LAST UPDATED: June 22, 2023
Who may use the website?
The website is not intended for or designed to attract users under the age of 18. If you are under 18, you may not send us any personal information. The website is intended only for users from the United States. We cannot guarantee that the same privacy protections of the United States will apply to users from other countries.
International privacy laws
WHAT PERSONAL INFORMATION DO WE COLLECT FROM THE PEOPLE THAT VISIT OUR BLOG, WEBSITE OR SOCIAL MEDIA?
When we collect your Personal Data, we may acquire any of the following:
- Behavior (pages visited on our site, search terms used to find our site, comments, etc.)
- Email address
- First and last name
- Mailing address
- Zip code
- Country of residence
- IP address
- Device ID
- Type of device (ie: smartphone, desktop, tablet)
- Browser settings
- Type of browser (ie: Firefox, Chrome, etc.)
- Operating system (ie: iOS, Android, Windows, etc.)
- Billing information such as a billing address, shipping or mailing address and credit card number
- Tax ID number
- Company name
- Education institution
- Other company details
- Other personal details
You can opt out of providing most of this Personal Data by not entering the data when asked. However, please be aware that if you choose to withhold any Personal Data requested by us, it may not be possible for you to gain access to certain parts of the site, or to receive, download, purchase or access services, products and information, or for us to respond to your query.
When do we collect information?
Most of our online services do not require any form of registration, allowing you to visit our site without telling us specifically who you are or sharing any personal details. We collect information from you when you register on our site, subscribe to our newsletter or mailing list, click on an advertisement or link from a third party site, visit any page of our website, click on a link or button, download something, purchase a product, write a review of our goods or services, or enter any information on our site.
How do we use the personal information we collect?
We may use the collected information in any of the following ways:
- To provide us with an overview of how people are accessing and using this website
- To understand and analyze usage trends and preferences of our visitors and users so that we can improve our service and develop new products, services, features and functionalities
- To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested
- To administer a contest, promotion, survey or other site feature
- To provide information, products or services to you that you request
- To market and sell products and services that may be of interest to you
- To operate, maintain, enhance and provide all features of the service
- To respond to comments and questions and to provide support to users of the service
- To process payments
- To collect basic health and contact information from individuals who are interested in receiving health care services from us
- To contact visitors for administrative purposes such as customer service, or to follow up with you after email or phone inquiries
- To address intellectual property infringement, right of privacy violations or defamation issues related to the Personal Data posted on the site
- To communicate updates for privacy practices, promotions, events, products and services offered by us and by third parties we work with
- To ask for ratings, reviews, feedback and opinions of services or products
You have the ability to opt-out of receiving promotional email communications and newsletters by clicking on the “Unsubscribe” link found at the bottom of any emails we send to you, or by contacting us (see “How to Contact Us” section below).
The information collected is not used for any additional purpose, and we do not profile those who access our website. We never buy, sell or loan any Personal Data.
Who controls and processes our website users’ data?
A data ‘controller’ determines the purposes for which and the manner in which Personal Data is processed. For users of this website, we (Attune Functional Medicine LLC) are a data controller.
A data ‘processor’ may hold or process Personal Data on behalf of a data controller. We may have multiple data processors at any given time, including, but not limited to:
- Attune Functional Medicine and its staff members or hired contractors
- our email marketing and email management software service provider (currently GetResponse)
- our website hosting service provider (currently SiteGround)
- our blogging platform service provider (currently WordPress.com)
- various payment merchants such as Stripe
- Various social media sites such as YouTube, Facebook, Pinterest, and Instagram
Note that, while the above entities act as data processors on our behalf, some or all of them may also act as data controllers in their own rights. For example, our payment merchants decide which information they need from our customers in order to process their payments correctly. The payment merchants or other data processing entities may also exercise control over the other purposes that a customer’s data is used for, for example direct marketing of their products and services, which is not within our control. The payment merchants or other data processing entities also have legal requirements of their own to meet, such as regulations relating to the use and retention of payment card data or other Personal Data. And, finally, each data processor has its own terms and conditions and privacy policies that apply directly to our website users.
How long do we keep personal information?
How do we protect our website users’ data?
Under data protection laws and regulations, Personal Data must be processed in accordance with certain data protection principles, under which Personal Data must:
- be processed fairly and lawfully and in a transparent manner;
- be obtained and processed only for one or more specified, explicit, and lawful purposes;
- be adequate, relevant and not excessive in relation to the purpose;
- be accurate and, where necessary, kept up to date;
- be kept for no longer than is necessary for the purpose;
- be processed in accordance with the rights of users and in a manner that ensures appropriate security, integrity and confidentiality of the Personal Data
Attune Functional Medicine ensures that it employs appropriate technical and organizational measures to adhere to these principles.
Additionally, we implement practices and procedures designed to ensure that Personal Data is processed only as instructed by the user, throughout the entire chain of processing activities by Attune Functional Medicine and its data processors. Additionally, our services undergo security assessments by internal personnel, which include infrastructure vulnerability assessments and application security assessments.
We regularly monitor the site for unauthorized intrusions, and we only permit authorized personnel to have access to password-protected secure areas. We have controls in place that are designed to prevent and detect the introduction of viruses to our web-based platforms and company-owned devices. We use a SSL (Secure Sockets Layer), which is the standard security technology for establishing an encrypted (secure) link between a web server and a browser. This secure link ensures that all data passed between our web server and our visitors’ browsers remain private.
- Make our website work as you’d expect
- Remember your settings during and between visits to the site
- Improve the speed and security of the site
- Allow you to share pages with social networks like Facebook
- Continuously improve our website for you
- Make our shopping basket and checkout work
- Collect compensation from third-parties when you make a purchase through an affiliate link on our site or our social media platforms
- Remember your search settings
- Tailor content to your needs
- Allow you to sign into your online shopping account
- Remember if we have already asked you certain questions (e.g. prevent a pop-up inviting you to join our newsletter if you joined on a previous page)
- And more
We do not sell, trade, or otherwise transfer to outside parties your Personally Data unless we provide users with advance notice. This does not include website hosting partners, email marketing software services, payment merchants, and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when its release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property or safety.
How we respond to Do Not Track (DNT) Signals
Attune Functional Medicine does not track its customers or website visitors over time and across third-party websites to provide targeted advertising and, therefore, does not respond to Do Not Track (DNT) signals. However, some third-party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your web browser may allow you to se the DNT signal on your browser so that third parties (particularly advertisers) know you do not want to be tracked.
If you would like to learn how to set your web browser so that websites do not track you, you can review the following tutorials:
Facebook conversion tracking pixel
Our website may utilize the Conversion Tracking Pixel service of Facebook Inc. (“Facebook”). This tracking pixel is a small piece of Java script code that we have embedded into each of our web pages. This piece of code allows us to follow the actions of users after they are redirected to a provider’s website by clicking on a Facebook advertisement. We use these pixels to record information about the way visitors use our website. This pixel records information about the user’s browser session, which it sends to Facebook, along with a hashed version of the Facebook ID and the URL viewed.
Every Facebook user has a unique, device-independent Facebook ID that allows us to address and recognize users across a range of devices using the Facebook social network, so that we can address our visitors for commercial purposes using Facebook ads. The user information will be deleted after 180 days, until the user visits our website again. The collected data remain anonymous. This means that we cannot see the personal data of any individual user, and we will not be able to discover the identity of any individual user. However, the collected data are saved and processed by Facebook. We use the anonymous data from visitors to monitor and record the effectiveness of Facebook advertisements for our market research and advertising purposes.
We are informing you on this matter based on the information available to us at this time. Facebook is able to connect the data with your Facebook account and use the data for their own advertising purposes, in accordance with Facebook’s Data Use Policy found here: https://www.facebook.com/about/privacy. Facebook Conversion Tracking also allows Facebook and its partners to show you advertisements on and outside of Facebook. Also, a cookie will be saved onto your computer for these purposes. Only users over 13 years of age may give their permission. If you are younger than this age, please consult your parent(s) or legal guardian(s) on this matter.
Social media widgets
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. See more at: https://support.google.com/adwordspolicy/answer/1316548?hl=en. We have not enabled Google AdSense on our site but we may do so in the future.
In addition to standard Google Analytics, we have enabled Google Analytics’ Advertising features. These features include the following:
- Remarketing with Google Analytics
- Google Display Network Impression Reporting
- Google Analytics Demographics and Interest Reporting
- Integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers
We will use the advertising cookies and identifiers to collect information about your personal demographics, which may include your age and gender. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on available here: https://tools.google.com/dlpage/gaoptout/.
California Online Privacy Protection Act (CalOPPA)
In compliance with CalOPPA, our company agrees to the following:
- Users can visit our site anonymously.
