Privacy Policy

Last updated: January 12, 2023

This Privacy Policy (“Policy”) describes how Hyland's and Hyland's Consumer Health, Inc., and our parent, subsidiaries, and affiliates ("we,” “us," and/or "our") handle personal information we collect online (e.g., through our websites and social media pages) and offline (e.g., through customer support channels and in-person promotional activities) (collectively, the "Services"). This Policy explains the types of personal information we collect and process, how we may use and share the data, and the choices that are available to you with respect to our handling of your data.

When we say “personal information” or “personal data,” we mean information that identifies you or can reasonably be linked to you or your household. Non-personal information, on the other hand, has been anonymized or aggregated such that it cannot be linked to a particular individual or household.

How We Collect Information

• Directly from you
• From third party service providers, data brokers, or - business partners
• From patient groups and associations
• Automatically from devices you use to connect to our Services

Types of Personal Information We Collect

We collect several categories of personal information, including identifiers, commercial information, and network information. More specifically, we collect:

• Contact and demographic information, such as your name, date of birth, age, gender, phone number, email and postal address
• Health and medical information you choose to provide, such as information about health conditions and diagnoses, information about medications and treatments, and family medical history, if you choose to provide it
• Payment information such as credit or debit account information (which is processed securely on our behalf by a trusted service provider; we do not store full payment card numbers)
• Information we obtain from your use of our website, such as device information (e.g., IP address, browser information)
• Account information, such as your username and password (passwords are hashed or encrypted, we don’t store them in plain text)
• Photographs, comments, or other content you submit to our Services
• Content you make available through social media accounts (e.g., when you sign on using social media plug-ins)
• Other information you provide to us, such as information provided in optional surveys, phone conversations, and email correspondence
• From time to time, we may use or augment the personal data we have about you with information obtained from other sources, such as public databases, social media platforms and other third parties. For example, we may use such third party information to confirm contact or financial information or to better understand your interests by associating demographic information with the information you have provided.

Information We Collect By Automated Means

When you visit our websites, we collect certain information automatically. To collect this information, we may use cookies, web beacons, and similar technologies. A "cookie" is a text file that websites send to a visitor's computer or other internet-connected device to uniquely identify the visitor's browser or to store information or settings in the browser. A "web beacon," also known as a pixel tag or clear GIF, is used to transmit information back to a web server. We may also collect information about your online activities over time and across third-party websites. To the extent this information constitutes personal information under applicable law, we will treat it as such under this Policy. The information we collect automatically may include:

• URLs that refer visitors to our websites
• Search terms used to reach our websites
• Details about the devices that are used to access our websites (such as IP address, browser information, device information, and operating system information)
• Details about your interaction with our websites (such as the date, time, length of stay, and specific pages accessed during your visits to our websites, and which emails you may have opened)
• Usage information (such as the number and frequency of visitors to our websites)
• We may associate this information with the device you use to connect to our websites, or email or social media accounts that you use to engage with our Services.

Web browsers may offer users of our websites the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites may not function correctly.

Because we link to social media sites, and from time to time may include third-party advertisements, other parties may collect your personal information about your online activities over time and across different web sites when you visit our websites.

Please note that not all tracking will stop even if you delete cookies.

Universal Opt-Out Signals

We recognize the Global Privacy Control (GPC) as a universal opt-out signal. If your browser sends a GPC signal, our site will honor it as a request to opt-out of cookies that might allow third parties to track your activity across different sites or applications. You can learn more about GPC here: https://globalprivacycontrol.org/

Some web browsers have settings that include "Do-Not-Track signals." At this time, our websites do not respond to Do-Not-Track signals. We are a member of the Digital Advertising Alliance and a description including the effects of the program can be found here: aboutads.info If you would like additional information about online tracking and various opt-out mechanisms, please see https://youradchoices.com/

How We Use Personal Information

We use the personal information we collect for the following business and commercial purposes:

