Policies

Welcome to Lumita Wellness!

This Privacy Policy outlines the methods by which personal information is gathered, utilized, and preserved when you engage with our clinic management platform, as well as our websites and web-based resources, collectively referred to as the “Services”.

​

In this document, “User” encompasses any individual interacting with our Services, whether as a patient, practitioner or as someone navigating or utilizing our websites and web-based resources.

​

Notice to Patients

If you are receiving care from a clinic or practitioner who is a User, they are responsible for managing your patient data, which includes contact details, billing information, and medical records. For inquiries regarding your patient data, please reach out to your respective clinic or practitioner. Additional details can be found under the section titled “Patient Data”.

​

Why Lumita Wellness Collects Personal Information

Lumita Wellness collects personal data to deliver our Services to Users and their users, to analyze Service usage (for enhancements, accessibility, and pertinent content), and to inform you about our Services, including new features and promotions. We gather only the essential personal data required for these objectives. We neither sell nor exchange personal data, and we disclose your personal data to third parties solely in the manners outlined in this Privacy Policy.

​

Information Lumita Wellness Collects from You

Contact Information: We gather your contact details, such as name, email address, and organization, when you complete our online forms or establish a user account for our Services. Your contact information is used to activate your account, grant Service access, and send account-related notifications. Your contact information may also be employed for marketing purposes, including promotional emails, direct mail, and sales outreach. You have the option to withdraw from our marketing communications at any time by unsubscribing or reaching out to us at info@lumita.ca. It’s important to note that Lumita Wellness does not collect or oversee patient contact information or any marketing or communications between a User and their patients.

​

Billing Information

When a User signs up for our Services, we also collect credit card details to facilitate payment. This information is sent directly to our payment processor and handled in compliance with PCI standards. We do not retain your credit card details. The term “stored” in reference to credit card information indicates we possess a “token,” which is a secure substitute for sensitive data that allows the payment processor to reference your credit card details for transaction processing.

​

Log and Device Information

We collect data on your method of accessing our Services, such as your internet or mobile network connection, browser type, or mobile device (if applicable), when you visit and navigate our Services. This log and device information is analyzed to understand Service access and usage patterns, enabling us to tailor our Services for the various types of connections, browsers, and devices in use. This data is not utilized for individual-level marketing or promotional activities.

Cookies and Tracking Information: Our website employs cookies—small data files downloaded to your computer or device by a website. Your web browser provides options to manage cookies through its settings. You can modify these settings to receive a warning before accepting a cookie, reject all cookies, or delete cookies at any time. However, please be aware that certain cookies are necessary for specific parts of the Services to function. We also utilize web beacons, small graphic elements in a web page or email, to determine if a user has viewed the page or email.

 

Cookies and web beacons

• Analyze website usage, such as traffic patterns and navigational efficiency

• Measure email open rates to assess the impact of communications or marketing campaigns directed at clinics

• Facilitate secure login to our Services

• Retain your login credentials for convenient access to our Services

​

Social Media

If you access our Services via a third-party sign-in service like Google, Facebook Connect, or Twitter, we receive personal information from those platforms, such as your name and email address, to pre-fill our online forms. Our websites also feature social media “Like” and “Share” buttons. These functions may gather your IP address and the webpage you’re visiting on our site, and they may set a cookie to ensure proper operation. Your interaction with these features is subject to the privacy policies of the respective third-party providers.

​

Patient Data

Lumita Wellness utilizes our clinic management platform to gather personal information from patients, creating comprehensive patient profiles. These profiles may encompass a patient’s name, address, insurance and billing details, medical history, appointment logs, and other relevant data, collectively known as “Patient Data.” Depending on the jurisdiction and applicable privacy regulations, this information might be classified as “personal health information,” “protected health information,” “data concerning health,” or “sensitive data.” As a patient, your Patient Data is collected during your visits to Lumita Wellness clinics or practitioners, as well as when you establish an account through our online booking system.

​

User’s Role: Users maintain exclusive authority over Patient Data, which may be designated as a “health information custodian,” “covered entity,” or “controller,” contingent on their location and governing privacy laws.

Users are responsible for:

• Determining the scope of Patient Data collection;

• Establishing usage protocols for Patient Data;

• Granting access permissions to Patient Data;

• Setting retention periods for Patient Data storage;

• Outlining criteria for Patient Data deletion.

