top of page

WEBSITE POLICIES

Privacy Policy

Last Updated: 8/19/2025

1. Introduction

This Privacy Policy explains how Boone Health Group, Inc. ("we," "us," "our," "Boone Heart Institute") collects, uses, discloses, and protects information when you visit https://www.booneheartmindbody.com/, contact us, or otherwise interact with our services. We primarily serve U.S. visitors (including Colorado and California residents) and welcome international visitors.

We strive to align with: Colorado Privacy Act (CPA), California Consumer Privacy Act as amended by CPRA (CCPA/CPRA), California Online Privacy Protection Act (CalOPPA), and GDPR/UK GDPR (for EU/UK residents).

2. Who We Are (Controller)

Data Controller: Boone Heart Institute, 7355 E Orchard Rd suite 100, Greenwood Village, CO 80111, US

Contact: info@booneheartmindbody.com, 720-994-5901

If you are in the EU/UK, you may contact us at the above details to exercise GDPR/UK GDPR rights.

3. Information We Collect

Sources: directly from you; automatically from your device; and from service providers that support our website, analytics, forms, or scheduling tools.

We collect information in the following categories:

  • Identifiers & Contact Details: name, email, phone, mailing address, state/country, and any details you submit via forms, messages, or bookings.

  • Health/Wellness Information (Sensitive): data you voluntarily provide in inquiries, intake forms, or assessments. If we are a HIPAA Covered Entity or Business Associate, such data may be Protected Health Information (PHI).

  • Account & Communication Content (if applicable): messages, notes, files, or attachments you provide.

  • Automatically Collected Data: IP address, browser type, device type, and general usage data through Google Analytics, Google Search Console, and Wix analytics.

  • Cookies & Similar Tracking Technologies: We use cookies for store functionality, analytics, and — with consent — marketing.

3.1 Cookies Policy

What Are Cookies?

Cookies are small text files stored on your device when you visit websites.

Types of Cookies We Use

  • Essential: necessary for site functionality.

  • Analytics: help us understand site usage (e.g., Google Analytics, Wix analytics, Squarespace analytics, etc.) and improve services.

  • Marketing: used for targeted ads (only with your consent).

How We Use Cookies

We use cookies to improve your experience and analyze site performance. We do not use marketing cookies unless you consent.

Your Choices

At first visit, a banner appears giving you the choice to:

  • Accept All cookies

  • Reject Non-Essential cookies

You can change cookie preferences anytime via your browser settings.

4. Purposes for Processing

We process data to:

  • Provide and improve our website and services; respond to inquiries; schedule appointments.

  • Perform assessments and deliver professional recommendations (non-emergency, non-urgent).

  • Conduct analytics, security monitoring, debugging, and site performance optimization.

  • Send updates, newsletters, or educational materials with your consent (where required).

  • Comply with legal, ethical, and regulatory obligations (e.g., records retention).

5. Legal Bases (GDPR/UK GDPR)

  • Consent (e.g., marketing communications, non-essential cookies).

  • Contract (to provide requested services).

  • Legal Obligation (e.g., maintaining records).

  • Legitimate Interests (e.g., site security, analytics), balanced against your rights.

  • Vital Interests (rare; e.g., to protect life or safety).

6. Sharing & Disclosures

We may disclose information to:

  • Service Providers/Processors (e.g., Wix, Google) who process data under contract and only as instructed by us.

  • Professional Advisors (legal, accounting) under confidentiality.

  • Authorities/Regulators when required by law or court order.

  • Business Transfers in connection with a merger, acquisition, or asset sale (your information may transfer as a business asset).

Sale/Sharing (CPRA): We do not sell personal information and do not share personal information for cross-context behavioral advertising. If this changes, we will provide an opt-out mechanism ("Do Not Sell or Share My Personal Information").

7. Sensitive Personal Information (Health Data)

We do not use or disclose Sensitive Personal Information (including health data) for purposes that require an opt-out under CPRA (e.g., inferring characteristics) and we limit processing to appropriate purposes (e.g., providing requested services). If HIPAA applies, see our HIPAA/Health Data Privacy Statement.

8. Retention

We retain data only for as long as necessary for the purposes set out above or as required by law/regulation. Typical periods:

  • Contact/Form Submissions: up to 24 months unless ongoing service relationship exists.

  • Analytics Data: per the default/tool-specific retention (e.g., Google Analytics settings).

  • Client/Health Records: per professional, ethical, and legal standards (e.g., HIPAA and state law).

9. International Transfers

If we transfer data outside your jurisdiction (e.g., from EU/UK to the U.S.), we rely on appropriate safeguards (e.g., Standard Contractual Clauses) and take steps to protect your information.

10. Security

We implement reasonable administrative, technical, and physical safeguards. No method of transmission or storage is 100% secure.

11. Data Breach Notification

If a data breach occurs, we will investigate promptly, take necessary remedial actions, and notify affected individuals and relevant authorities as required by law (e.g., HIPAA breach notification rules and state law).

12. Your Privacy Rights

Colorado (CPA) & Similar State Laws: access, correction, deletion, portability, opt-out of certain processing, and right to appeal a denial.

California (CCPA/CPRA): access/know, correction, deletion, portability, opt-out of sale/sharing, limit use of Sensitive Personal Information, non-discrimination.

GDPR/UK GDPR: access, rectification, erasure, restriction, portability, objection, and withdrawal of consent (without affecting prior lawful processing).

How to Exercise: email info@booneheartmindbody.com with your request and sufficient information to verify your identity.

Appeal (CPA): if we deny your request, you may appeal by replying "Appeal" to our decision; we'll respond with our final determination and your right to contact the Colorado AG.

13. Cookies & Tracking; Do Not Track

See our Cookies Policy for details and choices. We honor Global Privacy Control (GPC) signals to the extent required by applicable law. At this time, we do not respond to browser "Do Not Track" signals.

14. Children's Privacy

This site is not intended for children under 18. We do not knowingly collect data from children. If you believe a child has provided data, contact us to delete it.

15. Third-Party Links

We are not responsible for the privacy practices of third-party sites linked from ours. Review their policies before providing information.

16. Changes to This Policy

We review this policy at least annually or when practices change. We will post updates with a new "Last Updated" date and, where legally required, provide additional notice.

17. Contact

For any questions or comments about this policy, please contact us at:

Boone Health Group, Inc.

7355 E Orchard Rd suite 100, Greenwood Village, CO 80111, USA

Email: info@booneheartmindbody.com

Phone: 720-994-5901


bottom of page