Digital Privacy Policy

We recognize that you may be concerned about our use and disclosure of your personal information. This Digital Privacy Policy applies to the websites operated by Options360 Women’s Clinic (the “Company” or “we” or “us”), which include but are not limited to http://www.options360.org (the “Website”). and governs the collection, usage, and disclosure of your personal information through the Website. By using our Website, you accept the practices described in this Policy. Your privacy is very important to us, and the following will inform you of the information that we, Options360 Women’s Clinic, may collect from you, and how it is used.

Collection of Personal Information

We may collect personally identifiable information (“Personal Information”) about you, such as your name, email address, physical address, and/or telephone number, that you submit to us through the Website. The Personal Information we collect through our Website may include information that you provide by filling in forms on our Website; records and copies of your correspondence if you contact us; and the details of any transactions you carry out through the Website.

Use of Personal Information

We may use the Personal Information collected from you to communicate with you, provide you with services, and for our own internal purposes, including but not limited to providing, maintaining, evaluating, and improving our services and website, fulfilling requests for information, providing customer support, contacting you, or informing you about changes to this Policy.

Sharing of Personal Information

Any Personal Information submitted by you through the Website is for the exclusive use of the Company. Company does not sell, trade, or rent any Personal Information. However, we may disclose your Personal Information to our contracted service providers to operate the Website and to provide the Company’s other products and services. Except for the foregoing, Company will not disclose your Personal Information to third parties or government agencies unless we are required by law or if we have a good faith belief that such disclosure is necessary to:

• Cooperate with the investigations of purported unlawful activities and conform to the edicts of the law or comply with legal process served on our Company;

• Protect and defend the rights or property of our website and related properties;

• Identify persons who may be violating the law, the rights of third parties, or who are otherwise misusing our Website or its related properties; and

• As otherwise set forth in this Policy,

Security of Personal Information

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of your Personal Information, Company follows generally accepted industry standards to protect the Personal Information submitted to us, both during transmission and once we receive it.

If we collect sensitive final information about you (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for “https” at the beginning of the address of the web page.

Please remember that the Internet is not a 100% secure environment, and therefore the Company cannot and does not guarantee that the Personal Information you provide through the Website may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

We also protect your Personal Information offline. Only employees or volunteers who need the information to perform a specific job (for example, billing or customer service) are granted access to Personal Information.

Automatic Data Collection Technologies

Like many websites, we may use automatic data collection technologies to enhance the user experience and to collect helpful information about visitors and visits to our Website. We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services. The information we collect automatically is not Personal Information and may include IP addresses, internet tags and navigational data (server log files). You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. Below are examples of the types of automatic data collection technologies that we might use in connection with the Website:

• Cookies (or browser cookies). Cookies are pieces of data stored on the user’s hard drive containing information about the user. Cookies are used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services.

• Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies.

• Web Beacons. Pages of the Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs).

The Company will not share any information collected through cookies with any third-party except to the extent they are performing services on behalf of the Company.

Third Party Links

The Website may contain links to third party sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information.

Text Messaging (SMS) Terms & Conditions

We may use text messaging (SMS) technology to communicate with patients on topics relevant to their relationship with us. For example, you may receive updates related to your visits, Klara account (through ModMed), one-time passcode, and care management. Our use of text messaging to communicate with you is subject to this Policy and the Terms and Conditions for the Options360 Women’s Clinic Text Messaging Program.

Surveys

From time-to-time, we may request information from you via surveys. Participation in these surveys is completely voluntary and you may choose whether or not to participate and therefore disclose the requested information. Survey information will be used for purposes of improving the services we provide to patients and improving ways we interact with our donors. Our use of collecting information by surveys is subject to this Policy and the Terms and Conditions for the Options360 Women’s Clinic Survey Program.

Opt-Out Procedures

Users may opt-out of receiving future e-mails or mailings from Company by contacting the Company at the address or telephone number provided below.

Children and Privacy

The Company’s Website does not target and is not intended to attract children under the age of 13. The Company does not knowingly solicit personally identifiable information from minors through our Website. In compliance with the Children’s Online Privacy Protection Act, our Website, products, and services are all directed to people who are at least 13 years old or older.

