Lux Physical Therapy and Functional Medicine ( “lux” “we” or “us”) is committed to protecting your privacy. This Privacy Policy (“Policy”) describes how we collect, use, disclose and protect your Personal Information (as defined in Section 1). It applies to all Personal Information processed by us on any of our Services, as well as written, electronic, and oral communications. However, this Policy does not describe how we collect or use your Protected Health Information (as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), which is covered by our Notice of Privacy Practices (“Privacy Practices”). For clarity our Privacy Practices, not this Policy, explains our privacy practices with respect to your Protected Health Information (“PHI”).
Unless we define a term in this Policy, all capitalized terms used in this Policy have the meaning provided in our Private Practice Patient Agreement. Please make sure that you have carefully read and understand the Patient Agreement before you use our Services. By using our Services, you accept the Patient Agreement and accept our privacy practices described in this Policy. If you do not feel comfortable with any part of this Policy or our Patient Agreement, you must not use or access our Services.
We may modify this Policy from time to time. The date of change will be shown next to “Effective Date” at the top of this page. We encourage you to read this Policy periodically to ensure you have up-to-date knowledge of our privacy practices.
Whenever material changes to this Policy are made, we will provide you with notice before the modifications are effective by sending a message to the email address associated with your account. By continuing to access or use the Services after changes to this Policy become effective, you agree to be bound by the revised Policy. If any changes are unacceptable to you, you may stop using our Services at any time.
We collect Personal Information when you use our Services, create an account with us or submit Personal Information to us. “Personal Information” is any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly with a particular individual, including, but not limited to, a first and last name, email address, a home, postal or other physical address, and phone number. The types of Personal Information that we may collect about you are:
A. Information You Provide to Us. We collect information you give us when you register with us for a luxphysicaltherapy.com account, when you use our Services, when you participate in surveys or promotional activities, or when you otherwise choose to submit your information to us.
C. Information Related to Your Use of the Services. We may automatically collect information about your use of the Services (“Usage Data”), including information sent by your mobile devices. For example, we may collect:
D. Information Sent by Your Mobile Devices. We collect certain information that your mobile devices send when you use our Services, such as a unique identifier, user settings and the operating system of your device, as well as information about your use of our services on your mobile device.
E. Location Information. When you use our online Services, we may collect and store information about your general location by converting your IP address into a rough geo-location. We may also access your mobile device’s GPS coordinates or course location but only if you have previously agreed that we can collect this information by allowing the sharing of your location information. If you do not want us to have your location information, you may disable the location sharing feature on your device or browser.
A. Cookies. A “Cookie” is a small data file that certain websites write to your computer or smart device when you visit them. A Cookie can’t read data off your hard disk or read Cookie files created by other websites. We use session Cookies that are deleted when you leave our website and close your browser, and persistent Cookies that can remain even after you leave. A Cookie file can contain information such as a user ID that the website uses to track the pages you’ve visited. The Cookies that are configured by our website do not contain directly identifying information, such as your name or sensitive information, such as your credit card number. We use Cookies to:
B. Types of Cookies on Our Services. We use the following types of Cookies on our Services:
C. How to Manage Cookies. Depending on whether you would like to manage a first-party or third-party Cookies, you will need to take the following steps:
D. Web Beacons. Web Beacons, also known as web bugs, pixel tags or clear GIFs, are tiny graphics with a unique identifier that may be included on our website to deliver or communicate with Cookies, in order to track and measure the performance of our website and Services, monitor how many web visitors we have, and to monitor the effectiveness of our advertising. Unlike Cookies, which are stored on the user’s device, Web Beacons are typically embedded invisibly on web pages (or in an e-mail).
E. Analytics Technologies. Users of our Services who have JavaScript enabled are tracked using analytics technologies, including Google Analytics and Mixpanel. Unless the Analytics feature is blocked, it collects the following types of information from the user: type of user agent (web browser) used, software manufacture and version number; type of operating system; network location and IP address; country, city, state, region, county, or any other geographic data; hostname; bandwidth (internet connection speed); time of visit; pages visited; time spent on each page of the website; referring site statistics; the website (URL) the user came through in order to arrive at our website; search engine query used (example: typing in a phrase into a search engine, and clicking on a link from that search engine). The data collected by the analytics technology is primarily used to optimize the Service experience for our users. We also use this data for our own business purposes, for example, to analyze how many users we have, where visitors come from, and understand how they interact with us.
F. Internet-Based Advertising. We use information collected about a user’s use of our Services to arrange for advertisements about our Services to be served to the user on third-party’s websites. To do so, our advertising service providers place or recognize a unique Cookie on the user’s browser and use other techniques, such as pixel tags. Please visit the Network Advertising Initiative for more information about this practice and to learn about your choices. Users may opt-out of receiving interest-based advertising. The opt-out may be provided through specific opt-out Cookies. Please visit the following Your Ad Choices and the Network Advertising Initiative to learn more.
