DexaFit Privacy Policy
Last modified on January 21, 2024.
1. Introduction
Welcome to DexaFit. We, at DexaFit, together with our subsidiaries and affiliates (collectively, "DexaFit," "we," "us," or "our"), prioritize your privacy and are committed to protecting your personal information. This Privacy Notice outlines our practices regarding the collection, use, protection, and disclosure of personal information across our websites, mobile applications, social media platforms, interactive features, and other services linked to this Notice ("Platforms"). Our services are designed to provide comprehensive health insights, including body composition and bone density assessments, cardiorespiratory and metabolic health tests, and laboratory diagnostics. Additionally, we facilitate the documentation of health histories, interpretation of health outcomes, and connection with healthcare and wellness providers for personalized guidance.
"Personal Information" in this Privacy Policy refers to data that identifies you personally, like your name, address, email, and phone number, along with any other private information linked to you. "De-Identified Information" is information that cannot be used to identify an individual.
Our Platforms are intended for users in the United States. If you access our Platforms from outside the United States, your information may be transferred to, processed, and stored under different data protection laws, which may not offer the same level of protection as those in your country. By using our Platforms, you consent to the transfer, processing, and storage of your information as described in this Notice.
We encourage you to read this Notice carefully to understand how we are dedicated to protecting your privacy and handling your personal information with care.
2. How We Collect Your Information
DexaFit is dedicated to utilizing the information we collect in a manner that enhances your experience and the quality of our services. Our use of your Personal Information, De-Identified Information, and data from third-party integrations is guided by the principles outlined in this Notice and any additional disclosures provided to you.
Direct Information Provision: When you engage with our Platforms—through activities such as registering, scheduling appointments, performing services, or communicating with us—you share various types of information:
Personal Identifiers: This includes information like your name, email address, postal address, and phone number, which we use for account creation, service provision, and communication.
Health Information: We collect detailed health assessments, fitness test results, health histories, and other health-related information. This data enables us to customize our services to your individual health and wellness goals, offering personalized insights and recommendations. It also informs the continuous improvement and development of new features and services to better meet your needs. Please note, this health-related data is not considered an Electronic Health Record (EHR) or an Electronic Medical Record (EMR) for any purposes, including compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Our use of this information is strictly for providing and enhancing our health and wellness services.
Demographic and Lifestyle Details: Information regarding your ethnicity, lifestyle choices, and other demographic data, aiding in the personalization of our services.
Integration with Third-Party Services: You may choose to share data from third-party services such as Apple Health or Google Fit with DexaFit. This additional layer of information allows us to enhance our service offerings with a broader perspective on your health and activity levels.
Visitor Data Collection: Non-registered users who interact with our Platforms contribute information, albeit limited, which is managed with the same rigor as that of registered users, ensuring privacy and security.
Passive Data Gathering: Our Platforms automatically collect certain usage data and preferences through technologies like cookies and web beacons. This passive collection is crucial for optimizing user experience and enhancing service functionality.
3. How We Use Your Information
DexaFit utilizes the information collected to offer and improve our services, ensuring an optimized experience for all users. We will only use your personal information as described in this Notice or, if not described in this notice, as disclosed to you prior to such processing taking place. The purposes for which we may use your personal information include:
Personal Information Use:
Service Provision: We use your Personal Information to deliver services or products you request, manage your account, and process transactions.
Communication: Your information allows us to contact you for platform administration, service updates, send account notices (including any expiration and renewal alerts), and inform you about changes to our policies or services.
User Support and Engagement: We respond to your inquiries, enable participation in interactive features, and use your feedback to improve our services.
Customization: Personal Information helps tailor your experience on our Platforms, ensuring content and features are aligned with your preferences.
Security Measures and Compliance: Ensuring the security of our platforms and adherence to legal obligations necessitates the processing of your data, safeguarding both user interests and our operational integrity.
User Support and Engagement: When you submit a support ticket or request technical assistance, you understand and authorize us to associate your personal information with your Platform data to effectively address and resolve the reported issue.
De-Identified Information Use:
Service Enhancement: We may use your Anonymous and De-Identified Information to contribute to our ongoing efforts to improve the quality and efficacy of Platform and Services.
Innovation: We may leverage your De-Identified Information for research purposes, aiming to advance health and wellness insights and develop new offerings.
Platform Improvement: This information is crucial for analyzing usage patterns, improving platform features, and enhancing overall service quality.
