide links to our online HIPAA compliant supplement dispensary platform, Fullscript from the Supplements page of our Website, & occasionally we may also include or offer third-party products, services, or links to other websites. This Privacy Policy does not apply to the privacy practices of Fullscript or other third parties. Fullscript has its own privacy policies, & any other third-party websites may or may not have separate & independent privacy policies. When you access another website or purchase third-party products or services through the Website, use of any information you provide is governed by the privacy policy of the operator of the website you are visiting or the provider of such products or services. We, therefore, have no responsibility or liability for the content & activities of these linked sites and/or their privacy policy (or lack thereof).

Your Rights: Accessing, Correcting & Deleting Your Information

As noted above, if you want to unsubscribe from receiving e-mails from Craft & Clinic, you may do so at any time. Each e-mail from Craft & Clinic includes instructions for unsubscribing from these e-mail communications.

You may send us an e-mail to assistant@craftandclinic.com in order request access to, correct or delete any personal information that you have provided to us.

Please note that we may retain some or all of the information you submit for backups, archiving, prevention of fraud & abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.

You may also decline to share certain personal information with us, in which case we may not be able to provide you with some of the features & functionality of our services.

When you place an order through the Website if that option is offered (not Fullscript), we will maintain your order information for our records unless & until you ask us to delete this information. We are required to keep some basic information about our customers including transaction data for tax & legal purposes & therefore there is some information that cannot be deleted.

Visitors’ GDPR Rights

If you are located within the European Union, you are entitled to certain information & have certain rights under the General Data Protection Regulation. Those rights include:

·  Fair processing of information & transparency over how we use your use personal information

·  Access to your personal information & to certain other supplementary information that this Privacy Policy is already designed to address

·  Require us to correct any mistakes in your information which we hold

·  Require the erasure of personal information concerning you in certain situations

·  Receive the personal information concerning you which you have provided to us, in a structured, commonly used & machine-readable format & have the right to transmit those data to a third party in certain situations

·  Object at any time to processing of personal information concerning you for direct marketing

·  Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you

·  Object in certain other situations to our continued processing of your personal information

·  Otherwise restrict our processing of your personal information in certain circumstances

·  You may also have the right to claim compensation for damages caused by our breach of any data protection laws.

We hope that we can resolve any question or concern you raise about our use of your information.

If you are covered by the General Data Protection Regulation, you may lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation, available at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

We require only the information that is reasonably required to enter into a contract with you. We will not require you to provide consent for any unnecessary processing as a condition of entering into a contract with us.

If you would like to exercise any of those rights, please:

·       Email us at assistant@craftandclinic.com

·       Provide us enough information to identify you (e.g., name, e-mail address, or other information, as applicable) & verify proof of your identity

·       Provide us with the information to which your request relates

California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites & online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected & those individuals with whom it is being shared, & to comply with this policy. – See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

Pursuant to CalOPPA we agree to the following:

·      Users can visit our Website anonymously

·      There is a link to our Privacy Policy on our home page or at a minimum on the first significant page after entering our Website.

·      Our Privacy Policy link includes the word ‘Privacy’ & can be easily be found on the page specified above.

·      Users will be notified of any changes to our Privacy Policy:

o   On our Website Privacy Policy page

·      Users are able to change their personal information:

o   By emailing us

o   By logging into their account on our Website if they have one

As noted above, if your browser sends a “Do Not Track” signal, our Website will honor it.

California Consumer Privacy Act (CCPA)

The CCPA took effect on January 1, 2020 and is intended to protect the personal information of California residents. The CCPA has certain threshold requirements which a company must meet in order to be required to comply with its provisions.  Upon information and belief, we do not meet those thresholds.  In the event of a change in our status, and if the data that you provide in the course of your use of the Website is governed by CCPA, we will abide by the relevant portions of the Act.

If you are a resident of the state of California, you may have the right to: request disclosure of the personal information we have collected about you & the types of third parties with whom it has been shared; request a portable copy of your information; opt out from marketing messages or the sale of your information to third parties; & request deletion of your personal information. To make these requests, please contact us at assistant@craftandclinic.com.

Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at assistant@craftandclinic.com