You can change your personal information:
- By emailing us or mailing a letter to us (see the “How to Contact Us” section below)
Colorado Privacy Act (CPA)
The Colorado Privacy Act (CPA) goes into effect on July 1, 2023 and it applies to companies that collect and process the personal data of “consumers.” Under the CPA, a consumer is an individual who is a Colorado resident acting only in an individual household context.
Our company complies with this Act by agreeing to the following:
- To provide our customers and website visitors with a reasonably accessible, clear, and meaningful privacy notice;
- To specify the express purpose for which personal data will be collected and processed;
- To collect personal data that is adequate, relevant, and limited to what is reasonably necessary in relation to the specified purposes;
- To avoid secondary uses of personal data that are not reasonably necessary or compatible with the specified purposes, unless consent is first obtained
- To take reasonable measures to secure personal data
- To avoid processing personal data in violation of state or federal laws that prohibit unlawful discrimination
- To conduct periodic data protection impact assessments of “high risk” processing activities, including targeted advertising, profiling, sales, and sensitive data processing. (“Sensitive” data includes personal data revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, citizenship or citizenship status, genetic or biometric data that may be processed for the purpose of uniquely identifying an individual, and the personal data of a known child.)
- To enter into data processing agreements with processors and service providers when necessary or appropriate
- The right to opt out of targeted advertising, sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer. Effective July 1, 2024, consumers have the right to opt out of targeted advertising or selling through a universal opt-out mechanism;
- The right to access and port personal data;
- The right to correct inaccurate personal data;
- The right to delete;
- The right to opt-in to the processing of sensitive personal data
Does our site allow third-party behavioral tracking?
We currently allow third-party behavioral tracking through Google Analytics. We may occasionally allow third-party behavioral tracking through Facebook Conversion Tracking Pixel service.
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of Personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old. We do not knowingly collect Personal information from any person under the age of 18 years old.
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We may collect your email address in order to:
- Send you information or goods that you have requested
- Respond to your inquiries and requests
- Market to our mailing list or continue to send emails to our clients after the original transaction or registration has occurred
To be in accordance with CAN-SPAM, we agree to the following:
- Not use false or misleading subjects or email addresses.
- To identify the message as an advertisement in some reasonable way.
- To include the physical address of our business or site headquarters.
- To monitor third-party email marketing services for compliance, if one is used.
- To honor opt-out/unsubscribe requests quickly.
- To allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails from us, you can send an email to us with your request and we will promptly delete your information and remove you from all further correspondence. You may also unsubscribe at any time by clicking on the “Unsubscribe” link found at the bottom of any emails that we send to you.
Your rights and choices: access, correction and deletion of your personal information
We respect your privacy rights and provide you with reasonable access to the Personal Data that you may have provided to us through your use of this site. If you wish to access or amend any other Personal Data we hold about you, or to request that we delete any information about you that we have obtained from an Integrated Service, you may contact us as set forth in the “How to Contact Us” section below. At your request, we will have any reference to you deleted or blocked from our database.
You may update, correct, or delete your information and preferences at any time by contacting us (see the “How to Contact Us” section below). You may also unsubscribe from our services by clicking the “Unsubscribe” link at the bottom of any emails that we send to you. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain some or all of the information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
You may also decline to share certain personal information with us, in which case we may not be able to provide you with some of the features and functionality of our services. At any time, you may object to the processing of your personal information, on legitimate grounds, except if otherwise permitted by applicable law.
When you place an order through the site, we will maintain your order information for our records unless and until you ask us to delete this information. We are required to keep some basic information about our customers including transaction data for tax and legal purposes and therefore there is some information that cannot be deleted.
If you are located in the EU or EEA and fall under the rules of GDPR, you have the right to access any personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. Under GDPR you have the right to erasure (or the right to be forgotten), meaning you can request that we delete all of your personal data from our systems. This is an additional step beyond unsubscribing from our email list. If your concern is wanting to stop receiving email, then unsubscribing should be adequate and full erasure might not be necessary. Please contact us if you have questions.
You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
How to contact us
- Request access to information that we have about you
- Correct or modify any information that we have about you
- Delete information that we have about you
If you have any additional questions about our collection, storage and use of personal information, please contact us:
- by email at firstname.lastname@example.org, or
- by postal mail at: Attune Functional Medicine, 13654 Xavier Lane, Suite 202, Broomfield, CO 80023
This policy may be changed at any time at our discretion. If this policy is updated, we will post the updated version on this page of the website.