• Communicating about our products and services, and responding to requests, inquiries, comments, and suggestions, as well as enhancing such communications to tailor our content to what we think will be of interest to you
• Operating, evaluating and improving our business and Services
• Developing and enhancing our products and Services
• Developing and executing sales and marketing programs, including the administration of surveys and other market research and the delivery of programs and materials
• Developing patient engagement activities, and patient support programs
• Facilitate your engagement with the Services, including to enable you to post comments and reviews
• Offer contests, sweepstakes, or other promotions
• Provide you with newsletters, articles, and other information
• Complying with legal or regulatory requirements judicial process, and our company policies
• Protecting against, identifying, investigating, and responding to fraud, illegal activity and claims and other liabilities, including by enforcing the terms and conditions that govern the services we provide

We may use non-personal information for any purpose.

How We Share Personal Information

We share personal information with our:

• Parent, affiliates and subsidiaries
• Service providers
• Health care professionals, researchers, academics, and public health organizations
• Partners with whom we jointly develop products or services
• We may also disclose personal information to comply with a legal or regulatory obligation, protect and defend our rights or property, protect the safety of our users or the public, or to protect against legal liability.

We reserve the right to transfer the information we maintain in the event we sell or transfer all or a portion of our business or assets. If we engage in such a sale or transfer, we will make reasonable efforts to direct the recipient to use your personal information in a manner that is consistent with this Privacy Policy. After such a sale or transfer, you may contact the recipient with any inquiries concerning the recipient's privacy practices.

Your Rights And Choices

Data privacy laws may provide you with a number of rights over your personal information. You may be entitled to:

• Ask us for access to the personal information we hold about you
• Request the correction and/or deletion of your personal information
• Request the restriction of the processing of your personal information, or object to that processing
• Withdraw your consent to the processing of your personal information (where we are processing your personal information based on your consent)
• Request for the receipt or the transfer to another organization, in a machine-readable format, of the personal information that you have provided to us
• Complain to the data protection authority if your privacy rights are violated, or if you have suffered as a result of unlawful processing of your personal information
• If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. This could mean that we may not be able to provide you with our products or services.

If you would like to exercise your rights, please visit https://www.hylands.com/digital-rights-request-form or contact us at privacy@hylands.com.

Residents of California and Virginia may have additional rights under their states’ laws, as described below.

International Data Transfers

We operate our information technology systems, including our websites, from the United States. Any information you provide to us may be stored and processed, transferred between and accessed from the United States (including our group companies and our external IT service providers), and other countries which may not guarantee the same level of protection of personal information as the one in which you reside. However, we will handle your personal information in accordance with this Policy regardless of where your personal information is stored/accessed. Where required by certain jurisdictions, we will transfer your information subject to jurisdiction-approved safeguards, such as standard contractual clauses.

Children

We are very concerned about protecting the privacy of children. We do not intend to collect any personal information from children under 13 years old or knowingly distribute such information. Children under 13 are not permitted to use the Services, and we request that children under 13 not submit any personal information. If you have reason to believe that a child has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

External Links

As a convenience to our visitors, our Services contains links to other websites that may offer useful information. We are not responsible for, and cannot control, the privacy policies of such other websites. You should be aware that this Privacy Policy does not apply to your use of these sites. If you provide any information to such websites, different rules regarding the collection and use of your personal information may apply. Before using these linked websites, you may wish to review their privacy policies to understand how they treat privacy, security, data collection, and distribution.

Security

We maintain reasonable administrative, technical and physical safeguards designed to protect the personal information from accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.

Despite these efforts, however, no organization can fully eliminate risks or guarantee the security of personal information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of information about you at any time, and we bear no liability for uses or disclosures of personal information or other data arising in connection with theft of the information or other malicious actions.

Content Submitted By You

Some features of the Services allow you to post content on our Services or social media pages, such as photos. Content that you provide may be shared publicly or with other users or third parties.

Data Retention

We retain personal data for as long as is necessary for the processing purpose(s) for which the data was collected, and any other permissible, related purpose. When we no longer need the personal information we collect, we either anonymize the information or securely destroy the information.

