This Privacy Policy explains how LaQuinta Pharmacy (“the Company,” “We,” “Us,” or “Our”), a compounding pharmacy, collects, uses, discloses, and protects Your information when You use our Service, including our website, prescription services, and related offerings. As a healthcare provider, We are committed to safeguarding Your privacy and complying with applicable laws, including the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the General Data Protection Regulation (GDPR), the California Online Privacy Protection Act (CalOPPA), the Children’s Online Privacy Protection Act (COPPA), and California pharmacy regulations.

By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy and, where applicable, Our HIPAA Notice of Privacy Practices (NPP), available at Laquintapharmacy.com/hipaa-npp.

Interpretation and Definitions

Interpretation

Words with capitalized initial letters have meanings defined below. These definitions apply in singular or plural form.

Definitions

• Account means a unique account created for You to access our Service or parts of our Service.
• Affiliate means an entity that controls, is controlled by, or is under common control with a party, where “control” means ownership of 50% or more of shares, equity interest, or securities entitled to vote for directors or managing authority.
• Company refers to LaQuinta Pharmacy, 43875 Washington St., Suite A Palm Desert, CA 92211
• Cookies are small files placed on Your Device by a website, containing browsing history details, among other uses.
• Country refers to California, United States.
• Device means any device accessing the Service, such as a computer, cellphone, or tablet.
• Personal Data is any information relating to an identified or identifiable individual. For GDPR, it includes data about a natural person (“Data Subject”). For CCPA/CPRA, it includes information that identifies or could be linked to a California resident or household. For HIPAA, it includes Protected Health Information (PHI), defined as individually identifiable health information related to Your physical or mental health, healthcare services, or payment for healthcare.
• Service refers to the Website, prescription services, and compounding pharmacy operations.
• Service Provider means any natural or legal person processing data on Our behalf, including third-party companies or individuals facilitating the Service, providing services, or analyzing usage. For HIPAA, these may include Business Associates with whom We have Business Associate Agreements (BAAs).
• Third-party Social Media Service refers to websites or social networks (e.g., Google, Facebook) through which You can log in or create an Account.
• Usage Data refers to data collected automatically, such as IP addresses or page visit duration.
• Website refers to LaQuinta Pharmacy, accessible at Laquintapharmacy.com.
• You means the individual or legal entity accessing or using the Service.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data and Protected Health Information (PHI)

As a compounding pharmacy, We collect Personal Data and PHI to provide customized medications and healthcare services, including:

• Contact Information: Email address, first and last name, phone number, address, state, ZIP code, city.
• Health Information (PHI): Prescription details, medical conditions, allergies, health history, or other data necessary for compounding medications.
• Payment Information: Credit card details or insurance information for purchases or services.
• Children’s Data: For patients under 13, We collect names, contact details, or health information with verified parental consent (per COPPA).
• Account Information: Login credentials or preferences for Account management.

Usage Data

Collected automatically, Usage Data includes:

• Device IP address, browser type/version, pages visited, visit times, time spent on pages, device identifiers.
• Mobile device data (e.g., device type, unique ID, operating system, browser) when accessing via mobile.

Third-Party Social Media Services

You may log in or register via:

• Google
• Facebook
• Instagram
• Twitter
• LinkedIn

We may collect Personal Data (e.g., name, email, activities) from these services. Additional shared information is used and stored per this Privacy Policy.

Children’s Data (Under 13)

Per COPPA, We collect Personal Data from children under 13 only with verified parental consent. This may include health information for prescriptions. Parents may review, modify, or delete this data by contacting Us.

Tracking Technologies and Cookies

We use Cookies, web beacons, and tracking tools to enhance the Service, including:

• Cookies: Small files on Your Device. You can refuse Cookies, but this may limit functionality.
• Web Beacons: Track page visits or email opens.
• Google Analytics: Analyzes usage (e.g., IP addresses, behavior).
• Invisible reCAPTCHA: Protects against bots, collecting Device data.
• Google Places: Provides location-based services, collecting location or search data.
• Remarketing Services: Deliver targeted ads (e.g., Google Ads, Facebook Pixel).

Cookies include:

• Necessary Cookies (Session): Authenticate users, prevent fraud.
• Acceptance Cookies (Persistent): Record cookie consent.
• Functionality Cookies (Persistent): Remember preferences.
• Analytics Cookies (Persistent): Track usage via Google Analytics.
• Advertising Cookies (Persistent): Support remarketing.

We honor Do Not Track signals per CalOPPA. See Our Cookies Policy at Laquintaharmacy.com/cookies.

Use of Your Personal Data and PHI

We use Personal Data and PHI to:

• Provide Healthcare Services: Compound medications, process prescriptions, and manage patient care.
• Maintain the Service: Monitor usage and functionality.
• Manage Accounts: Enable access to Service features.
• Process Payments: Handle transactions for products or services.
• Communicate: Contact You via email, phone, SMS, or notifications for prescriptions, appointments, or updates (per HIPAA and with consent where required).
• Marketing: Send promotional offers only with explicit consent (opt-out available).
• Respond to Requests: Address inquiries or patient needs.
• Business Transfers: Evaluate mergers or asset sales.
• Analytics: Improve Services via usage trends (de-identified data where possible).
• Advertising: Deliver targeted ads via remarketing (with opt-out).
• Legal Compliance: Meet HIPAA, CCPA/CPRA, GDPR, COPPA, and state pharmacy law requirements.

Sharing Your Personal Data and PHI

We may share Personal Data and PHI with:

• Service Providers/Business Associates: For analytics, payment processing, or prescription fulfillment, under BAAs for HIPAA compliance.
• Healthcare Partners: Prescribers, insurers, or compounding suppliers for treatment, payment, or healthcare operations (per HIPAA).
• Business Transfers: During mergers or acquisitions.
• Affiliates: Who honor this Privacy Policy.
• Business Partners: For promotions, with consent.
• Public Areas: Information You share publicly or via social media services.
• Legal Authorities: To comply with laws, court orders, or government requests.
• With Consent: For other purposes You approve.

Retention of Your Personal Data and PHI

We retain Personal Data and PHI only as long as necessary:

• Health Records: Per HIPAA and California law, typically 7 years from the last patient interaction or longer if required.
• Children’s Data: Retained only with parental consent and for necessary purposes (per COPPA).
• Usage Data: Kept for shorter periods unless needed for security or functionality.
• Legal Obligations: Retained to comply with tax, pharmacy, or dispute resolution requirements.

Transfer of Your Personal Data and PHI

Your data may be processed outside Your jurisdiction (e.g., for cloud storage). We use safeguards like HIPAA-compliant servers and GDPR Standard Contractual Clauses to ensure security.

Security of Your Personal Data and PHI

We implement robust security measures, including:

• Encryption (e.g., AES-256) for data in transit and at rest.
• Access controls and employee training per HIPAA.
• Regular security audits and penetration testing.
• HIPAA-compliant third-party vendors.

No method is 100% secure, but We strive to protect Your data.

Your Privacy Rights

HIPAA Rights (U.S. Patients)

As a healthcare provider, We comply with HIPAA. You have the right to:

• Access: Request a copy of Your PHI.
• Amend: Correct inaccurate PHI.
• Restrict: Limit certain uses or disclosures of PHI.
• Accounting of Disclosures: Receive a list of PHI disclosures.
• Confidential Communications: Request alternative communication methods (e.g., email instead of phone).

See Our HIPAA Notice of Privacy Practices at Laquintapharmacy.com/hipaa-npp.

California Privacy Rights (CCPA/CPRA and CalOPPA)

California residents have the right to:

• Know: Details of Personal Data collected, used, or shared.
• Delete: Request deletion, subject to healthcare exemptions.
• Opt-Out: Opt out of data sharing for targeted ads.
• Correct: Fix inaccurate data.
• Limit Sensitive Data: Restrict use of health data to necessary purposes.
• Non-Discrimination: No penalty for exercising rights.
• Do Not Track: We honor browser Do Not Track signals.

GDPR Rights (EU Residents)

EEA residents have the right to:

• Access, Rectify, Erase, or Restrict Personal Data.
• Data Portability: Receive data in a structured format.
• Object: To marketing or processing based on legitimate interests.
• Withdraw Consent: At any time.

Our legal bases include consent, contract performance, legal obligations, and legitimate interests (e.g., patient care).

COPPA Compliance (Children Under 13)

We obtain verified parental consent before collecting children’s data, provide parents access to review or delete it, and limit collection to healthcare needs.

Exercising Your Rights

To exercise rights, contact Us at info@Laquintapharmacy.com. You may also:

• Update Account settings.
• Opt out of marketing via “unsubscribe” links.
• Manage Cookies on Our Website.
• Request HIPAA rights via Our NPP process.

We respond within 45 days (CCPA/CPRA) or one month (GDPR). We may retain data for legal or healthcare purposes.

Disclosure of Your Personal Data and PHI

Healthcare Operations

We may disclose PHI to prescribers, insurers, or pharmacies for treatment, payment, or operations, per HIPAA.

Business Transactions

Your data may be transferred during mergers or sales, with prior notice.

Legal Requirements

We may disclose data to:

• Comply with laws or court orders.
• Protect Our rights or safety.
• Investigate wrongdoing.

Third-Party Services and Ads

We use:

• Google Analytics, Google Places, Invisible reCAPTCHA, and Remarketing Services for analytics, location, security, and ads.
• Payment Processors: HIPAA-compliant vendors for transactions.
• Healthcare Vendors: For prescription fulfillment, under BAAs.

Ads may use tracking for personalization. Opt out via Laquintapharmacy.com/privacy-settings or Network Advertising Initiative. Third-party links have separate privacy policies.

Email Communications

We send emails for:

• Prescription updates or healthcare services (HIPAA-compliant).
• Marketing, with consent (opt-out via “unsubscribe”).

Changes to This Privacy Policy

We may update this policy, notifying You via email or Website notice. Review periodically at Laquintapharmacy.com/privacy.

Contact Us

For questions or rights requests:

• Email: info@Laquintapharmacy.com
• Mail: LaQuinta Pharmacy, 43875 Washington St., Suite A Palm Desert, CA 92211
• Data Protection Officer (GDPR): info@Laquintapharmacy.com