Mahalo Clinic
Kauai Doctor on call

Privacy Policy

Privacy Policy

Last Updated: 10-15-2024


Introduction

Mahalo Clinic (the "Company," "We," "Us," or "Our") respects Your privacy and is committed to protecting it through compliance with this Privacy Policy ("Policy"). This Policy describes how We collect, use, maintain, protect, and disclose information gathered when You use Our website, https://www.mahalo.clinic ("Service"). This Policy also outlines Your rights regarding the use of Your Personal Data and how We comply with various privacy laws.
 
By using Our Service, You agree to the collection and use of information in accordance with this Policy. If You do not agree with Our policies and practices, please refrain from using the Service. Your continued use of the Service constitutes acceptance of this Policy.


1. Definitions

Service:

The website https://www.mahalo.clinic operated by Mahalo Clinic.

Personal Data:

Information about a living individual who can be identified from those data (e.g., name, email address, health information, payment information).

Health Data:

Any data related to Your health status, including medical history, conditions, and prescriptions.

Usage Data:

Data automatically collected during use of the Service (e.g., IP address, browser type, time spent on pages).

Cookies:

Small files stored on Your device to enhance the Service experience.

Data Controller:

The entity that determines the purposes and means of processing Personal Data. For this Policy, We are the Data Controller of Your Personal Data.

Data Processor (or Service Provider):

Any entity that processes data on behalf of the Data Controller.

Data Subject (or User):

The individual using Our Service who is the subject of Personal Data.

Payment Data:

Information related to payments made for the use of Our Service, such as credit/debit card details, billing addresses, and transaction history.


2. Types of Data Collected

2.1. Personal Data

While using Our Service, We may ask You to provide certain personally identifiable information, including but not limited to:
- Name and Surname
- Email address
- Home Address
- Phone number
- Health history and medical information (e.g., symptoms, medications, and prescriptions)
- Payment details (e.g., credit card information, billing address)
- Communication history with Our healthcare professionals


2.2. Health Data

We collect and process Health Data provided by You during Your use of Our telemedicine services. This includes medical history, symptoms, treatment plans, and prescriptions provided through Our Service.


2.3. Usage Data

We collect information on how the Service is accessed and used, including:
- Your IP address
- Browser type and version
- Pages visited on Our Service
- Date and time of Your visit
- Time spent on pages
- Device information (hardware model, operating system, unique device identifiers)


2.4. Tracking Technologies

We use cookies, web beacons, and other tracking technologies to monitor activity on Our Service and store certain information. You can set Your browser to refuse cookies or indicate when a cookie is being sent. However, some parts of Our Service may become inaccessible without cookies.


2.5. Payment Data

For payment processing, We use third-party service providers (e.g., payment processors) who are PCI-DSS compliant. We do not store or collect Your payment card details directly; such information is securely processed by Our payment service providers according to their privacy policies. The Payment Data may include:
- Credit/debit card information
- Billing address
- Transaction history


3. Use of Data

We use the collected data for various purposes:
- To Provide Healthcare Services: To facilitate telemedicine consultations, diagnose, provide treatment, and manage prescriptions.
- To Process Payments: To handle billing, process transactions, and fulfill financial obligations related to Our Service.
- To Maintain and Improve Service: To ensure the functionality of Our Service, enhance performance, and monitor usage trends.
- To Communicate with You: To send updates, respond to inquiries, and provide customer support.
- To Comply with Legal Obligations: To adhere to relevant healthcare, data privacy, and payment processing regulations, including HIPAA, GDPR, and CCPA.
- To Prevent Fraud: To monitor for potential security breaches and prevent fraudulent transactions.
- For Marketing and Promotions: With Your consent, to provide You with information about services, products, and promotions that may interest You. You may opt out at any time.


4. Legal Basis for Processing Data

4.1. For EEA Residents (GDPR Compliance)

If You are located in the European Economic Area (EEA), Our legal basis for processing Your Personal Data includes:
- Your Consent: For sending marketing communications and processing sensitive health data.
- Performance of a Contract: To provide You with the telemedicine services You have requested.
- Compliance with Legal Obligations: For record-keeping and reporting as required by healthcare and privacy laws.
- Legitimate Interests: To enhance the quality of Our Service, prevent fraud, and secure Our platform.


4.2. For U.S. Residents (HIPAA, CCPA Compliance)

- HIPAA Compliance: We comply with the Health Insurance Portability and Accountability Act (HIPAA) to protect Your health information.
- CCPA Compliance: For California residents, We will not sell Your Personal Data. You have the right to request information about the categories of Personal Data We collect, request deletion, and opt-out of data sharing.