California Residents

Under California’s “Shine the Light” law , California residents with whom we have an established business relationship are entitled to request and receive, free of charge, once per calendar year, information about the customer information we shared, if any, with other businesses for their own direct marketing uses in the previous calendar year. To request a copy, please contact us at info@hylands.com. Please be aware that not all information sharing is covered by the “Shine the Light” law requirements and only information on covered sharing, if any, will be included in our response.

The rest of this section makes additional disclosures to California residents (i.e., “consumers”), and describes rights they have, under the California Consumer Privacy Act of 2018, as amended.(the “CCPA”). If you apply for a job with us, please see our Privacy Notice to California Job Applicants. If you work for us, please see our Privacy Notice to California Employees. You can learn more about the CCPA here: https://oag.ca.gov/privacy/ccpa

Collection of Personal Information

The categories of personal information we have collected about consumers in the past 12 months (outside of the job applicant and employment contexts) include:

• Identifiers, such as name, address, email address, IP address, cookie ID or other unique device identifier
• Demographic information, such as your age or gender (which may include characteristics of protected classifications under California or federal law);
• Commercial information, such as products or services purchased or considered;
• Financial information, such as payment information
• Health or medical information you choose to provide, such as information about health conditions and diagnoses, information about medications and treatments, or family medical history
• Internet or network activity information, such as browsing history and interactions with our website;
• Audio, electronic, visual, thermal, olfactory or similar information, such as photographs or other such content you submit to our Services
• Inferences drawn from other personal information to create a profile about an individual’s preferences and characteristics

We collect information about consumers using the sources disclosed in “How We Collect Personal Information,” above.

Sale, Sharing or Disclosure of Personal Information

Under the CCPA, you can request to opt-out of the “Sale” of your Personal Information (which the CCPA defines very broadly to include some service arrangements that do not involve the exchange of data for money) and the “Sharing” of your Personal Information with third parties (which the CCPA defines as sharing for purposes of cross-site targeted advertising). In the past 12 months, we have Sold or Shared the following categories of Personal Information (to the categories of recipients listed):

• Identifiers (analytics and advertising partners)
• Internet or network activity (analytics and advertising partners)

We do not knowingly Sell or Share the Personal Information of individuals under the age of 16.

Within the past 12 months, we disclosed the categories of Personal Information collected to our service providers for business purposes.

Your Rights as a Californian

California residents have the right to make the following requests to covered businesses. The requests may be made by a consumer, by a consumer on behalf of the consumer’s minor child, or by a person authorized by the consumer to act on the consumer’s behalf.

Right To Request Information About Collection, Disclosure, Sale or Sharing

You have the right to request that a business disclose to you: (i) the categories and specific pieces of Personal Information the business has collected about you within the past 12 months, (ii) the categories of sources from which the Personal Information is collected, (iii) the business or commercial purposes for collecting, Selling or Sharing Personal Information, and (iv) the categories of third parties to whom the business discloses Personal Information.

If a business Sells or Shares Personal Information, or discloses it for a business purpose, you also have the right to request that the business disclose the following with respect to the 12-month period preceding your request: (i) the categories of Personal Information that the business Sold or Shared about you and the categories of third parties to whom the Personal Information was Sold or Shared, and (ii) the categories of Personal Information that the business disclosed about you for a business purpose.

This type of request may be referred to as a “Request to Know.” Before we can honor a Request to Know, we need to verify that the person making it is the consumer whose Personal Information we have. Our method for verifying any particular request weighs information we receive as part of the request, the sensitivity of the consumer information at issue, and the risk of harm to the consumer from unauthorized disclosure.

Right to Request Deletion

You have the right to request that a business delete any Personal Information that the business has collected from you. This type of request may be referred to as a “Request to Delete.”

Before we can honor a Request to Delete, we need to verify that the person making the request is the consumer whose Personal Information we have. Our method for verifying any particular request weighs information we receive as part of the request, the sensitivity of the consumer information at issue, and the risk of harm to the consumer from unauthorized deletion.