G. Mobile Applications. Depending on your permissions, we may receive your Personal Information from your internet service and mobile device providers. Users of mobile device who do not want to receive interest-based advertising may opt-out in several ways. Learn more about your choices for mobile devices by visiting Your Ad Choices. To end all targeting on a mobile device immediately, turn on “Limit Ad Tracking” in the device settings. To limit Ad Tracking on an Apple device, please see here. To limit Ad Tracking on an Android device, please see here.
H. Social Media. Depending on your permissions, we may receive your Personal Information from your social media accounts. You can edit or remove Personal Information usage permissions by using privacy settings on your social media account. Click below for instructions on how to change or remove third party access on each platform:
We will only use your Personal Information as described in this Policy or otherwise through your informed consent.
A. To Provide Our Services to You. We will use your Personal Information to provide information or perform Services that you request. We may use general location information to improve and personalize our Services to you, such as providing location-relevant information and Services to you. If the applicable information is to be provided or Service is to be performed by a third-party, then we will disclose the applicable information to the third-party providing the information or performing the applicable Services. Your Personal Information may be available or provided to third-party service providers who are contractually obligated to protect your Personal Information as disclosed in this Policy. In the preceding twelve (12) months, we have not sold any Personal Information to any third-party.
B. For Operations and Administration of Our Business. We will use your Personal Information for the purposes of furthering our business, including creating, operating, delivering, maintaining, and improving our content, products, and Services. We may monitor how our users use our Services including, without limitation, time spent using our Services, pages visited and content viewed. Aggregated forms of this data may also be used for research and development purposes in order to offer new features, functionalities, products and services.
C. For Business Analytics Purposes. We analyze, and may engage third-parties to analyze, your Personal Information and Usage Data to determine the usefulness of our website, mobile app, and other elements of the Services. Analytics help us determine how effective our navigational structure is in helping users reach the information they seek, completing the task they wish to complete, etc., and to tailor features and functionalities to our users’ needs and preferences.
D. For Marketing Purposes. Marketing lets us grow our community and update you about new products and services. We process your contact information or information about your interactions about our Services to: send you marketing communications and keep you updated about our products and Services; provide you with informational content; and deliver targeted marketing materials to you. We may periodically send you free newsletters and e-mails that directly promote our Services that we believe may be of interest to you. When you receive such promotional communications from us, you will have the opportunity to “opt-out” (either through your account or by following the unsubscribe instructions provided in the e-mail you receive). We do need to send you certain administrative and transactional communications regarding the Services and you will not be able to opt out of those communications – e.g., communications regarding updates to our Terms of Services, this Policy, or information about billing and renewals, among others.
E. To Provide Customer Support. We collect information that you provide to us when you contact us, such as with questions, concerns, feedback, disputes or issues, so we can address your needs and support your use and enjoyment of the Services.
F. For Account and Network Security Purposes. We care about keeping your Personal Information secure and safe while using our Services. Keeping you safe requires us to process your Personal Information, such as your device information, log-in information, activity information and other relevant information to proactively manage privacy and security risks. We use such information to combat spam, malware, malicious activities or security risks; improve and enforce our security measures; and to monitor and verify your identity so that unauthorized users do not gain access to your information.
G. For Legal and Regulatory Compliance Purposes. Our Services are subject to certain laws and regulations which may require us to process your Personal Information. For example, we may process your Personal Information to comply with privacy laws, comply with employment laws, or as necessary to manage risk as required under applicable law.
H. To Enforce Compliance with Our Terms and Agreements of Policies. When you access or use our Services, you are bound to our Membership Terms and this Policy. To ensure you comply with them, we process your Personal Information to actively monitor, investigate, prevent and mitigate any alleged or actual prohibited, illicit or illegal activities on our Services. We also process your Personal Information to investigate, prevent or mitigate violations of our terms, agreements or policies.
A. Information Shared with Our Employees, Services Providers. We may engage employees and third-party services providers to work with us to administer and provide the Services or to promote our Services. These employees and third-party services providers have access to your Personal Information only for the purpose of performing services on our behalf and are expressly obligated not to disclose or use your Personal Information for any other purpose.
D. Information Disclosed for Our Protection and the Protection of Others. We cooperate with government and law enforcement officials to enforce and comply with the law. We may disclose Personal Information about you to government or law enforcement officials as we, in our sole discretion, believe necessary or appropriate: (i) to enforce our Membership Terms; (ii) to respond to claims and legal process (including subpoenas); (iii) to protect the property, rights and safety of a third party, our users, or the public in general; (iv) to protect our property, rights and safety; (v) to stop any activity that we consider fraudulent, illegal, unethical or legally actionable; and (vi) as required by applicable local, state or federal laws.
We safeguard the security of the information you provide to us with physical, electronic, and administrative procedures. For certain features of our Services we use industry-standard SSL-encryption to enhance the security of data transmissions. Your account information is password-protected for your privacy and security. While we strive to protect your Personal Information, we cannot guarantee the security of the Internet, and cannot ensure the security of the Personal Information that is transmitted through the Internet. Please recognize that protecting your Personal Information is also your responsibility. We urge you to take every precaution to protect your Personal Information when you are on the Internet, or when you communicate with us and with others through the Internet. Change your passwords often, use a combination of letters and numbers, and make sure you use a secure browser. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account might have been compromised), or if you suspect someone else is using your account, please let us know immediately by contacting us as indicated in the “How to Contact Us” section. If your credit information, username, or password is lost, stolen, or used without permission, please promptly notify us and we will assist you in updating your account details. Some portions of the Services (for example our presence on social media) allow users to submit comments, reviews, ratings and other information that may be displayed on the Services and viewed by others. We recommend that you do not post on or through the Services any information that you do not want to make available to other users or the public generally. You assume all responsibility for any loss of privacy or other harm resulting from information you post publicly.
We do not currently respond to web browser “do not track” signals or other mechanisms that may allow you to opt out of the collection of Personal Information across networks of websites and online services as there is no standard for how online services should respond to such signals. As standards develop, we may develop policies for responding to do-not-track signals that we will describe in this Policy.
We are committed to protecting the privacy of children in connection with the use of our Services. This section explains our online information collection, disclosure, and parental consent practices with respect to information collection from children under the age of thirteen (13) (“Child” or “Children”) in accordance with the U.S. Children’s Online Privacy Protection Act (“COPPA”). For more information about COPPA and general tips about protecting Children’s online privacy, please click here. Our Services include online Services that may be used to facilitate health care for a Child. A parent or guardian can create a Lux account on behalf of a dependent Child and attest that they have legal authority to do so. Children under the age of eighteen (18) are not eligible to register directly for an account. If your Child directly uses their Lux account, either with or without your permission, we may collect information directly from the Child. If you prefer for your Child to not directly interact with luxphysicaltherapy.com online, please do not provide account credentials to your Child. Please note certain state patient privacy laws may permit a Child to directly obtain certain types of health care services independent of their parent or guardian.
A. Registration. Children cannot directly register for our Services. During the user registration process, the parent or guardian can create a Child’s account by providing certain information about the Child, including name, birth date, address, email and password.
We may contain links to other sites that are owned or operated by third-parties. We are not responsible for the content, privacy or security practices of any third-parties. To protect your Personal Information, we encourage you to learn about the privacy policies of those third-parties.
Lux has accounts on social media platforms through which we may post information or conduct promotional activities. If you use social media to follow us or interact with us, we may collect Personal Information you choose to share with us. Please understand that your use of the social media services may result in the collection or sharing of Personal Information about you by those social media services. We have no control over, and decline all responsibility for, the use of your personal data by these third-parties. Your use of social media, including your interactions with us on social media, are at your discretion. We encourage you to review the privacy policies and settings on the social media services with which you interact to make sure you understand how your information may be collected, used, and shared by those social media services.
Your Personal Information is stored on controlled servers with limited access and may be stored and processed in the United States or another country where our service providers are located. We offer our Services to individuals located in the United States, and we do not advertise our Services outside the United States. If you are located outside the United States and choose to provide your Personal Information to us, please note that we may transfer your Personal Information to the United States or another country where our service providers are located, and such countries may not provide the same data protection. Those who choose to access and use the Services from outside the United States do so on their own initiative, at their own risk, with this understanding.
We may amend this Policy from time to time and revise the language of the Policy to reflect such changes. If there is a significant or material change in the way we use your personal information, the change will be posted thirty (30) days prior to taking effect and registered users will be notified via email.
If you are a California resident, additional California privacy laws may apply and are included in our California Privacy Notice supplement on the following page. If you are a California resident our California Privacy Notice supplement should be read by you.
1. For California Residents. Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws (together “California Law(s)”), California residents have the following rights (“Rights”) listed below. Your Right to Know and Right to Deletion are not absolute and are subject to certain exceptions. For instance, we cannot disclose specific pieces of Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the Personal Information, your account with us or the security of the business’s systems of networks.
B. Right to Deletion. You have the right to request that we delete any Personal Information we have collected from you or maintain about you. However, we are not required to comply with such requests if it is necessary for us or our partners to maintain the Personal Information in order to:
C. Right to Opt-Out of the Sale of Your Personal Information. If a business sells your Personal Information you have the right to opt-out of having your Personal Information sold. We do not sell any of your Personal Information.
D. Right to Non-Discrimination. We will not discriminate against those who exercise their Rights. Specifically, if you exercise your Rights, we will not deny you goods or Services, charge you different prices or rates for goods or Services or provide you a different level or quality of goods or Services.
3. Summary. Below is a summary of the Personal Information we collect as a business in the preceding twelve (12) months, the reason we collect your Personal Information, where we obtain the Personal Information we collect about you, and the third-parties that we share your Personal Information. The section references relate to the sections above in this Policy.
If you have questions or concerns about our collection, use, or disclosure of your Personal