Refer a friend & Earn $50 in FAB Rewards! Learn More >

Consumer Health Data Privacy Policy

Effective Date: May 14, 2025

SkinSpirit Essential, LLC, and the entities it manages (collectively, “SkinSpirit,”“we,” “us”) have adopted this Consumer Health Data Privacy Policy(the “CHD Privacy Policy”) to comply with the Washington and Nevada consumer health data privacy laws. This CHD Privacy Policy supplements our general Privacy Policy, and describes our practices regarding consumer healthconsumerhealth data, which is defined by the applicable laws as personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status. In the event of a conflict between our Privacy Policy and this CHDPrivacy Policy, the CDH Privacy Policy will prevail as to consumer health data ofWashington and Nevada consumers.

CONSUMER HEALTH DATA WE MAY COLLECT

To the extent not excluded from the relevant consumer health data laws, we may collect different types of consumer health data from and about you, including:

  • Individual health conditions, treatment, diseases, or diagnosis (for we may ask you about  physical conditions or limitations, allergies to numbing medication, prior treatments, etc.);
  • Social, psychological, behavioral, and medical interventions;
  • Health-related surgeries or procedures (for instance, we may ask you about procedures or surgeries which may impact your treatments with us);
  • Use or purchase of prescribed medication;
  • Bodily functions, vital signs, symptoms, or measurements of health information;
  • Diagnoses or diagnostic testing, treatment, or medication;
  • Gender-affirming care information;
  • Reproductive or sexual health information;
  • Biometric data;
  • Genetic data;
  • Precise location information that could indicate a consumer’s attempt to acquire or receive health services or supplies;
  • Data that identifies a consumer seeking health care services;
  • Other information that may be used to infer or derive data related to the above or other health information.

Consumer health data does not include publicly available information, deidentified data, or information that is already protected under certain federal and state laws.

SOURCES OF CONSUMER HEALTH DATA

We may obtain the categories of consumer health data listed above, online and offline, from the following categories of sources:

  • Directly from you and your representatives. For example, we may collect information from you when you use our services or services, share a specific health condition with us, sign up for receiving communications from us, participate in a promotion or reward program, attend our events, interact with us over the phone, online or in any other way.
  • Indirectly from you. For example, when we obtain health-related information through automated measures, such as facial scans.
  • Automatically as you interact with our sites, applications and services. Information collected automatically may include IP addresses, device identifiers, and information collected through cookies, pixels, tags, web beacons, and other tracking technologies that send us information when you browse, use, visit, or otherwise interact with our sites, applications and services. SkinSpirit does not collect any such data unless you have specifically consented to its collection.
  • Third parties, such as medical service providers, nurses, and HIPAA-regulated health care providers that may share information about your health with us. For example, your physician might be sharing relevant information about your condition with us after obtaining your consent. 
  • Our business and marketing partners who provide us with information about consumers who are viewing our content across other websites or applications, purchasing our products, or interacting with our promotions, benefits, or programs.
  • Other third-party sources, such as service agents and data brokers who provide us with information about consumers that may be interested in our products or services. We may also engage third-party service providers to provide certain interactive features to you online. Your use of these interactive features is voluntary, and we may retain the data that you submit through these features. For example, we may offer an interactive chat feature when you use our services to assist you with identifying information about our services related to certain health conditions. By using these online features, you agree that you understand that our vendors may process the information obtained through such features.

HOW WE MAY USE CONSUMER HEALTH DATA

We may use consumer health data as reasonably necessary in order to provide you with the products and services you have requested from us. This may include using consumer health data to communicate with you, to power our services, and to comply with law. We may also use consumer health data for other purposes, including:

  • To fulfill the purposes for which you provided the data or that were described when it was collected.
  • To respond to your questions and requests for information and provide you with customer service (for instance, to respond to your inquiries during the booking process about our ability to meet your needs, as related to your health conditions or treatments).
  • As required by us or by various laws, regulations, or local authorities to book some of our services or visit our physical locations.
  • To create, maintain, customize, and secure your profile or account information.
  • To provide you with promotional materials, such as information about the services, programs, or events that may be relevant to you.
  • To prevent, detect, protect against, or respond to security incidents, identity theft, fraud, harassment, malicious or deceptive activities, or any activity that is illegal under state law or federal law; preserve the integrity or security of systems; or investigate, report, or prosecute those responsible for any such action that is illegal under state law or federal law.
  • To protect the confidentiality, integrity and accessibility of your consumer health data.
  • To measure or understand the effectiveness of advertising and to deliver advertising served as part of our current interaction with you.
  • To perform data analytics and quality control.
  • To perform research, product development, testing, and analysis, including to improve our website and services.
  • To conduct internal investigations and audits and to ensure appropriate recordkeeping.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • To comply with any applicable laws, regulations and statutory requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes, or opinions).
  • To exercise and defend our legal rights.
  • To protect your safety or the safety of others.
  • To evaluate or conduct a merger, acquisition, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which information held by us is among the assets transferred.

SHARING CONSUMER HEALTH DATA

We do not sell your consumer health data. 

We may share the categories of the consumer health data listed in the first section of this CHD Privacy Policy with select trusted parties in order to provide you with the products and services you requested from us, for any purpose for which you provided consent, or to comply with the law. We may share the consumer health data with the following categories of third parties: 

  • Our affiliates, if sharing is needed for data processing or operational purposes. For example, we may share data when making a referral to a related practitioner or where we share common data systems with our affiliates, subsidiaries or related companies. The affiliates with whom we may share consumer health data include SkinSpirit Holdings LLC, SkinSpirit Essentials LLC, Dean Vistnes, M.D., Inc., Dean Vistnes, M.D. Texas, P.A., Dean Vistnes, M.D., P.A., and Dean Vistnes, MD New York, P.C.
  • Healthcare providers, for treatment purposes; 
  • Other third parties, such as social media platforms (if you explicitly allow us to post your photos on such social media platforms);
  • Professional service providers, such as IT service providers, e-commerce vendors, analytic service providers, advertising partners, where enabling access to data helps us provide our services and operate our business; 
  • Government, regulatory, and law enforcement agencies, if required by law;
  • Parties to litigation.

We may also disclose consumer health data as permitted by applicable law, including:

  • With your consent.
  • To prevent, detect, protect from, or respond to security incidents, identity theft, fraud, harassment, or malicious or deceptive activities.
  • To our processors, i.e., third-party entities that process consumer health data on our behalf in a manner consistent with the purpose for which consumer health data was collected.
  • To a third party with whom you have a direct relationship for the purpose of providing a product or service requested by you, in circumstances where we maintain control and ownership of the data and the third party only uses the data at our direction for the purpose for which the data was collected or to which you consented.
  • To a third party engaged in a merger, acquisition, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets.
  • To investigate, report, or take legal action to protect our rights, property, and safety and the rights, property, and safety of others.
  • To protect your or others' vital interests, including health and safety.

YOUR RIGHTS

Subject to limited exceptions, the health data privacy laws provide Washington and Nevada residents (as well as individuals whose consumer health data is collected in Washington and Nevada) with certain rights regarding consumer health data, including:

Right to Confirm and Access. You have the right to confirm whether we are collecting, sharing or selling your consumer health data and to access such data, including:

  • a list of all third parties and affiliates that we have shared or sold your consumer health data to; and
  • the email addresses or other online method to contact those third parties and affiliates.

Right to Withdraw Consent. You have the right to withdraw consent for consumer health data collection and sharing.

Right to Request Deletion. You have the right to have your consumer health data deleted from our records. 

We will not discriminate against you for exercising any of the above rights. We will not attempt to re-identify any data that was previously deidentified.

Please note that these specific rights will not apply to any data that is exempt from consumer health data laws – for example, the Washington My Health My Data Act does not apply to deidentified data, publicly available information, or information that is protected by certain other privacy laws, such as HIPAA. 

EXERCISING YOUR RIGHTS

Making a Request. To exercise your consumer rights, please submit a request by emailing us at privacy@skinspirit.com or through the Privacy Request Form on our website.  Depending on the nature of your request, you may be required to provide additional information to verify your identity.  Please do not send any sensitive information, such as your Social Security Number, through an unsecured email.

Responding to Requests. We will respond to your request within 45 days of its receipt. If we require more time (up to a total of ninety (90) days), we will inform you of the reason and the extension period in writing. If we are unable to authenticate your request to exercise consumer rights using commercially reasonable efforts, we are not required to comply and we may request additional information from you. We may need to turn down deletion requests if state or federal laws or regulations require that we maintain the particular kind of information you requested us to delete.

You are entitled to receive information in response to your request free of charge, up to twice per year. In case of requests that are manifestly unfounded, excessive, or repetitive, we may charge a reasonable fee to cover the administrative costs of complying with the request or decline to act on the request. 

Authorized Agent. You may authorize an agent to exercise your rights on your behalf. When a request is submitted by an authorized agent, we will require the requestor to: (1) provide the authorized agent’s written permission to do so; and (2) verify their own identity directly with us. If we are unable to verify the identity of the requestor or if we do not receive proof from the authorized agent that the requestor authorized the agent to act on the requestor’s behalf, we will refuse to take action on the request.

Appeals Process. If you wish to appeal our refusal to take action on a your request, please email us at privacy@skinspirit.com. Within 45 days of receipt of the appeal, we will inform you in writing of any action taken or not taken in response to the appeal, along with a written explanation of the reasons for our decisions. If the appeal is denied, we will provide you with an online mechanism or another method through which you may contact the Attorney General to submit a complaint.

CHANGES TO THIS POLICY

We reserve the right to amend, modify and delete sections of this CHD Privacy Policy at our discretion and at any time. When we make changes to this policy, we will post the revised CHD Privacy Policy on the website and update the effective date accordingly. You are responsible for reviewing this CHD Privacy Policy periodically to make sure you are aware of any changes.

CONTACT INFORMATION

If you have any questions or concerns regarding the policies and practices described in this CHD Privacy Policy, please contact us at privacy@skinspirit.com.