Updates to this Policy

We reserve the right, at any time, to modify this Policy. If we make changes to our Privacy Policy, we will post those changes on this page. Please review this page frequently to remain up-to-date with the information we collect, how we use it, and under what circumstances we disclose it. You must review the new Privacy Policy carefully to make sure you understand our practices and procedures.

YOUR STATE SPECIFIC PRIVACY RIGHTS

If you are a California, Nevada, Colorado, Virginia, or Utah resident, your state’s laws may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit https://oag.ca.gov/privacy/ccpa. California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email or write to our Privacy Officer using the contact information provided at the end of this Privacy Policy.

Colorado, Virginia and Utah each provide their state residents with rights to:

• confirm whether we process their personal information

• access and delete certain personal information

• data portability

• opt out of personal data processing for targeted advertising and sales

Colorado and Virginia also provide their state residents with rights to:

• correct inaccuracies in their personal information, taking into account the information’s nature processing purpose

• opt out of profiling in furtherance of decisions that produce legal or similarly significant effects

To exercise any of these rights, please email or write our Privacy Officer using the contact information provided at the end of this Privacy Policy. To appeal a decision regarding a consumer rights request, you may write to our Privacy Officer within 45 days of any rejection. If our Privacy Officer still denies your request, you may submit a complaint to the Attorney General of the state where you reside.

Nevada provides its residents with a limited right to opt out of certain personal information sales. Residents who wish to exercise this sale opt out right may submit a request to our Privacy Officer using the contact information found at the end of this Privacy Policy. However, please know we do not currently sell data triggering that statute’s opt out requirements.

Additional Information for California Users

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to request access to or deletion of your personal information, and information about our data practices, as well as the right not to be discriminated against for exercising your privacy rights. To exercise such rights, please contact our Privacy Officer using the information provided at the bottom of this Privacy Policy.

The CCPA sets forth certain obligations for businesses that “sell” personal information. Based on the definition of “sell” under the CCPA and under current regulatory guidance, we may have sold the following categories of information about you in the past twelve months: Identifiers (such as name, address, email address, IP address, or device identifiers); internet or other network or device activity; geolocation information; professional or employment related data; potentially protected classifications (such as gender, nationality, and age); physical characteristics or description (such as when you voluntarily submit a photo to our Site or Application); inferences related to the information identified.

OPTIONS360 WOMEN’S CLINIC CONSUMER HEALTH DATA PRIVACY NOTICE

This Washington Consumer Health Data Privacy Notice supplements the information in the Clinic’s Privacy Policy and applies only to personal information defined as “Consumer Health Data” subject to the Washington My Health My Data Act (“MHMDA”).  In the event of a conflict between any other policy, statement, or notice and this Policy, this Policy will prevail as to Consumer Health Data.

What Does This Privacy Notice Cover?

This Notice describes what Consumer Health Data we collect, how we collect and use it, who we disclose it to and why, and the choices you may have regarding our use or disclosure of your Consumer Health Data.  This Notice only applies to Consumer Health Data, which under the MHMDA means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status.  Examples of consumer health data are provided below.

What Is Not Covered in This Privacy Notice?

This Notice does not apply to any personal information other than Consumer Health Data subject to the MHMDA.  Consumer Health Data does not include information generated by your interactions with us that does not identify your health status.

Consumer health data also does not include publicly available information or personal information that has been deidentified.  To the extent we process deidentified information, we will maintain and use the information in deidentified form and will not attempt to reidentify the information.

What Categories of Consumer Health Data Do We Collect?

We may collect or receive the categories of consumer health data listed below. Not all categories will be collected or received for every individual.

• Information identifying a health condition, treatment, disease, or diagnosis.

• Information identifying a health-related surgery or procedure.

• Information identifying medication used to treat an identifiable health condition.

• Information identifying bodily functions, vital signs, or symptoms.

• Measurements of the information listed above.