Research and Development: We use aggregated and anonymized data for research, helping us innovate and develop new offerings.
Marketing Insights: Anonymous data assists in identifying popular services and tailoring our marketing strategies accordingly.
Third-Party Integration: Data shared from third-party services like Apple Health or Google Fit enriches your profile, enabling more comprehensive health insights
Visitor Engagement:
Platform Improvement: Information from visitors aids in enhancing the usability and appeal of our platforms, ensuring a welcoming experience for potential users.
Outreach: Non-personal data from visitors helps tailor our marketing efforts to better showcase our services.
Passive Collection Application: Usage data and preferences collected passively are instrumental in customizing and improving your interaction with our platforms.
Furthermore, we may reach out to you regarding our own and third-party offerings that may be of interest to you. Should you prefer not to receive such communications, kindly inform us at privacy@dexafit.com.
Additionally, the data we gather may be used to tailor advertisements, potentially influencing the content presented to you based on advertiser targeting. Interactions with these advertisements might imply your alignment with the intended audience criteria.
Finally, in alignment with our commitment to your privacy and security, we retain your Personal Information only as long as necessary to fulfill the purposes outlined above, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods depend on the nature of the information and the reasons for its collection:
Account Information: Retained for the lifetime of your account with us and for a reasonable period thereafter for backup, archival, and/or audit purposes.
Health and Service-Related Information: Kept in accordance with legal, regulatory, and professional standards applicable to health data and service provision.
Transactional Data: Stored for a period necessary to fulfill contractual obligations and in accordance with applicable tax and accounting laws.
After the expiry of the retention periods, your data will be securely deleted or anonymized.
4. Selling, Sharing, and Disclosure of Personal Information
DexaFit maintains a firm stance against the sale of personal information. However, there are specific circumstances under which we may share or disclose your personal information, detailed below, to facilitate the provision of our services and comply with legal obligations:
Healthcare Coordination: When you engage with laboratory testing, clinician oversight, telehealth services, or require other healthcare-related services, we may share necessary personal information with the relevant healthcare providers. The usage and disclosure of such health information are governed by our strict adherence to HIPAA. We ensure that your Protected Health Information (“PHI”) is used and disclosed only as permitted or required by HIPAA and applicable state laws, emphasizing the 'minimum necessary' standard and obtaining explicit authorizations when necessary. We have implemented stringent administrative, physical, and technical safeguards to protect the privacy and security of your PHI, consistent with HIPAA's Security Rule. These measures include encryption, access controls, and employee training on privacy and security policies.
Corporate Structure: Within DexaFit's corporate family, personal information may be shared with our subsidiaries and affiliates to deliver services and respond to your requests effectively.
Business Transitions: In the event of significant corporate changes such as mergers, acquisitions, or asset sales, personal information may be part of the transferred assets, subject to your consent and in alignment with this Notice.
Legal and Regulatory Compliance: We may be compelled to disclose your personal information in response to legal processes or government requests, including for national security or law enforcement purposes, or to comply with public health mandates. Such disclosures are made in good faith, adhering to legal standards and ethical obligations, to enforce our Terms of Service, protect rights and safety, and ensure compliance with regulatory mandates.
Service Providers: DexaFit partners with Service Providers who assist in operating our Platforms and delivering services. These providers have access to personal information solely for performing contracted tasks and are obligated to maintain confidentiality and security.
Website Tracking and Third-Party Integrations: Our Platforms use cookies and other technologies for functional, analytical, and marketing purposes. Interactions with third-party platforms or services linked to ours are subject to their privacy practices, and we advise reviewing their policies.
Targeted and Third-Party Advertising: With your consent, we may share specific categories of personal information with marketing and promotional partners for targeted advertising. This allows us to present you with relevant offers and services.
DexaFit respects your privacy preferences, including your right to limit certain uses of your information. Should you choose to opt out of targeted advertising or other optional communications, please reach out to privacy@dexafit.com. Note that opting out does not exempt you from receiving essential service-related communications.
5. How You Can Change or Remove Your Information
Updating Your Information: At DexaFit, we strive to ensure that your Personal Information is accurate and up to date. You have the ability to review and update certain aspects of your Personal Information directly within our Platforms, where such functionality is available. For modifications not available through the Platform, or if you need assistance, please contact us at support@dexafit.com.
Deletion of Your Information: You have the right to request the deletion of your Personal Information. Please be aware that while we are committed to accommodating your request, certain legal and regulatory requirements may necessitate the retention of your information for a specified period. In such cases, we will only retain your information for as long as is absolutely necessary to fulfill those requirements.
When your Personal Information is deleted, it will be removed from our active databases but may remain in backups and archives for a limited time for our internal processes. Please note, however, that once we have shared your information with third parties, such as healthcare providers or partners, we may not be able to control or retract the information shared.
Retention of De-Identified and Aggregate Information: Following the deletion of your Personal Information, we may continue to utilize De-Identified and aggregated data derived from your information for analytical, research, and operational purposes, in accordance with this Privacy Policy and applicable laws.
Modifications by DexaFit: We reserve the right to make corrections or modify any inaccuracies in your information as needed. However, we will not make significant changes to your Personal Information without your consent.
We are committed to ensuring that you have control over your Personal Information. For any questions or concerns regarding the management of your data, please reach out to our Privacy Department at the contact information provided in this policy.
6. How We Protect Your Information
At DexaFit, the security of your Personal Information is paramount. We adhere to stringent data collection, storage, and processing practices, incorporating industry-leading security measures to prevent unauthorized access, alteration, disclosure, or destruction of your data. Our commitment to data protection is in line with the privacy and security safeguards required by the Health Insurance Portability and Accountability Act (HIPAA) for PHI, employing encryption, rigorous access controls, and comprehensive employee training focused on the responsible handling of PHI. For inquiries or more information about our data security practices and compliance efforts, please reach out to privacy@dexafit.com.
Despite our commitment to employing advanced security measures, it's important to recognize the inherent challenges of internet data transmission and electronic storage. Consequently, while we endeavor to provide robust protection for your information, we must note that absolute digital security cannot be fully assured.
We also emphasize the critical role you play in protecting your personal information. Vigilance in managing your account credentials and awareness of unauthorized access attempts are crucial. We urge you to promptly report any suspicious activities to us. Moreover, we recommend exercising discretion when sharing personal information beyond our secure platforms, as we cannot safeguard data once it leaves our systems.
7. Breach Notification
In compliance with applicable laws and regulations, DexaFit is committed to maintaining the privacy and security of your Personal Information, including any PHI, in situations where you use the Platform in connection with services covered by HIPAA or state laws governing the privacy of health information, such as California’s Confidentiality of Medical Information Act or Virginia Code § 32.1-127.1:03. Should there be a breach of your Personal Information or PHI, DexaFit will notify you. This notification is contingent upon a thorough investigation and risk assessment conducted by DexaFit, which determines the probability that the privacy or security of your PHI has been compromised.
Should a breach occur, you will be notified in a timely manner, consistent with the urgency of the situation and no later than sixty (60) days following the discovery of the breach. This timeline is subject to adjustment if state laws mandate a more expedient notification process. DexaFit's commitment to transparency and responsibility in such situations underscores our dedication to the protection of your personal and health-related information.
8. Your Rights Regarding Your Personal Information
At DexaFit, we respect your rights over your personal information and provide you with the means to manage and protect it.
Access and Copies: You are entitled to request access to your Personal Information held by us. Should you wish to review or obtain a copy, please reach out using the contact details provided below. We may require identity verification before fulfilling your request. If any information is inaccurate or outdated, you have the right to request a correction.
Cease Processing or Deletion: You can request that we cease processing or delete your Personal Information under certain conditions. While we strive to accommodate such requests, there may be instances, due to transactional obligations or legal requirements, where we are unable to do so. Please contact us to discuss your specific situation.
Withdraw Consent: If our processing of your information is based on your consent, you have the right to withdraw this consent at any time. This can be done by reaching out to us through the provided contact details.
Data Portability: In certain scenarios, you may request the transfer of your Personal Information to a third party. For more details on this right and how to exercise it, please contact us.
Complaints: Users within the European Union have the right to lodge a complaint with the appropriate data protection authority in their country if they have concerns about how we handle their Personal Information.
Retention: We retain your Personal Information only as long as necessary to fulfill your requests, provide services, adhere to legal obligations, resolve disputes, and enforce agreements.
Unsubscribe: You can opt out of receiving marketing communications from us by clicking the "unsubscribe" link in our emails. However, service-related communications, which are non-promotional, cannot be opted out of.