We are not required to delete Personal Information if we still need it in order to complete the transaction for which the information was collected, provide a good or service requested by you (or that we reasonably anticipate based on our relationship with you), perform a contract with you, comply with a legal obligation, or accomplish any other objective recognized as an exception to the right to deletion under applicable law.

Right to Request Correction

You have the right to request that we correct inaccurate Personal Information about you. This type of request may be referred to as a “Request to Correct.”

Right to Opt-Out of Sale or Sharing

You have the right to direct a business that Sells or Shares Personal Information about you to third parties not to Sell or Share your Personal Information. This type of request may be referred to as a “Request to Opt-Out.”

Right to Limit Use and Disclosure of Sensitive Personal Information

If a business collects Sensitive Personal Information* for the purpose of inferring characteristics about you, you have the right to request that the business limit its use and disclosure of your Sensitive Personal Information to that use and disclosure which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests such goods and services. (Hylands does not collect Sensitive Personal Information for the purpose of inferring characteristics about consumers within the meaning of the CCPA.)

*Sensitive Personal Information includes social security number; driver’s license or state identification number; complete account log-in credentials; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents of a consumer’s mail, email and text messages (unless the business is the intended recipient of the communication); genetic data; biometric information; health information; and information concerning sex life or sexual orientation.

Right to Non-Discrimination

You have the right not to receive discriminatory treatment by a business for the exercise of your privacy rights under the CCPA.

How to Exercise Your Rights With Hyland’s

To submit a Request to Know, Delete or Correct, please visit https://www.hylands.com/digital-rights-request-form or contact us at privacy@hylands.com.

To submit a Request to Opt-Out, click on the link at the bottom of our site that says “Cookie Policy” and make changes your data preferences.

Notice of Financial Incentive

We offer our customers discounts that can be received when, for example, you sign up to receive our marketing materials and newsletters. We may also provide other programs, such as sweepstakes, contest, or other similar promotional campaigns (collectively, the “Programs”). When you sign up for one of these Programs, we typically ask you to provide your name and contact information (such as email address and/or telephone number). Because our Programs involve the collection of personal information, they might be interpreted as a “financial incentive” program under the CCPA. You can withdraw from a Program at any time by contacting us at privacy@hylands.com. The value of your personal information to us is related to the value of the free or discounted products or services, or other benefits that you obtain or that are provided as part of the applicable Program, less our expenses related to offering those products, services, and benefits to Program participants.

Virginia Residents

Your Rights Under The CDPA

Virginia residents who interact with a business in a consumer context (as opposed to a business-to-business or employment context) have certain rights under Virginia’s Consumer Data Protection Act (“CDPA”), including:

• To confirm whether or not a business is processing the consumer’s Personal Information and to access such Personal Information;
• To correct inaccuracies in the consumer’s Personal Information;
• To delete Personal Information provided by or obtained about the consumer;
• To obtain a copy of the consumer’s Personal Information that the consumer previously provided to the business in a portable, and to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another business without hindrance (if the data is processed by automated means)
• To opt out of the processing Personal Information for purposes of (i) targeted advertising, (ii) the sale of Personal Information, or (iii) profiling in furtherance of decisions that produce legally or similarly significant effects concerning the consumer.

How to Exercise Your Rights or Appeal a Decision

To make a request please visit https://www.hylands.com/digital-rights-request-form or contact us at privacy@hylands.com. To appeal a decision, please contact us at privacy@hylands.com

Changes To Our Privacy Policy

Hyland's and Hyland's Consumer Health, Inc., may at any time revise these terms and conditions by updating this posting. You are bound by any such revisions and should therefore periodically visit this page to review the revised terms and conditions to which you are bound.

How To Contact Us

You may contact us with questions, comments, or complaints about this Privacy Policy at privacy@hylands.com or

Hyland's
P.O. Box 61067
Los Angeles, CA 90061