Privacy Policy

LAST UPDATED: JANUARY 1ST 2025

Welcome to Wonder Years. This privacy policy (“Policy”) is provided by Wonder Years Management LLC (collectively referred to herein as “we,” “us,” “our,” or “Wonder Years”). Wonder Years is devoted to safeguarding privacy and ensuring the highest level of confidentiality of records and the information you entrust to us. This Policy describes the information we collect, how we use it, and the standards and procedures in place to safeguard your personal nonpublic information. By accessing or using our online and/or mobile services and website (“Services”), you are accepting the policies and practices described in this Policy. Each time you visit or use the Services, you agree and expressly consent to our collection, use and disclosure of the information that you provide as described in this Policy. This Policy shall be read in conjunction with our terms of service (“Terms”) and all the relevant provisions of the Terms (including but not limited to limitation of liability, governing law and dispute resolution) shall mutatis mutandis apply to this Policy and be deemed to be incorporated herein by reference. Any capitalized terms not defined herein shall have the meaning as set forth in the Terms. 

Please note that this Policy does not apply to your use of third-party Services or applications you may access through the Services. We encourage you to review the privacy policies of those third parties for more information regarding their privacy practices. 

 

INFORMATION WE MAY COLLECT 

We collect and use the following information to provide, improve and protect our website (“Site”): 

  • Information You Provide to Us.

We collect information you provide directly to us when using the Services. For example, we collect information when you register for our Services, complete a form, participate in any interactive features of the Services, request customer support, or otherwise communicate with us. The types of information we may collect include your name, email address, phone number (“Personal Information”) and any other information you choose to provide. To the extent that you disclose to us any Personal Information of another individual, you represent that you have obtained such individual’s consent for the disclosure of such Personal Information, as well as the processing of the same in accordance with the terms of this Policy. We will never sell, rent, or trade your Personal Information or use Personal Information other than as needed to provide the Services requested by you. Wonder Years discloses Personal Information only to those of its employees, contractors and affiliated organizations that (i) need to know the information in order to process it on yours and our behalf, and (ii) that have agreed in writing to non-disclosure restrictions at least as strong as those herein. If you are using our Services as an applicant for employment, we may also collect information you voluntarily submit pursuant to the requirements of the job posting, such as educational information and professional or career related information. 

You acknowledge and agree that communications, including phone calls or “chat” services, with Wonder Years or our third-party agents may be monitored, recorded and retained by Wonder Years. You consent to the monitoring and recording of all conversations between you and Wonder Years and you release us from and against any and all claims, liabilities and losses that may result from any such monitored and/or recorded conversations. 

Protected Health Information. When you interact with our Services, you may choose to provide protected health information (“PHI’). We are committed to maintaining the confidentiality of your PHI pursuant to the Health Insurance Portability and Accountability Act of 1996 (‘HIPAA”). We are required by law to maintain the privacy and security of your protected health information. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information. We must follow the duties and privacy practices described in this notice and give you a copy of it. We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind. Your provider’s responsibilities are further covered in the Practice Agreement, which would be provided to you if you start using one of our services. 

  • Information We Collect Automatically When You Use the Services.

When you access or use the Services, we automatically collect information about you, including the following: 

We collect information from or about the computers, phones, or other devices you use to access the Services, depending on the permissions you’ve granted. Here are some examples of the device information we may collect: attributes such as the operating system, hardware version, device settings, file and software names and types, battery and signal strength, and device identifiers; device locations, including specific geographic locations, such as through GPS, Bluetooth, or WiFi signals; and connection information such as the name of your mobile operator or ISP, browser type, language and time zone, mobile phone number and IP address. By using our Services, you agree to the publication of your IP address on this Services. Our Services is a location-aware website. When using our Services, we may ask you to share information about your location. If you voluntarily agree to share that information with us, we will collect that information from nearby wireless access points and your computer’s IP address. 

We may use technologies like cookies and pixel tags in our Services and third-party services. For example, cookies help us with things like understanding how you are interacting with our Services and improving them based on that information. You can set your browser to not accept cookies, but this may limit your ability to use the Services. Your web browser places cookies on your hard drive for record-keeping purposes and sometimes to track information about them. Any use of cookies by the Services or the owners of third-party services used Services, unless stated otherwise, serves to identify you and remember your preferences for the sole purpose of providing the service required by you. 