To exercise any of these rights or for further information, please use the following contact details: privacy@dexafit.com.
9. Changes to This Privacy Policy Notice
DexaFit reserves the right to update or amend this Privacy Policy at any time to reflect changes in our practices or service offerings. When updates are made, we will adjust the "Last Modified" date at the top of this document to indicate when the changes were applied. Significant changes to our Privacy Policy will be communicated through our Platform, via email, or through a prominent notice before the changes take effect. We encourage you to review this Privacy Policy regularly to stay informed about how we are protecting your Personal Information. By continuing to use our services after these changes are made, you acknowledge and agree to the revised policy.
10. Children Under the Age of 18
DexaFit's Platform and Services are primarily intended for adult users. We do not knowingly collect or solicit Personal Information from individuals under the age of 18 without obtaining verifiable parental or guardian consent. In cases where such consent is granted, we will collect and use information from users under 18 in accordance with the terms of this Privacy Policy and applicable laws.
If we become aware that we have collected Personal Information from a child under 18 without parental or guardian consent, we will take steps to delete that information as quickly as possible. If you believe that we might have any information from or about a child under 18 without the requisite consent, please contact us at the information provided below.
For concerns or inquiries related to children's privacy or any other aspects of this Privacy Policy, please reach out to us at: privacy@dexafit.com.
11. Notice to Residents of California, Colorado, Connecticut, Utah, and Virginia
At DexaFit, we recognize and respect the privacy rights granted to individuals by various state laws. This notice specifically addresses the rights of residents in California, Colorado, Connecticut, Utah, Virginia, and Nevada, under their respective state privacy laws.
California Residents: Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), California residents have the right to know about the personal information a business collects about them and how it is used and shared. They also have the right to request deletion of their personal information, opt-out of the sale or sharing of their personal information, and the right to non-discrimination for exercising their CCPA rights.
Colorado, Connecticut, Utah, and Virginia Residents: Residents of these states have rights under the Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA), and the Virginia Consumer Data Protection Act (VCDPA), respectively. These rights may include the ability to access, correct, delete, and obtain a copy of personal data, as well as to opt-out of the processing of personal data for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects.
Nevada Residents: Nevada residents have the right under Nevada Privacy Law (Senate Bill 220) to opt-out of the sale of certain pieces of their personal information.
DexaFit commits to complying with the requirements of these laws and will facilitate the exercise of the rights granted to residents of these states. To make a request under any of these state laws, please contact us through the designated channels provided in our Privacy Policy.
We also ensure that exercising your rights under these laws will not result in any discriminatory treatment. DexaFit values your privacy and strives to handle your personal information with the utmost care and respect.
This notice is subject to change, in line with modifications to state laws or DexaFit's privacy practices. Significant updates will be communicated through our Privacy Policy and, where appropriate, directly to affected individuals.
Residents of the mentioned states who wish to exercise their privacy rights or have questions regarding their state-specific rights can reach out to DexaFit at: privacy@dexafit.com.
12. Geographic Considerations
DexaFit is primarily focused on users within the United States of America, tailoring our platforms and services to meet the needs and regulations applicable within this region. While we endeavor to uphold privacy and security standards that align with or are similar to the best practices globally, our operational framework is designed with the U.S. audience in mind.
For users accessing our platforms from outside the United States, please be aware that your engagement with our services results in data being transferred to the U.S., where data protection laws may not offer the same level of protection as in your home country or other jurisdictions.
We encourage international users to consider this when interacting with our services and to understand that, despite our high standards for data protection, our primary compliance and regulatory alignment are with U.S. laws and regulations.
13. Where We Store Your Information
DexaFit is headquartered, and the Platform is hosted, in the United States of America. In order for us to provide the Services to you, we will process and store Personal Information you provide to us in the United States of America, which may have different data protection laws than those in the country in which you reside.
14. Privacy Inquiries
DexaFit has appointed a Privacy Officer to oversee our compliance with this privacy policy and applicable privacy laws. We are committed to addressing your inquiries promptly and effectively, ensuring your privacy rights are respected and protected.
Should you have any questions, concerns, or requests related to your personal information, access to your data, or our privacy practices, we encourage you to reach out to our Privacy Department.
By emailing us: privacy@dexafit.com
By mail post:
Privacy Department
DexaFit, Inc
3601 Minnesota Drive Ste 180
Edina, MN 55435