Users must adhere to legal and regulatory standards concerning Patient Data management and establish lawful grounds for its utilization.

​

Lumita Wellness’s Role:

As a service provider to users, Lumita Wellness may be identified as an “agent,” “business associate,” or “processor” for the user. We securely store Patient Data within our data centers, making it accessible to users and their associates via our clinic management platform. Beyond this, Lumita Wellness does not exert control over Patient Data. Access to Patient Data by Lumita Wellness occurs solely upon user instruction, or in exceptional cases, to rectify technical issues, comply with legal mandates, or respond to court orders.

​

Storage Location

Patient Data is housed within the regional data center selected by the user at the time of registration. Our data centers are situated in Canada, the United States, the UK, and Australia, subject to change. Absent a local data center, Patient Data defaults to our Canadian facility, unless the user specifies otherwise. Note that US-based service providers manage appointment reminders via email or SMS, which means Patient Data involved in these reminders may transit and be temporarily stored in the United States. All our data centers and service providers uphold stringent security measures and comply with relevant privacy legislation.

​

Patient Rights:

Patients possess specific rights regarding their Patient Data, including access to their information held by Lumita Wellness clinics, correction of inaccuracies, acquisition of Patient Data records, and, under certain conditions, the erasure or removal of their Patient Data. It’s important to recognize that users have stringent legal and regulatory duties surrounding Patient Data, which may restrict their ability to delete or remove it.

​

Inquiries about Patient Data

For questions about your Patient Data or to exercise any patient rights, please contact your Lumita Wellness clinic or practitioner directly. Should users have queries about managing Patient Data within the Services, they can reach out to us for support in addressing your requests. To ensure the utmost security of your Patient Data, Lumita Wellness can only access it following explicit instructions from the user.

 

Sharing Your Information:

We do not engage in the sale or distribution of personal information to third parties for commercial or marketing purposes. Personal information, including Patient Data, is shared only under these circumstances:

Suppliers and Service Providers: To conduct our operations and deliver Services to users and their associates, we may share a limited amount of personal information, encompassing Patient Data, with our third-party suppliers and service providers. Prior to any data transfer, we verify that these third parties have implemented suitable safeguards to protect privacy rights. Our collaborations with third-party suppliers and service providers span several domains, including:

• Data center operations for platform data storage

• Customer support services for feedback collection and support management

• Communication services for dispatching email and SMS notifications or reminders

• Payment processing services

Corporate Transactions: Personal information may be disclosed as part of negotiations or execution of business financing, mergers, amalgamations, or asset sales. We ensure the presence of adequate confidentiality agreements before any data sharing. Patient Data is excluded from such transactions.

​

Compliance with Laws:

We may release personal information to third parties if mandated by law, government directives, court orders, or regulatory agencies. This may also extend to enforcing our legal rights, security protocols, or addressing emergencies that, in good faith, necessitate personal information disclosure. Whenever possible and permissible, we strive to provide advance notice regarding the nature and rationale behind such disclosures. Patient Data is disclosed only when legally obligated.

​

Anonymized/Aggregated Data:

Lumita Wellness may employ algorithms to collect anonymous and aggregated data from users and their Patient Data, aiding in the enhancement of our Services and supporting research, data analysis, benchmarking, statistical studies, and trend identification. We ensure that this aggregated data cannot identify or be linked to any specific user or patient. Such anonymized data may be shared with users and other entities, offering insights into prevalent conditions, popular treatments, or industry and regional fee benchmarks.

​

Security:

We safeguard your personal information, including Patient Data stored on our platform, by:

• Implementing industry-standard security measures like encryption and SSL (Secure Sockets Layer) certificates to secure data transmission between your browser and our web server.

• Utilizing advanced data centers with relevant security and compliance certifications, such as SOC 2 and EU-US Privacy Shield, and ensuring HIPAA compliance.

• Requiring our staff to sign strict confidentiality agreements, acknowledging the sensitive nature of the data we handle, and accessing your account only upon your request.

• Enforcing password protection for your user account, with the password established by you. We cannot access or determine your password. Password recovery is initiated solely through the email address or mobile number associated with your Services account.

While we employ robust security protocols, no electronic communication is entirely infallible. You also play a crucial role in protecting your personal information by creating a strong password and maintaining the confidentiality of your login credentials.