Privacy Policy for Modern Spirit

Last Updated: April 10, 2025

This Privacy Policy describes how Modern Spirit ("we," "us," or "our") collects, uses, discloses, and protects your Personal Information, including Protected Health Information (PHI), in accordance with applicable laws and regulations, including but not limited to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in the United States and the General Data Protection Regulation (GDPR) in the European Union (to the extent applicable based on our services and your location).  

1. Introduction

Modern Spirit is committed to protecting the privacy and security of your information. We understand the sensitive nature of healthcare information and are dedicated to maintaining its confidentiality, integrity, and availability. This policy applies to all information we collect from individuals who use our services, including but not limited to our website, courses, programs, and any other interactions you may have with us.

2. Information We Collect

We may collect the following types of information:

  • Personal Information: This includes information that can be used to identify you, such as your name, address, email address, phone number, date of birth, and other contact details.  

  • Protected Health Information (PHI): This includes individually identifiable health information that relates to your past, present, or future physical or mental health or condition; the provision of health care to you; or the past, present, or future payment for the provision of health care to you. Examples of PHI we may collect include:

    • Information you provide during course registration or participation (e.g., health history relevant to the course content).

    • Information shared during any consultations or support services we may offer (if applicable).

    • Records of your participation in our programs.

    • Communications with our staff related to your health or well-being within the context of our services.

     

  • Non-Personal Information: This includes information that does not directly identify you, such as aggregated data, website usage statistics, and technical information about your device and browser.

3. How We Collect Your Information

We may collect your information in the following ways:

  • Directly from You: When you register for our courses or programs, subscribe to our newsletters, contact us with inquiries, participate in surveys, or otherwise interact with our services.

  • Automatically: When you visit our website, we may collect certain information automatically through cookies and similar tracking technologies.  

  • From Third Parties: We may receive information about you from third-party service providers who assist us with payment processing, website analytics, or other services.

4. How We Use Your Information

We may use your information for the following purposes:

  • To Provide and Manage Our Services: To process your registration, provide you with access to course materials, administer our programs, and communicate with you about your participation.  

  • Healthcare Operations: To support our legitimate healthcare operations, such as quality improvement, training, and business management, always in compliance with applicable privacy laws.

  • Communication: To respond to your inquiries, provide you with information about our services, and send you important updates and notifications.  

  • Improvement of Our Services: To analyze website usage and user behavior to improve our website, courses, and programs.

  • Marketing and Promotions (with your consent where required): To send you promotional materials and information about new services or offerings that may be of interest to you. You will have the right to opt-out of receiving such communications.

  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or government requests.

  • Research and Development (anonymized or de-identified where possible): To conduct research and analysis to improve our understanding of the intersection of spirituality and science in healthcare. Any use of PHI for research purposes will be conducted in accordance with HIPAA and other applicable regulations, including obtaining necessary authorizations or using de-identified data.

5. How We Disclose Your Information

We may disclose your information to the following parties:

  • Service Providers: We may share your information with third-party service providers who assist us with website hosting, payment processing, email delivery, analytics, and other services. These providers are contractually obligated to protect your information.  

  • Business Associates (as defined under HIPAA): We may share PHI with business associates who perform functions on our behalf that involve the use or disclosure of PHI. We will have written contracts with these business associates that require them to protect the privacy and security of your PHI in accordance with HIPAA.

  • Legal Authorities: We may disclose your information to law enforcement agencies, government bodies, or legal advisors if required by law, legal process, or if we believe in good faith that such disclosure is necessary to protect our rights, property, or safety, or the rights, property, or safety of others.  

  • With Your Consent: We may disclose your information to other parties with your explicit consent.  

  • In Case of Business Transfer: In the event of a merger, acquisition, or other business transaction, your information may be transferred to the acquiring entity, subject to the terms of this Privacy Policy.  

  • De-identified Information: We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, analytics, or other purposes.  

6. Your Rights Regarding Your Information

Depending on your location and applicable laws, you may have the following rights regarding your Personal Information and PHI:  

  • Right to Access: You may have the right to request access to the Personal Information and PHI we hold about you.

  • Right to Rectification: You may have the right to request that we correct any inaccurate or incomplete Personal Information we hold about you.

  • Right to Erasure (Right to be Forgotten): In certain circumstances, you may have the right to request that we delete your Personal Information.  

  • Right to Restriction of Processing: You may have the right to request that we restrict the processing of your Personal Information in certain circumstances.  

  • Right to Data Portability: You may have the right to receive your Personal Information in a structured, commonly used, and machine-readable format and to transmit it to another controller.  

  • Right to Object: You may have the right to object to the processing of your Personal Information in certain circumstances, such as for direct marketing purposes.  

  • Rights Related to PHI (under HIPAA):

    • Right to Access: You have the right to inspect and obtain a copy of your PHI.

    • Right to Amend: You have the right to request that we amend your PHI if you believe it is inaccurate or incomplete.  

    • Right to an Accounting of Disclosures: You have the right to receive an accounting of certain disclosures of your PHI.  

    • Right to Request Restrictions: You have the right to request restrictions on certain uses and disclosures of your PHI.  

    • Right to Confidential Communications: You have the right to request that we communicate with you about your health information in a certain way or at a certain location.  

  • Right to Withdraw Consent: If we have relied on your consent to process your Personal Information, you have the right to withdraw your consent at any time.  

  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your Personal Information infringes applicable data protection laws.  

To exercise any of these rights, please contact us using the contact information provided below. We may require you to verify your identity before fulfilling your request.  

7. Data Security

We take reasonable and appropriate administrative, technical, and physical safeguards to protect your Personal Information and PHI against unauthorized access, use, disclosure, alteration, or destruction. These measures include:

  • Encryption of sensitive data during transmission and at rest.  

  • Access controls to limit who can access your information.

  • Regular security assessments and updates to our systems.

  • Employee training on privacy and security practices.

  • Compliance with HIPAA Security Rule requirements for electronic PHI.

However, no method of transmission over the internet or method of electronic storage is completely secure. Therefore, while we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.  

8. Data Retention

We will retain your Personal Information and PHI for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or for a longer period if required or permitted by law, including HIPAA retention requirements for PHI. When the retention period expires, we will securely destroy or anonymize your information in accordance with applicable regulations.  

9. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect Personal Information from children. If you become aware that a child has provided us with Personal Information, please contact us immediately, and we will take steps to delete such information.  

10. Links to Other Websites

Our website may contain links to other websites that are not operated by us. We are not responsible for the privacy practices of these third-party websites. We encourage you to review the privacy policies of any website you visit.  

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will post any changes on our website and update the "Last Updated" date at the top of this policy. We encourage you to review this policy periodically. If we make significant changes, we will provide you with more prominent notice, as required by law.  

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:  

Modern Spirit Admin@modernspirit.org

You also have the right to file a complaint with the relevant supervisory authority or regulatory body if you believe your privacy rights have been violated. In the United States, you can file a complaint with the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services. In the European Union, you can file a complaint with your local data protection authority.

By using our services, you acknowledge that you have read and understood this Privacy Policy.