Data Protection

  • Home
  • Data Protection

categories

Popular post

Popular tags

lactose intolerance tummy ache dairy allergy vs intolerance lactase supplements low-lactose foods subarachnoid hemorrhage complementary therapies acupuncture mindfulness post-stroke fatigue furosemide cerebral edema loop diuretic brain swelling mannitol vs furosemide hyperosmolar therapy intracranial pressure management kiwi weight loss kiwifruit benefits kiwi nutrition kiwi for wellness how to eat kiwi
By Gabrielle Strzalkowski, Sep 4 2025 0 Comments

Scope and Data Controller

This Data Protection Notice applies to the website chsny.org operated by Comprehensive Health Solutions NY (CHSNY) in the United States of America. It describes how we collect, use, disclose, and safeguard personal information in accordance with applicable U.S. laws and, where relevant, the EU/UK General Data Protection Regulation (GDPR) for individuals located in the European Economic Area (EEA) or the United Kingdom.

The data controller responsible for personal information processed in connection with chsny.org is:

Comprehensive Health Solutions NY (CHSNY)
Owner: Gabrielle Strzalkowski
H Mart Carrollton
2625 Old Denton Rd
Carrollton, TX 75007
Email: [email protected]

Categories of Personal Information We Collect

Depending on your interactions with our website, we may collect the following categories of information:

  • Identifiers and contact details: name, email address, and any details you submit via contact forms or email.
  • Internet and device information: IP address, browser type, device identifiers, operating system, referring URLs, pages viewed, and timestamps.
  • Usage and analytics data: interactions with pages and features, session metrics, and aggregated statistics.
  • Approximate geolocation: derived from IP address (city/region level).
  • User-generated content: inquiries or feedback you voluntarily provide.
  • Marketing preferences: your choices about receiving updates or newsletters (if offered).

We do not intentionally collect financial account numbers, government-issued identifiers, precise geolocation, biometric data, or protected health information (PHI) via this website.

Sources of Personal Information

  • Directly from you when you submit forms, send emails, or otherwise communicate with us.
  • Automatically from your device and browser through cookies, log files, and similar technologies.
  • Service providers that support our website operations (e.g., hosting, analytics, email delivery) acting on our behalf.

Purposes and Legal Bases for Processing

We use personal information for the following purposes:

  • To operate, secure, and improve our website and services.
  • To respond to inquiries and provide customer support.
  • To perform analytics, measure performance, and understand audience engagement.
  • To comply with legal obligations and enforce our terms.
  • With your consent, to send updates or communications you request.

GDPR Legal Bases (for EEA/UK visitors)

  • Consent: for non-essential cookies, newsletters, and certain communications.
  • Legitimate interests: website functionality, security, fraud prevention, and audience measurement proportionate to your privacy expectations.
  • Legal obligation: compliance with applicable laws and regulatory requirements.
  • Contract: where processing is necessary to respond to requests you initiate that may lead to a contractual relationship.

Cookies and Similar Technologies

We may use cookies, pixels, and similar technologies to enable core site functionality, remember preferences, perform analytics, and enhance user experience.

  • Strictly necessary cookies: essential for site operation and security.
  • Functional and performance cookies: improve features and measure usage.
  • Analytics cookies: help us understand how visitors engage with our content.

Where required by law, we request your consent for non-essential cookies. Browser settings may allow you to block or delete cookies; doing so may impact site functionality.

Data Sharing and Disclosure

We may share personal information with:

  • Service providers and processors that host our site, provide analytics, security, email delivery, or customer support, under contractual confidentiality and data protection obligations.
  • Professional advisors (legal, compliance) as necessary.
  • Authorities and regulators when required by law or to protect rights, safety, and security.
  • Successors in the event of a reorganization, merger, or similar corporate transaction (subject to legal requirements).

We do not sell personal information for monetary consideration and do not share personal information for cross-context behavioral advertising or targeted advertising.

International Data Transfers

If you are located outside the United States, your information may be processed in the U.S. and other jurisdictions that may not provide the same level of data protection as your home country. Where GDPR applies, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and supplementary measures, or your explicit consent where appropriate.