10DLC Compliance Requirements:  

SMS opt-in information and phone numbers collected for SMS purposes are not being shared with third parties. 

USE OF INFORMATION 

We may use information about you for various purposes, including the following: 

  • To treat you and share your health information with other professionals who are treating you;
  • To provide, maintain, improve and deliver the products or services you request and send you related information;
  • To verify your identity and, if applicable, authorization for you to use the Services;
  • To bill and get payment from health plans or other entities.
  • To provide personalized recommendations and maintain general and personalized content;
  • To prevent or address service, security, technical issues at your request in connection with customer support matters;
  • To respond to your comments, questions, and requests and improve your user experience and the overall quality of our Services.
  • To send you technical notices and other administrative messages;
  • To conduct research, analysis, and surveys for certain situations such as:
  • Preventing disease
  • Helping with product recalls
  • Reporting adverse reactions to medications
  • Reporting suspected abuse, neglect, or domestic violence
  • Preventing or reducing a serious threat to anyone’s health or safety
  • Personalize and improve the Services and provide content or features that match user profiles or interests;
  • Enforce our Terms; and
  • Carry out any other purpose for which the information was collected.

This policy is not intended to place any limits on what we do with data that is aggregated and/or de-identified so it is no longer associated with an identifiable user of the Services. In other words, information about how you use the Services may be collected and combined with information about how others use the same Services, but no personally identifiable information will be included in the resulting data. 

SHARING OF INFORMATION 

We may share or transfer information about you as follows or as otherwise described in this Privacy Policy: 

  • Among other things, our Services provide information about health and wellness professionals. If you request contact, we may share your information with one or more of the professionals in our community to contact you.
  • With affiliates, contractors, and other service providers (for example, providers of cloud-based storage and processing services) who need access to such information to carry out work on our behalf. These third parties will access your information only to perform tasks on our behalf in compliance with this Privacy Policy, and we’ll remain responsible for their handling of your information per our instructions.
  • If we believe state or federal laws, rules or regulations require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law. We can share health information about you in response to a court or administrative order, or in response to a subpoena.
  • If we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of Wonder Years or our users; or (d) protect Wonder Years’s property rights.
  • With your consent or at your direction, including if we notify you through the Services that certain information you provide will be shared in a particular manner and you provide this information.

We may also share aggregated or de-identified information, which cannot reasonably be used to identify you. This includes but is not limited to sharing information related to the research we conduct with various research and security organizations, including academic institutions or publications, as well as publishing our research online on our Services or through third party social media sites. 

THIRD PARTY PAYMENT SERVICES 

We do not directly process any payments and do not store Your debit/credit card information. As detailed further in the Terms, we use a third-party Payment Processor to bill You for our services. Secured socket layer technology is used for processing payment transactions with the Payment Processor. Payment processing shall be subject to the terms and conditions and privacy policy of the Payment Processor. For these third party service providers, we recommend that You read their privacy policies in order to understand the manner in which Your Personal Information and Your credit/debit card details will be handled by these providers. 

ANALYTICS SERVICES 

We may allow others to provide analytics service in connection with the Services, such as Google Analytics. These entities may use cookies, web beacons, and other technologies to collect information about your use of the Services, including your IP address, web browser, pages viewed, time spent on pages, links clicked, and conversion information. We and others may use this information to, among other things, analyze and track data, determine the popularity of certain content, personalize the user experience, and better understand your activity. 

  • To learn more about Google Analytics, please visit https://policies.google.com/privacy..

SECURITY 

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Services. We restrict access to information about you to those employees who need to know that information as part of their job responsibilities. We also educate our employees about the importance of confidentiality and customer privacy through standard operating procedures, special training programs, and our Code of Conduct. We take appropriate disciplinary measures to enforce employee privacy responsibilities. We have developed precautions that comply with federal regulations to ensure the security and confidentiality of customer records and information, to guard against any anticipated threats or hazards to the security or integrity of such records, and to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to our customers or our employees. In the unfortunate event of a data security breach, we will notify users whose Personal Identification Information may have been breached. 

PRIVACY POLICY CHANGES 

Wonder Years reserves the right to change, modify, add, or remove portions of this Policy at any time and without prior notice, and any changes will become effective immediately upon being posted unless we advise you otherwise. However, we will not use your Personal Information in a way that is materially different from the uses described in this Policy without giving you an opportunity to opt out of such differing uses. Your continued use of the Services after this Policy has been amended shall be deemed to be your continued acceptance of the terms and conditions of the Policy, as amended. We encourage you to review this Policy regularly. 

A SPECIAL NOTE ABOUT MINORS 

The Services are a general audience website intended for use by adults or for any other individuals under adult supervision. The Services are not designed or intended to attract, and are not directed to or intended for, individuals under eighteen (18) years of age who are not under adult supervision. Wonder Years does not collect personal information through the Services from any person it actually knows to be under eighteen (18) years of age without adult supervision. If Wonder Years obtains actual knowledge that it has collected personal information through the Services from a person under eighteen (18) years of age without adult supervision, then it will use reasonable efforts to refrain from further using such personal information or maintaining it in retrievable form. 

Furthermore, if you are under eighteen (18) years of age, then you (or your parent or legal guardian) may at any time request that Wonder Years remove content or information about you. Please submit any such request (“Request for Removal of Minor Information”) to Privacy@wonderyearsny.com, with a subject line of “Removal of Minor Information.” 

For each Request for Removal of Minor Information, please state “Removal of Minor Information” in the email or letter subject line, and clearly state the following in the body: 

  • The nature of your request;
  • The identity of the content or information to be removed;
  • That the request is related to the “Removal of Minor Information;”
  • Your name, street address, city, state, zip code and email address; and
  • Whether you prefer to receive a response to your request by mail or email.

Wonder Years is not responsible for failing to comply with any Request for Removal of Minor Information that is incomplete, incorrectly labeled or incorrectly sent. Please note that the aforementioned removal does not ensure complete or comprehensive removal of such content or information. Also, please note that Wonder Years is not required to erase or otherwise eliminate, or to enable erasure or elimination of, such content or information in certain circumstances, such as, for example, when an international, federal, state, or local law, rule or regulation requires Wonder Years to maintain the content or information; when Wonder Years anonymizes the content or information, so that you cannot be individually identified; when you do not follow the aforementioned instructions for requesting the removal of the content or information; and when you have received compensation or other consideration for providing the content or information. The foregoing is a description of Wonder Years’s voluntary practices concerning the collection of personal information through the Services from certain minors, and is not intended to be an admission that Wonder Years is subject to the Children’s Online Privacy Protection Act, the Federal Trade Commission’s Children’s Online Privacy Protection Rule(s), or any similar international, federal, state, or local laws, rules, or regulations. 

RETENTION 

We will retain your Personal Information for the period of time that is necessary to fulfill the original purposes for which it has been collected. Please keep in mind that, in certain cases, a longer retention period may be required or permitted by law or to allow us to pursue our business interests, conduct audits, comply with our legal obligations, enforce our agreements or resolve any dispute. 

The criteria used to determine our retention periods include: 

  • Time needed to provide you with our Services.

 

  • Whether your account with us is active. You may contact us to make your account inactive at any time.
  • Legal, contractual, or similar obligations to retain your data, such as mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of contract or litigation.

Please note that we are not responsible for storing any information that you provide to us or for any content or information that we provide to you. You are solely responsible for retaining backup files of any information and content that you provide or receive in connection with the Services. 

TRANSFER OF PERSONAL INFORMATION; INTERNATIONAL VISITORS 

The Services are provided from the United States. If you are located outside of the United States, any information you provide to us may be transferred out of your country and into the United States. You understand that data stored in the United States may be subject to lawful requests by the courts or law enforcement authorities in the United States. Personally identifiable information collected through the Services may be stored and processed in the United States or, if and as applicable for international users, any other country in which Wonder Years or its affiliates, subsidiaries or service providers maintain facilities. If your Personal Information is transferred to a country other than your home country, we will take measures to protect it with appropriate contract clauses or other applicable safeguards. 

If you are an international visitor, you acknowledge that by providing your Personal Information, you are: (a) permitting the transfer of your Personal Information to the United States which may not have the same data protection laws as the country in which you reside; and (b) permitting the use of your Personal Information in accordance with this Privacy Policy. 