5. Retention of Data

We retain Personal Data and Health Data only as long as necessary to fulfill the purposes outlined in this Policy or as required by law. For example:
Healthcare Records: Retained as required by healthcare laws and regulations.
Payment Data: Retained for financial auditing and tax purposes.
Usage Data: Retained for a shorter period, except when necessary for security or to improve Our Service.


6. Transfer of Data

Your information, including Personal Data and Health Data, may be transferred to and stored on computers located outside of Your jurisdiction. We implement appropriate safeguards to ensure that Your data is securely transferred and remains protected in accordance with this Privacy Policy.


7. Disclosure of Data

We may disclose Your information:


To Healthcare Providers: To facilitate Your treatment and telemedicine consultations.

To Service Providers: For payment processing, IT services, data analytics, and communication services.

For Business Transactions: In the event of a merger, acquisition, or asset sale.

To Comply with Legal Requirements: To comply with court orders, legal processes, or regulatory requirements.

To Protect Rights: To enforce Our policies, protect Our rights, or ensure the safety of Our users.

With Your Consent: In any situation where You have given explicit consent.


8. Security of Data

We use industry-standard security measures to protect Your Personal Data and Health Data, including encryption, access controls, and secure storage. However, no online transmission or electronic storage is completely secure. While We strive to use commercially acceptable means to protect Your data, We cannot guarantee absolute security.


9. Your Data Protection Rights

9.1. GDPR Rights (For EEA Residents)

You have the right to:
- Access, update, or delete Your Personal Data
- Correct inaccurate data
- Restrict processing of Your data
- Object to processing
- Request data portability
- Withdraw consent for data processing
 
To exercise these rights, please contact Us at info@mahalo.clinic. We may require verification of Your identity before responding to such requests.


9.2. CCPA Rights (For California Residents)

If You are a California resident, You are entitled to:
- Request information about the categories and specific pieces of Personal Data We collect.
- Request deletion of Your Personal Data.
- Opt-out of the sale or sharing of Personal Data (Note: We do not sell Your data).
 
To exercise these rights, contact Us at info@mahalo.clinic. We may require verification of Your identity before responding to such requests.


9.3. HIPAA Rights (For U.S. Residents)

- Request restrictions on certain uses and disclosures of Your Health Data.
- Obtain copies of Your Health Data.
- Request amendments to Your Health Data.
 
To exercise these rights, please contact Us at info@mahalo.clinic. We may require verification of Your identity before responding to such requests.


10. Children's Privacy

Our Service is not intended for children under the age of 18. We do not knowingly collect information from anyone under this age. If You believe We have collected data from a child under 18, please contact Us at info@mahalo.clinic to remove that information.


11. SMS Communication and User Consent


Collection of Phone Numbers

We collect and store your phone number when you provide it to us for the purpose of receiving SMS (Short Message Service) communications related to your use of our services, such as appointment reminders, health updates, notifications, and other important information. By providing your phone number, you consent to receive these SMS messages from our platform.


Opt-In Consent

By voluntarily providing your phone number and agreeing to receive SMS communications, you explicitly consent to be contacted via text message at the number provided. Message frequency may vary depending on your interaction with our services. You may be required to affirmatively opt in to receive such communications by checking a consent box or through another mechanism provided during the registration process.


Opt-Out Process

You have the right to opt out of receiving SMS messages from us at any time. To stop receiving SMS messages, you can reply "STOP" to any message you receive. After opting out, you will no longer receive SMS communications, except for messages related to your account status, billing, or legal notices, where permitted by law. If you wish to re-subscribe to SMS communications, you may do so by contacting us or opting in through your account settings.


Data Retention and Security

We take your privacy seriously and store your phone number securely in compliance with applicable data protection laws. We use encryption and other security measures to protect your personal information, including your phone number, from unauthorized access, disclosure, or misuse. Your phone number will only be used for the purposes outlined in this privacy policy. SMS consent and phone numbers will never be shared with third parties or affiliates under any circumstances.


Third-Party Service Providers

In some cases, we may use third-party service providers to facilitate SMS communication. These providers are contractually obligated to protect your personal information and are prohibited from using your phone number for any purpose other than to provide the service on our behalf.



12. Changes to This Privacy Policy

We may update Our Privacy Policy periodically. We will notify You of any changes by posting the new Policy on this page and updating the "Last Updated" date at the top. We recommend reviewing this Policy periodically for any changes.


13. Contact Us

If You have any questions or concerns about this Privacy Policy or wish to exercise Your data protection rights, please contact Us:
- By email: info@mahalo.clinic


Effective Date: 10-15-2024

Share by: