1. Scope & Who We Are
This Privacy Policy explains how HealthTech collects, uses, discloses, and protects “Personal Information”—data that identifies or can reasonably be linked to an individual—when:
-
you browse or purchase from www.healthtechwoundcare.com or any sub-domain (the “Site”);
-
you communicate with us by phone, email, or social media;
-
you participate in conferences, clinical evaluations, or trainings we organize; or
-
we process information in connection with our wound-care products, software, and related services (collectively, the “Services”).
For U.S. residents, this Policy incorporates disclosures required by the California Privacy Rights Act (CPRA) and the 13+ other state privacy laws now in force, including those of Colorado, Virginia, Connecticut, Utah, Florida, Texas, Oregon, Montana, Delaware, Iowa, Nebraska, New Hampshire, and New Jersey.White & Case
For EU/UK residents, it serves as our notice under Articles 12–14 of the GDPR/UK GDPR.GDPR.eu
2. What We Collect
| Category | Examples | Source |
|---|---|---|
| Identifiers | name, postal address, email, phone, device ID, IP address (anonymized for analytics) | directly from you; automatically via cookies |
| Commercial data | order history, payment method (tokenized—no full card stored) | transactions |
| Internet/Device data | pages visited, time on page, browser type, referral URL | Google Analytics cookies |
| Professional or employment data | clinician license number, NPI, or employer when you act in a professional capacity | forms, conference sign-ups |
| Health information (voluntary) | wound type, treatment notes, images | only if you or your clinician upload or transmit them |
| Geolocation (coarse) | city/region inferred from IP for analytics | Google Analytics |
We do not deliberately collect sensitive data (e.g., driver’s-license numbers, biometric templates) unless you provide it voluntarily or it is necessary for regulated clinical use.
3. Why We Use Personal Information
| Purpose | Legal Basis (GDPR) | Legitimate Interests (if applicable) |
|---|---|---|
| Fulfill orders, ship products, manage warranties | Contract performance | — |
| Provide customer support & respond to inquiries | Legitimate interest / Contract | Customer service excellence |
| Improve and secure our Site (analytics, debugging, fraud prevention) | Legitimate interest | Detect misuse, enhance UX |
| Marketing communications you request (e.g., newsletters) | Consent | Brand development |
| Regulatory reporting & adverse-event tracking | Legal obligation | Patient safety |
| Clinical research (de-identified where possible) | Consent / Legitimate interest | Product innovation |
We never sell Personal Information for money. Some state laws define “sharing” for targeted advertising as a “sale”; since we use only general Google Analytics cookies (no cross-site ad tracking), we do not “share” within that definition.
4. Cookies & Similar Technologies
Our Cookie Policy explains that we deploy only first-party cookies needed for basic site operation and Google Analytics. You may disable cookies in your browser or install Google’s Opt-out Browser Add-On without affecting essential functions. The Colorado Privacy Act and several other state laws require us to honor Global Privacy Control (GPC) signals; our Site does so automatically.Axios
5. How We Disclose Information
-
Service Providers – secure payment processors, cloud hosting, shipping and logistics, Google Analytics (aggregated reports only).
-
Clinical Partners – if your clinician uploads wound-care data for consultation, we share reports solely with that clinician or facility under HIPAA-compliant terms.
-
Legal & Regulatory – government authorities or notified bodies when required to comply with law or device-safety obligations.
-
Business Transfers – in the event of a merger, acquisition, or asset sale, subject to confidentiality.
We require all recipients to safeguard data to a standard no less protective than our own.
6. International Transfers
If we transfer Personal Information from the EEA or UK to the United States, we rely on the EU-U.S. Data Privacy Framework, UK Extension, or Standard Contractual Clauses as appropriate.
7. Data Security & Retention
We employ administrative, technical, and physical safeguards (TLS encryption in transit, ISO-27001-certified hosting, least-privilege access). We keep order records for 7 years (statutory accounting period) and clinical data for 10 years (medical-device regulations) unless a longer retention is legally required or a shorter period is requested and permitted.
8. Your Rights
U.S. State Privacy Rights
Residents of California and other states with privacy statutes may have the right to:
-
Know/access the categories and specific pieces of Personal Information we hold.
-
Delete certain data.
-
Correct inaccuracies.
-
Opt out of “sale” or “sharing” (not applicable, but you can still make a request).
-
Restrict processing of sensitive data.
-
Appeal a denied request.
EU/UK GDPR Rights
EEA and UK residents may additionally:
-
Port data in machine-readable format.
-
Object to processing based on legitimate interests.
-
Restrict processing.
-
Lodge a complaint with a supervisory authority.
Exercising Your Rights
Submit a request by emailing privacy@healthtechwoundcare.com or mailing Privacy Officer, HealthTech Wound Care Inc., [full address]. We will verify your identity (or your authorized agent’s) and respond within the period required by applicable law (30–45 days). Requests are free unless manifestly unfounded or excessive.
9. Children’s Privacy
Our Services are not directed to children under 13. We do not knowingly collect Personal Information from anyone under 13 without verifiable parental consent. If we discover such data, we will delete it promptly.
10. HIPAA & Medical Information
When we act as a Business Associate to a covered healthcare entity, any Protected Health Information (“PHI”) we receive is governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In those cases, our Business Associate Agreement controls in the event of conflict with this Policy.
11. Changes to This Policy
We may update this Privacy Policy to reflect new technologies, legal requirements, or business practices. Material changes will be announced on the Site at least 30 days before taking effect, with the “Effective Date” updated below.