Subject to local law, you may also have certain rights regarding information that we have collected and that is related to you. For example, if you are located in the European Union with rights under the General Data Protection Regulation (“GDPR”), you have the right to withdraw previously provided consent for our processing of your “personal data” as such term is defined under the GDPR, by contacting us at privacy@wonderyearsny.com. Such individuals also have the following rights: 

  • Right to access – In accordance with Article 15 of the GDPR, this right allows individuals to obtain confirmation as to whether or not personal data concerning him or her is being processed and provides access to such personal data. It also allows individuals to request details of the processing of his or her personal data, including, without limitation, categories of recipients to whom the personal data has been or will be disclosed and the purposes of the processing.
  • Right to rectify – In accordance with Article 16 of the GDPR, this right allows individuals to rectify any inaccurate personal data about him or her.
  • Right to restrict processing – This right allows individuals to block or suppress processing of personal data under certain circumstances in accordance with Article 18 of the GDPR.
  • Right to be forgotten – This right is also known as the “right to erasure.” In accordance with Article 17 of the GDPR, it is an individual’s right to have personal data erased or to prevent processing in specific circumstances.
  • Right of data portability – In accordance with Article 20 of the GDPR, this right allows individuals to move, copy or transfer personal data from one place to another in a secure manner without interrupting the integrity and usability of the information.
  • Right to object to processing – In accordance with Article 21 of the GDPR, this right allows individuals to object to certain types of processing, including direct marketing, profiling and providing for purposes of scientific or historical research and statistics.
  • Right to withdraw your consent – You shall have the right to withdraw your consent at any time with regard to the processing of the User Information in accordance with Article 7 para. 3 GDPR.
  • Right to lodge a complaint – You may lodge a complaint with the supervisory authority in accordance with Article 77 para. 1 of the GDPR, if you feel that the processing of the data relating to you infringes the GDPR.
  • Right to effective judicial remedy – You shall have the right to an effective judicial remedy where You consider that Your rights under the GDPR have been infringed as a result of the processing of Your personal data and the same is in non-compliance with the GDPR.

Legal Bases for Processing: We rely on the following legal basis to process your personal data: (i) it may be necessary for us to use and disclose your personal data for the performance and fulfillment of the contract between us and to provide you with our Services; (ii) if you specifically consent to certain uses of your personal data, we may use your personal data in a manner consistent with that consent; and (iii) we will also process, transfer, disclose and preserve personal data when we have a good faith belief that doing so is necessary. 

To exercise any of the above rights, or if you have any questions or comments about the Policy or our privacy practices, please contact us at privacy@wonderyearsny.com. 

OPTIONS 

Your Information 

We use reasonable processes to ensure compliance with this privacy policy and periodically verify that the policy is accurate. We encourage you to raise any concerns by contacting us at privacy@wonderyearsny.com, and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of information. Unless legal restrictions apply, you have the right to access the information we hold about you free of charge. You may update, correct or delete your information at any time by contacting us at privacy@wonderyearsny.com. You can help us maintain the accuracy of your information by notifying us of any changes. To avoid delays in obtaining your information, please provide sufficient detail to permit us to identify you and the specific information that you are requesting. We will respond to your request within 30 days of receipt, unless we inform you that it will take longer, as permitted by law under certain circumstances. Please note that there may be instances where access may be restricted as permitted or required by law. We will advise you of the reasons for restricting access subject to any legal or regulatory limitations. In addition, please note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for a certain period. Please note that we are not responsible for storing any information that you provide to us or a third party or for any content or information that we or a third party provide to you. You are solely responsible for retaining backup files of any information and content that you provide or receive in connection with the Services. 

Promotional Communications 

By providing Personal Information to us, you expressly consent to receive messaging and information from us. You may opt out of receiving promotional communications from us by following the instructions in those communications or by emailing us at privacy@wonderyearsny.com. If you opt out, we may still send you non-promotional communications, such as messages about your account or our ongoing business relations. 

Please note that we do not respond to or honor ‘do not track’ (a/k/a DNT) signals or similar mechanisms transmitted by web browsers. If you have consented to have your Personal Information shared with any third party and you no longer wish to have your Personal Information shared with such parties, then you may opt-out of such disclosures by sending an email to privacy@wonderyearsny.com. However, we are not responsible for removing your Personal Information from the lists of any third party who has previously been provided with your information in accordance with this privacy policy or your separate consent. 

Please note that there might be a brief delay between when you submit your request to ‘opt-out’ and when it is processed and reflected in our systems; accordingly, you may continue to receive communications from us for a limited time after you unsubscribe. We appreciate your patience. 

Non-Discrimination 

We will not discriminate against you because you elect to exercise any of the rights related to your Personal Information, including but not limited to: 

  • Denying you products or services;
  • Charging you different prices or rates, including through the use of discounts or other benefits or imposing penalties on you;
  • Providing a different level or quality of services to you; or
  • Suggesting that you will receive a different price or rate or a different level or quality of services.

Contact Information 

If you have any questions or comments about this notice, our Privacy Statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under applicable law, please do not hesitate to contact us at: 

Data Protection/HIPAA Privacy Officer 

 

26 Court Street, Ste 816 

Brooklyn, NY 11242 

privacy@wonderyearsny.com 

347-387-4233 

STATE ADDENDUM TO THE WONDER YEARS PRIVACY POLICY ADDENDUM DATE: June 25, 2024 

This State Addendum to the Wonder Years Privacy Policy (“Addendum”) supplements the terms of Wonder Years’s Privacy Policy and applies to individuals who are residents of California, Colorado, Connecticut, Virginia, and Utah, as specified below. It describes the rights you may have, depending on the state of your residence, with regard to your personal information, which apply when new or updated laws take effect in these states. This Addendum does not apply to any employees, owners, directors, officers, or contractors of Wonder Years or its affiliates. 

  1. California Privacy Policy

The section relates solely to residents of the State of California, and for purposes of this section, “you” means residents of the State of California. This section will provide you with information about our information practices and your privacy rights under the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA) and applicable regulations (collectively referred to as “CPRA”). Any terms defined in the CPRA have the same meaning when used in this section. 

  1. Personal Information we collect

Wonder Years collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household (“CPRA Covered Personal Information” or “personal information”). CPRA Covered Personal Information does not include personal information that has been de-identified or aggregated, or that is publicly available information from government records. 

In particular, we have collected the following categories of CPRA Covered Personal Information from consumers (as that term is defined in the CPRA) within the last twelve (12) months: 

Category  Examples  Collected
A. Personal Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, Account name, Social Security number, driver’s license number, passport number, or other similar identifiers. Yes
B. Personal and financial information categories listed in the California 

Customer Records statute (Cal. Civ. Code § 1798.80(e)).

 A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. Yes
C. Protected classification characteristics under 

California or federal law.

 Age (40 years or older), race, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status. Yes
D. Commercial 

information.

 Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Yes

 

E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. No
F. Internet or other similar network activity. Browsing history, search history, information on your interaction with a Services, application, or advertisement. Yes
G. Geolocation data.  Physical location or movements.  Yes
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. No
I. Professional or 

employment related 

information

 Occupation, title, employer information, current or past job history or performance evaluations. Yes
J. Non-public education information (per the 

Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

 Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. Yes
J. Inferences drawn from  other personal 

information.

 Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Yes
L. Sensitive Personal 

Information

 Social security, driver’s license, state identification or passport numbers; Account log-in, financial account, debit or credit card number in combination with any 

required security or access code, password or credentials allowing access to an Account; precise geolocation data; racial or ethnic origin, religious or philosophical beliefs or 

union membership, content of mail, email and text messages unless business is the intended recipient; genetic data; processing of biometric information for the purposes of uniquely identifying a consumer; personal

 Yes

 

information collected and analyzed concerning your health.

 

  1. Categories of sources from which we collect personal information

You have the right to know the categories of sources from which we collect your personal information. We make this information available to you in the INFORMATION WE MAY COLLECT section of our Privacy Policy. 

  1. Our processing of your personal information

You have the right to know how we process and use your personal information. We make this information available to you in the USE OF INFORMATION section of our Privacy Policy. 

  1. Disclosure of Personal Information

You have the right to know if we share your personal information with any third parties and the categories of those third parties. We make this information available to you in the SHARING OF INFORMATION section of our Privacy Notice. 

  1. No Sales or Sharing of Personal Information

We do not sell personal information for monetary or other consideration, and we do not share your personal information for cross-context behavioral advertising (as defined in the CPRA). We have also not sold or shared the personal information of consumers under 16 years of age. 

  1. Use of Sensitive Personal Information

We do not use or disclose sensitive personal information for purposes other than those specified in section 7027, subsection (m) of the CPRA regulations and we do not collect or process sensitive personal information for purposes of inferring characteristics about you. 

 

  1. Your CPRA Consumer Rights 
  2. Where we are acting as a business (as opposed to a service provider as those terms are defined in the CPRA), you have the following rights:

Right to Access. You have the right to request that we disclose the categories of personal information we collected about you, the categories of sources for the personal information we collected about you, our business or commercial purpose for collecting your personal information, the categories of third parties with whom we share your personal information; and the specific pieces of personal information we collected about you. 

Right to data portability. You have the right to obtain a copy of your data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to a third party. 

Right to delete. You may have the right to request that we delete your personal information where we act as a business. This right is subject to several exceptions and we may deny your deletion request if retaining the information is necessary for us or our service providers to: 

  • Complete the transaction for which we collected the personal

information and take actions reasonably anticipated within the context of 

our ongoing business relationship with you or our client; 

  • Detect bugs or errors in our Services, detect security incidents, protect

against malicious, deceptive, fraudulent, or illegal activity, or prosecute 

those responsible for such activities; 

  • Enable solely internal uses that are reasonably aligned with consumer

expectations based on your relationship with us; 

  • Comply with a legal obligation; or
  • Make other internal and lawful uses of that information as permitted by law or that are compatible with the context in which we collected it.

Right to correct. We take reasonable steps to ensure that information we hold about you is accurate and complete. However, you have the right to request that we correct any inaccurate personal information that we have about you. 

Right to non-discrimination and no retaliation. We will not discriminate or retaliate against you for exercising any of your rights under the CCPA, including we will not deny you goods or services, charge you different prices for goods or services, provide you a different level or quality of goods or services, or suggest that you will receive a different price for goods or services or a different level of quality of goods and services. 

  1. Exercising Your Rights:

You may exercise your rights to know, delete and correct as described above by submitting a verifiable request to us by either: 

Emailing us at privacy@wonderyearsny.com; or 

Calling us at 347-987-4233 

  1. Verification Process

We are only required to fulfill verifiable requests. Only you, you as a parent or a legal guardian on behalf of a minor child, or your authorized agent may make a verifiable request related to personal information. If you submit your request through an authorized agent, we may require you to provide your agent with written permission to do so and verify your identity. We may deny any request by an authorized agent that does not submit proof that the agent has been authorized by you to act on your behalf. 

For requests for access to categories of personal information, we will verify your request to a “reasonable degree of certainty.” This may include matching at least two data points that you would need to provide with data points we maintain about you and that we have determined to be reliable for the purposes of 

For requests for specific pieces of personal information (portability request), we will verify your request to a “reasonably high degree of certainty.” This may include matching at least three data points that you would need to provide with the data points we maintain about you and that we have determined to be reliable for the purposes of verification. We will also require you to submit a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request. 

For requests to delete, we will verify your request to a “reasonable degree” or a “reasonably high degree of certainty” depending on the sensitivity of the personal information and the risk of harm to the consumer posed by unauthorized deletion. We will use the personal information you provide in a request only for purposes of verifying your identity or authority to make the request. 

  1. Response Timing and Format

We will respond to a verifiable request within forty-five (45) days of its receipt, and will notify you within those forty-five (45) days if we require more time to respond and the reasons for the additional time. If you have an Account with us, we will deliver our written response to that Account. If you do not have an Account with us, we will deliver our written response by mail or electronically, at your option. (Note that the law prohibits us from disclosing at any time a consumer’s Social Security number, driver’s license number or other government-issued identification number, financial account number, any health insurance or medical identification number, an Account password, security questions and answers, or any unique biometric data.) If we cannot comply with a request or a portion of the request, we will include the reasons in our response. If we deny your request on the basis that it is impossible or would involve a disproportionate effort, we will explain our reasons, such as the data is not in a searchable or readily accessible format, is maintained for only legal or compliance purposes, or is not sold or used for any commercial purpose and our inability to disclose it, delete or correct it would not impact you in any material manner. We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. 

*Please note that in certain cases we may collect your personal information as a service provider (as opposed to a business, as those terms are defined in the CPRA) pursuant to a contract we have with a commercial client (the CPRA business) to provide a service. In such a case, we are required to collect and process your information only based on the instructions received from the business. Should you direct your requests to exercise your rights to us, we may be required to share your request with the business, who is the party responsible under the CPRA for receiving, verifying and responding to your requests, or we may direct you to make your request directly to the business. 

  1. CPRA exemptions

This section (California Privacy Policy) does not apply to the following data which is exempt from the CPRA, including but not limited to: medical information governed by the California Confidentiality of Medical Information Act (CMIA); protected health information collected by a covered entity or business associate governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), or personal information collected, processed, sold, or disclosed pursuant to certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994 (DPPA). 

  1. Other California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Services who are California residents to request certain information regarding our disclosure of personal information to affiliates and other third parties for their direct marketing purposes. To make such a request, please send an email to privacy@wonderyearsny.com. 

  1. Notice of Colorado, Connecticut, Virginia and Utah Privacy Rights

The section relates solely to residents of the States of Colorado, Connecticut, Virginia and Utah, and provides you with information about your privacy rights under the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CDPA), the Virginia Consumer Data Protection Act (VCDPA) and the Utah Consumer Privacy Act (UCPA). 

This section shall be effective for the residents of those States on the dates set forth below: 

  • Effective January 1, 2023, for residents of the State of Virginia
  • Effective July 1, 2023, for residents of the States of Colorado and Connecticut Effective December 31, 2023, for residents of the State of Utah

For purposes of this section, “residents”, “consumers” or “you” means individuals of those states who are acting in their individual or household context. This section does not apply to individuals acting in their commercial or employment context. 

  1. Personal Information we collect

 

You have a right to know the categories and types of personal information we collect about you. We make this information available to you in the INFORMATION WE MAY COLLECT section of our Privacy Policy. 

  1. Categories of sources from which we collect personal information 

You have the right to know the categories of sources from which we collect your personal information. We make this information available to you in the INFORMATION WE MAY COLLECT section of our Privacy Policy. 

  1. Our processing of your personal information

You have the right to know how we process and use your personal information. We make this information available to you in the USE OF INFORMATION section of our Privacy Policy. 

*For residents of the State of Virginia, to the extent that we maintain de-identified data, we take reasonable measures to ensure that de-identified data cannot be associated with a natural person, we publicly commit to maintaining and using de-identified data without attempting to re-identify the data, and we contractually obligate any recipient of the data to comply with the same obligations. 

  1. Disclosure of Personal Information

We do not sell your personal information and we do not use your data for targeted advertising (as that term is defined by your applicable state law). We may send you advertising in response to your request for information or feedback or based on your activities with our Services, including your search queries and visits to our Services. However, we will not send you targeted advertising based on your activities across non-affiliated websites, applications or platforms to predict your preferences or interests. 

  1. No Sale of Data or Use of Data for Targeted Advertising

We do not sell your personal information and we do not use your data for targeted advertising (as that term is defined by your applicable state law). We may send you advertising in response to your request for information or feedback or based on your activities with our Services, including your search queries and visits to our Services. However, we will not send you targeted advertising based on your activities across non-affiliated websites, applications or platforms to predict your preferences or interests. 

  1. Your Rights
  2. Where we act as the Controller of your personal information (as opposed to a Processor as those terms are defined in your applicable State law), you have the right to submit a request to us for the following:

Right to access. You have the right to know if we process your personal information and have access to such information and certain details of how we use it. 

Right to correct. We take reasonable steps to ensure that information we hold about you is accurate and complete. However, you have the right to request that we correct any inaccurate personal information that we have about you. 

Right to delete. You may have the right to request that we delete your personal information where we act as a controller. This right is subject to several 

exceptions and we may deny your deletion request if retaining the information is necessary for us or our processors to: 

  • Complete the transaction for which we collected the personal

information and take actions reasonably anticipated within the context of 

our ongoing business relationship with you or our client; 

  • Detect bugs or errors in our Services, detect security incidents, protect

against malicious, deceptive, fraudulent, or illegal activity, or prosecute 

those responsible for such activities; 

  • Enable solely internal uses that are reasonably aligned with consumer

expectations based on your relationship with us; 

  • Comply with a legal obligation; or
  • Make other internal and lawful uses of that information as permitted by law or that are compatible with the context in which we collected it.

Right to restriction of processing (opt-out). You have the right to opt-out of processing your personal information for purposes of profiling in furtherance of any automated processing of your data that produce legal or similarly 

significant effects concerning you. (This right only applies to residents of the States of Colorado, Connecticut and Virginia.) 

Right to data portability. You have the right to obtain a copy of your data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to a third party. 

Right to non-discrimination and no retaliation. We will not discriminate or retaliate against you for exercising any of your rights, including but not limited to, by denying you goods or services, charging you different prices for goods or services, or providing you a different level or quality of goods or services.

Right to restrict the processing of sensitive information 

Unless we are processing your sensitive information pursuant to any of the legal exemptions listed in Section 8 (Exemptions) below or as otherwise allowed by law: 

  • For residents of the States of Connecticut, Virginia and Colorado, we will not process your sensitive information without first obtaining your

consent; and 

  • For residents of the State of Utah, we will not process your sensitive

personal information without providing you with notice and an 

opportunity to opt out. 

  1. Exercising Your Rights

You may exercise your rights to know, delete and correct as described above by submitting a verifiable request to us by either: 

Emailing us at privacy@wonderyearsny.com; or 

Calling us at 347-987-4233  

  1. Authentication Process

We will only fulfill request when we can verify your identify and confirm that you are authority to make such a request. Only you, you as the parent or legal guardian on behalf of your minor child, or your authorized agent, guardian or conservator may make a request related to personal information. If an authorized agent, legal guardian or conservator submits the request, we may require your written permission to do so and may require additional information to authenticate your identity. We may deny a request by an authorized agent, legal guardian or conservator who does not submit proof of authorization to act on your behalf. We will only use the personal information you provide in a request to verify your identity or authority to make the request. 

  1. Response Timing and Format

We will respond to an authenticated request within forty- five (45) days of its receipt, and will notify you within those forty-five (45) days if we require more time to respond and the reasons for the additional time. If you have an Account with us, we will deliver our written response to that Account. If you do not have an Account with us, we will deliver our written response by mail or electronically, at your option. If we cannot comply with a request or a portion of the request, we will include the reasons in our response. 

*For residents of the States of Colorado, Connecticut and Utah, you may make one request within a twelve-month period at no charge. 

*For residents of the State of Virginia, you may make a request up to two (2) times within a twelve (12) month period at no charge. We reserve the right to charge a fee to process or respond to any request that we consider excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. 

  1. Right to Appeal

You have the right to appeal our decision within a reasonable period of time after receipt of our response. You may appeal our decision by sending us an email at privacy@wonderyearsny.com. We will respond to your appeal within 60 days of receipt (45 days of receipt for residents of Colorado) and will inform you of any decisions and the reasons for such decisions. 

* Please note that in certain cases we may collect your personal information as a processor (as opposed to a controller, as those terms are defined in your applicable state privacy law) pursuant to a contract we have with a commercial client (the controller) to provide a service. In such a case, we are required to collect and process your information only based on the instructions received from the controller. Should you direct your requests to exercise your rights to us, we may be required to share your request with the controller, who is the party responsible under your applicable state privacy law for receiving, authenticating and responding to your requests. 

  1. Exemptions

This section (Notice of Colorado, Connecticut, Virginia and Utah Privacy Rights) does not apply to certain entities and data that are exempt from your applicable state privacy law, including but not limited to the following: covered entities, business associates and protected health information governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH); financial institutions and personal information subject to the Gramm-Leach-Bliley Act (GLBA); and personal information collected, processed, sold, or disclosed pursuant to certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Family Educational Rights and Privacy Act, the Farm Credit Act and the Driver’s Privacy Protection Act of 1994 (DPPA). 

Changes to Our Privacy Notice 

We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you by email or through a notice on our website homepage. 

Contact Information 

If you have any questions or comments about this notice, our Privacy Statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under applicable law, please do not hesitate to contact us at: 

Data Protection/HIPAA Privacy Office

26 Court Street, Ste 816 

Brooklyn, NY 11242 

privacy@wonderyearsny.com 

347-987-4233