Privacy Policy

Bastyr University Natural Medicine Shop Website Privacy Policy

 

This Privacy Policy applies to the websites (collectively, the “Websites”) of the Bastyr University Natural Medicine Shop (“Company”) and governs collection, usage, and disclosure of your information through the Websites. Please take a moment to review this Privacy Policy.

 

Use & Collection of Personal Information

 

Any personally identifiable information (“personal information”), such as name, e-mail address, physical address, and/or telephone number, submitted by users of the Websites may be used by Company for reasonable business purposes. The information we collect through our Websites may include information that you provide by filling in forms on our Websites; records and copies of your correspondence if you contact us; and the details of any transactions you carry out through the Websites. Company may use your personal information to communicate with you.

 

Sharing of Information

 

Any information submitted by you through the Websites is for the exclusive use of Company and any contracted service providers for the purpose of the operation of the Websites. Company does not sell, trade, or rent any personal information. Company may save personal information to comply with federal and state policies, but it does not disclose this information to third parties or government agencies unless state or federal law requires us to do so, such disclosure is necessary to provide the Websites to you, or exigent circumstances require Company to protect the safety of its users or the public.

 

Security of Personal Information

 

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Company has established appropriate and reasonable security procedures (physical, electronic, and administrative) to safeguard and secure the information Company collects. 

 

However, please remember that the Internet is not a 100% secure environment, and therefore Company cannot and does not guarantee that information you provide through the Company Websites may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

 

Automatic Data Collection Technologies


Like many websites, we may use automatic data collection technologies to enhance the user experience and to collect helpful information about visitors and visits to our Websites.  We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services. The information we collect automatically is not personal information and may include IP addresses, internet tags and navigational data (server log files), which may be used by Company or shared with third parties. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent.

  • Cookies (or browser cookies). Cookies are pieces of data stored on the user's hard drive containing information about the user. Cookies are used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services.
  • Flash Cookies. Certain features of our Websites may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Websites. Flash cookies are not managed by the same browser settings as are used for browser cookies
  • Web Beacons. Pages of the Websites and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs).

Company will not share any information collected through cookies with any third-party except to the extent they are performing services on behalf of Company.

 

Third-Party Websites

 

Company may include links to third-party websites on the Websites.  These third-party sites have separate and independent privacy policies.  Company therefore has no responsibility or liability for the content and activities of these linked websites.  Company encourages you to read the privacy policies of each of these third-party websites.

 

Opt-Out Procedures 


Users may opt-out of receiving future e-mails or mailings from Company.  To remove your identifiable information from our database or to no longer receive communications from Company, please contact Company at the address or telephone number provided below.

 

Parents and Guardians

 

Company’s Websites do not target and are not intended to attract or be used by minors under the age of 18.

 

Your State Privacy Rights

State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information. To learn more about California residents' privacy rights, please see the California Consumer Privacy Act Addendum attached to this Policy. In addition, Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to:

 

  • Confirm whether we process their personal information.
  • Access and delete certain personal information.
  • Data portability.
  • Opt-out of personal data processing for targeted advertising and sales.

 

Colorado, Connecticut, and Virginia also provide their state residents with rights to:

 

  • Correct inaccuracies in their personal information, taking into account the information's nature processing purpose.
  • Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.

 

To exercise any of these rights and/or to appeal a decision regarding a consumer rights request please contract us at [bcnhdispensary@bastyr.edu].

 

Acceptance of These Terms 


Your usage of the Websites signifies your acceptance of the terms of this Privacy Policy.  If you do not agree to this Policy, please do not use the Websites.

 

Updates to This Privacy Policy

 

Company reserves the right, at any time, to modify this Privacy Policy. If we make revisions that change the way we collect, use, or share personal information, we will post those changes in this Privacy Policy on the Websites. You should review this Privacy Policy periodically so that you keep up to date on our most current policies and practices.

Questions


If you have any questions or comments about this policy, please contact us using the following contact information:

bcnhdispensary@bastyr.edu

September 2023



 

CALIFORNIA CONSUMER PRIVACY ACT ADDENDUM

 

This California Consumer Privacy Act Addendum supplements the information contained in the Natural Medicine Shop (“Company,” or “we” or “us”) Privacy Policy for the Company’s website (https://bastyrcenter.myshopify.com) (the “Site”) and the Company’s web platform (together with the Site, the “Service”), and applies solely to all visitors of the Site and users of the Service who reside in the State of California ("consumers" or "you"). We adopt this Addendum to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this Addendum.

 

Information We Collect

 

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device ("personal information"). Personal information does not include:

 

  • Publicly available information from government records.
  • Deidentified or aggregated consumer information.
  • Information excluded from the CCPA's scope, including health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA).

 

In particular, we have collected the following categories of personal information from its consumers within the last twelve (12) months:

 

Category

Examples

Collected

A. Identifiers.

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.

YES

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.

YES

C. Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

 

NO

D. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

YES

E. Biometric information.

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

NO

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

YES

G. Geolocation data.

Physical location or movements.

NO

H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information.

NO

I. Professional or employment-related information.

Current or past job history or performance evaluations.

NO

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

NO

K. Inferences drawn from other personal information.

Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

YES

 

Collecting, Using, and Sharing Personal Information

 

Please see our Privacy Policy above for details about how we collect, use, and share and use your personal information.

 

Disclosures of Personal Information for a Business Purpose

 

In the preceding twelve (12) months, Company has disclosed following categories of personal information for a business purpose:

 

  • Category A: Identifiers.
  • Category B: California Customer Records personal information categories.
  • Category D: Commercial information.
  • Category F: Internet or other similar network activity.
  • Category K: Inferences drawn from other personal information.

We have disclosed your personal information for a business purpose to service providers.

 

Sales of Personal Information

 

In the preceding twelve (12) months, Company has not sold personal information.

 




Your Rights and Choices

 

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

 

Access to Specific Information and Data Portability Rights

 

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see section below titled “Exercising Access, Data Portability, and Deletion Rights”), we will disclose to you:

 

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:

 

  • Sales, identifying the personal information categories that each category of recipient purchased; and
  • Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

 

We do not provide these access and data portability rights for business-to-business personal information.

 

Deletion Request Rights

 

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see section below titled “Exercising Access, Data Portability, and Deletion Rights”), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

 

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

 

  1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
  7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  8. Comply with a legal obligation.
  9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We do not provide these deletion rights for business-to-business personal information.

 

Exercising Access, Data Portability, and Deletion Rights

 

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

 

 

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information.

 

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

 

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

 

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

 

Making a verifiable consumer request does not require you to create an account with us.

We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request. 

 

Non-Discrimination

 

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

 

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

 

Other California Privacy Rights

 

California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to [bcnhdispensary@bastyr.edu].

 

Changes to this Addendum

 

We reserve the right to amend this Addendum at our discretion and at any time. When we make changes to this Addendum, we will post the updated Addendum on the Website and update the Addendum's effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

 

Contact Information

 

If you have any questions or comments about this Addendum, the ways in which Company collects and uses your information described here and in the Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at: