Effective Date: March 11, 2023

This Privacy Policy (“Privacy Policy” or “policy”) describes how CYA PBC. (“CYA”, “Us”, “We”) handles data and personal information in providing CYA services (“Services”) to its users and customers. All of our systems, procedures, use of data, and Services are in accordance with the the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (42 U.S.C. § 300gg) governing the safeguarding of medical information. We encourage you to read through and understand this Privacy Policy. We may periodically update our Privacy Policy to address new issues or reflect changes to our Services. If we make changes that are material to the use of personally identifiable information, then we will attempt to provide you with notice of those changes. We reserve the right to revise this policy, with such revisions effective immediately upon the posting of the revised policy. Your use of Services after such posting constitutes your acceptance of those terms as revised.

Definitions

Capitalized terms not defined in this Definitions Section below shall have the meaning set forth by applicable law when a citation is present.

• “Agreement” means the underlying Service Agreement and related agreement between CYA

• “Member Data” means the personally identifiable information CYA receives regarding a CYA member.

Member Data Collected

CYA receives Member Data from Members in order to provide Services under its Agreement with Members. When a Member enters into an Agreement with CYA, the Member may be asked to provide the following Member Data into the CYA system or platform: First and Last Name, Email Address and Phone Number, Bank Details, and Medical History. 

Use or Sharing of Member Data

We share Member Data solely for the purposes of performing Services under our Agreement, and for purposes required by law.

• Disclosures by Law
  We may disclose Member Data when required or permitted by law.

• De-identified Data
  We may use de-identified data to improve our products or services and for other related purposes.

Security

The security of Member Data is important to us. CYA stores and processes Member Data in accordance with industry standards and applicable law, ensuring that Member Data is protected from unauthorized access, use and disclosure.

In the event that we believe that the security of Member Data has been compromised, we will notify you as required by applicable law and the terms of the Agreement. We will always attempt to notify you as promptly as possible under the circumstances of any security breach affecting Member Data that we believe may pose a material risk of harm.

Upon notice from a Member to delete or destroy Member Data, we will ensure that the deletion of Member Data complies with HIPAA standards. In all instances we will ensure that procedures concerning the Member Data we use to perform Services comply with HIPAA.

To protect Member Data from unauthorized access, use, and disclosure, CYA maintains a comprehensive information security program and employs reasonable and appropriate physical, administrative, and technical safeguards. CYA performs periodic risk assessments of its information security program and prioritizes remediation of identified security vulnerabilities.

CYA will NEVER: 1) Sell your data to third parties; 2) share Member Data with third parties for the purpose of targeted advertising; 3) use Member Data for marketing purposes; 4) claim ownership of Member Data.

Cookies and Internet Tags

We may collect and process information about your use of the Services to help us improve the Services and to compile aggregate statistics about the use of Services for internal purposes through the use of “cookies.” Cookies also enable you to sign in to the Service and access your stored preferences and settings. If you choose to block this function, it may impair or prevent required functionality and therefore your use of the Service.

Contact Us

Please contact privacy@clubcya.com with any questions you may have about our Privacy Policy.