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described above or as required by law. Typical retention periods are:

  • Inquiry and correspondence records: up to 24 months after last interaction.
  • Web server logs: up to 12 months for security and fraud prevention.
  • Analytics data: up to 26 months in aggregated or de-identified form where feasible.
  • Consent records: up to 5 years to demonstrate compliance.

We may retain data longer if necessary to comply with legal obligations, resolve disputes, or enforce agreements.

Security Measures

We implement administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, access controls, least-privilege practices, system monitoring, and regular updates. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

Sensitive and Health-Related Information

CHSNY provides educational content about pharmaceuticals, diseases, and supplements. We are not a healthcare provider or covered entity under HIPAA. We do not request or require you to submit protected health information (PHI). Please do not include medical diagnoses, prescription details, or other sensitive health information in communications with us. If you voluntarily provide such information, we will handle it securely and only for the purpose of responding to your inquiry.

Children’s Privacy

Our website is intended for a general audience and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us information, please contact us at [email protected] so we can delete it.

Your Privacy Rights

Rights for EEA/UK Individuals (GDPR)

  • Access: request confirmation and a copy of your personal data.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion in certain circumstances.
  • Restriction: request limitation of processing in certain cases.
  • Portability: receive data in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.
  • Objection: object to processing based on legitimate interests and to direct marketing at any time.
  • Consent withdrawal: withdraw consent at any time without affecting prior lawful processing.

California Privacy Rights (CCPA/CPRA)

For California residents, during the prior 12 months we collected the categories described above (identifiers, internet activity, geolocation [approximate], user content, preferences) from the sources and for the purposes listed in this Notice. We disclosed these categories to service providers for business purposes. We did not sell personal information for monetary value and did not share personal information for cross-context behavioral advertising.

  • Right to know/access: request the categories and specific pieces of personal information we have collected about you.
  • Right to delete: request deletion of personal information, subject to exceptions.
  • Right to correct: request correction of inaccurate personal information.
  • Right to opt-out of sale/share: we do not sell or share personal information; no action is needed.
  • Right to limit use/disclosure of sensitive personal information: we do not use sensitive personal information to infer characteristics or for non-exempt purposes.
  • Non-discrimination: you will not be discriminated against for exercising your rights.

Other U.S. State Privacy Rights

Residents of states with comprehensive privacy laws (e.g., Virginia, Colorado, Connecticut, Utah, and others as enacted) may have rights similar to those above, including access, correction, deletion, portability, and the right to opt out of certain processing. We honor applicable state rights consistent with those laws.

How to Exercise Your Rights

You may submit a request by emailing [email protected]. Please describe your request and the jurisdiction you reside in. We will verify your identity and respond within the timeframes required by applicable law.

Verification and Authorized Agents

We may request reasonable information to verify your identity (e.g., email verification, details of your prior interactions with us). Authorized agents may submit requests on your behalf where permitted by law, subject to proof of authorization and identity verification.

Appeals Process

If we deny your privacy request in whole or in part, you may appeal by replying to our decision email and stating the grounds for appeal. We will review and respond within the period required by applicable state law.

Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects about you.

Do Not Track

Our website does not respond to Do Not Track (DNT) signals. You may manage cookies through your browser settings and, where offered, our consent tools.

Third-Party Links and Services

Our website may reference third-party content or services. This Notice does not govern those third parties, which are subject to their own privacy practices. Please review their notices where applicable.

Changes to This Notice

We may update this Data Protection Notice from time to time to reflect changes in our practices or legal requirements. Material changes will be indicated by updating the “Effective Date” below. Your continued use of the site after an update signifies acceptance of the revised Notice.

Contact Information

If you have questions, concerns, or requests regarding this Notice or our data practices, please contact:

Comprehensive Health Solutions NY (CHSNY)
Owner: Gabrielle Strzalkowski
H Mart Carrollton
2625 Old Denton Rd
Carrollton, TX 75007
Email: [email protected]

Effective Date

Effective Date: 2025-09-12

Write a comment