• Information identifying diagnoses or diagnostic testing, treatment, or medication.

• Reproductive or sexual health information.

• Biometric data.

• Information identifying precise location, if that information could reasonably indicate an attempt to acquire or receive health services or supplies.

• Information that identifies an individual’s intention to seek health care services.

• Information that we derive or extrapolate from data that is not consumer health data, and then use to associate an individual to the information listed above.

What Are the Categories of Sources From Which We Collect Your Consumer Health Data?

We do not collect your Consumer Health Data unless you voluntarily provide it to us.  We collect personal information, including Consumer Health Data, from the following categories of sources:

• Directly from you or an authorized member of your household.

• From a device associated with you or an authorized member of your household.

• From websites and mobile applications and automatically from devices you use to connect to our Services.  For more information about this, please see our Privacy Policy and Terms of Use.

• From third-party sources including other medical providers and contracted service providers.  We may engage third-party service providers to provide certain interactive features.  By using these features, you understand that our vendors may process the information obtained through the feature to provide services on our behalf.

What Are the Purposes for Collecting Your Consumer Health Data?

We may collect and use Consumer Health Data as provided below:

• To provide you with the services you have requested or authorized.

• To fulfill our legal functions or obligations, such as maintaining and auditing compliance.

• To ensure security and integrity of our systems, including detection and prevention of security incidents.

• To detect or prevent harmful behavior such as identity theft, fraud, harassment, or deceptive activities, or activities that are illegal under applicable law.

• For other purposes with your consent, such as advertising or marketing purposes.

Where we require your consent to collect personal information for a specified purpose, a description of those purposes is provided to you at the time of collection.

What Categories of Consumer Health Data Do We Share?

We may share each of the categories of consumer health data described above.

Who Do We Share Your Consumer Health Data With and Why?

We will only share your Consumer Health Data with employees and trusted partners and only for the services you have consented to or to the extent necessary to provide a service that you have requested or to comply with applicable law.  All such third parties are prohibited from using your Consumer Health Data except to provide these services to us and they are required to maintain the confidentiality of your Consumer Health Data.

As necessary for the purposes described above, we may share personal information, including Consumer Health Data, with following categories of third parties:

• Service providers.  Vendors or agents (“processors”) working on our behalf may access Consumer Health Data for the purposes described above.

• Business partners.  We may share Consumer Health Data with other companies, for example, where you use our services to interact with another company.

• Financial institutions & payment processors.  When you make a purchase or enter into a financial transaction, we will disclose payment and transactional data to banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, analytics, or other related financial services.

• Government agencies.  We disclose data to law enforcement or other government agencies only when we believe doing so is necessary to comply with applicable law or respond to valid legal process.

• Other third parties. In certain circumstances, it may be necessary to provide data to other third parties, for example, to comply with the law or to protect our rights or those of our patients.

• Other users and individuals.  If you use our services to interact with other users of the services or other recipients of communications, we will share data, including Consumer Health Data, as directed by you.

• The public.  You may select options available through our services to publicly display and disclose certain information, such as an endorsement, demographic data, or other data, which may include Consumer Health Data.

How to Exercise Your Rights

MHMDA provides certain rights with respect to Consumer Health Data, including the right to (1) request access to your Consumer Health Data; (2) confirm whether we have disclosed or sold your Consumer Health Data; (3) delete your Consumer Health Data; or (4) withdraw your consent or authorization relating to such data, subject to certain exceptions.  You may exercise any of your rights by contacting us directly using the contact information below.  The written request should include sufficient information to verify your identity and specify the right you wish to exercise.  For any questions or assistance, you may also reach out using the contact information below.

If your request to exercise a right under the MHMDA is denied, you may appeal that decision by contacting us directly using the contact information below.  If your appeal is denied, you may raise a concern or lodge a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint.

Contact Information

All notices or requests should be written and given by email and first-class mail to:

Options360 Women’s Clinic
3700 Main Street
Vancouver, WA 98663
[email protected]

Options360 Women’s Clinic Consumer Health Data Privacy Notice last updated: June 26, 2025