0

No products in the cart.

Schedule A Call

Privacy Policy 

Last Updated: April 28, 2025 

 

Update Notice: 

This Privacy Policy has been updated to include additional information regarding our compliance with the General Data Protection Regulation (GDPR) and the United Kingdom Data Protection Act 2018. These updates provide greater transparency on how we handle personal data for individuals located in the European Economic Area (EEA), Switzerland, and the United Kingdom. 

Table of Contents: 

  1. Introduction 
  2. Definitions 
  3. Personal Data We Collect 
  4. How We Use Your Personal Data 
  5. Sharing Your Personal Data 
  6. Data Handling Clarifications 
  7. Legal Basis for Processing Personal Data 
  8. Your Data Protection Rights 
  9. Data Security and Retention 
  10. International Data Transfers 
  11. Data & Storage (GDPR Compliance) 
  12. Supplemental Terms for California Residents 
  13. Supplemental Information for the EEA, Switzerland, and the U.K. 
  14. Supplemental Information for Other Regions 
  15. Children’s Privacy 
  16. Links to Other Websites 
  17. Contact Information 
  18. English Version Controls 

This privacy policy (“Privacy Policy”) describes how Timeless Medical Systems® and its affiliates (“Timeless Medical,” “we,” “us,” or “our”) collect, use, and disclose your personal data when you interact with our websites, online platforms, events, and business promotion activities. 

This Privacy Policy applies to instances where Timeless Medical acts as a controller of your personal data. It does not apply to situations where Timeless Medical processes personal data on behalf of our customers in the context of providing our products and services. Our handling of personal data to include personal health information (PHI) is governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and our agreements with those customers as detailed in our company’s Privacy, Use, and Disclosure Policy (HIPAAA). This Privacy Policy does not apply to our processing of PHI as a Business Associate. If you have questions about how a Timeless Medical customer processes your personal data, please contact them directly. 

Capitalized terms used in this Privacy Policy that are not defined (such as “Site,” “Services,” etc.) have the meanings given to them in our Terms of Service or applicable agreement. If you are located in EEA, Switzerland, or the U.K., please refer to Section 13 for specific information about which entity or entities act as a controller of your personal data. 

2. Definitions 

For the purposes of this Privacy Policy: 

  • Account means a unique account created for You to access our Service or parts of our Service. 
  • Affiliate means an entity that controls, is controlled by or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority. 
  • Applicable Law laws and regulations that govern how you collect, use, and store personal data (e.g., GDPR, CCPA, HIPAA if applicable). 
  • Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to Timeless Medical Systems®. 
  • Controller the party that determines the purposes and means of processing personal data. 
  • Cookies are small text files stored on a user’s device to collect information about browsing behavior. 
  • Country refers to: your country of residence or domicile of the Company. 
  • Device means any device that can access the Service such as a computer, a cellphone or a digital tablet. 
  • Non-Personal data is information that cannot reasonably be used to identify an individual (e.g., aggregated statistics, de-identified data). 
  • Personal data is any information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, to an individual (e.g., name, email address, phone number, IP address, device identifiers). 
  • Processing any operation performed on data, such as collecting, recording, organizing, storing, sharing, or deleting. 
  • Processor the third party that processes data on behalf of a controller/business. 
  • Service refers to the Website. 
  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used. 
  • Third-party Companies or individuals who are not part of your organization but who may receive personal data (e.g., service providers, partners).
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit). 
  • Website refers to Timeless Medical Systems, accessible from https://www.timelessmedical.com/
  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

3. Personal Data We Collect 

When we use the term “personal data” in this Privacy Policy, we mean information that relates to an identified or identifiable natural person. This includes information that, alone or in combination with other information, can be used to identify, locate, or contact you. It does not include aggregated or de-identified data that cannot be reasonably associated with a specific individual, or information excluded from privacy protections under applicable law. 

We collect personal data in the following ways: 

  • Personal Data You Provide: 
    • Contact and Inquiry Information: When you contact us with inquiries, requests, or for support, we may collect your name, email address, phone number, postal address, and any information you provide in your communication (e.g., questions, comments, or feedback). 
    • Account Information: If you create an account on our website or online platform, we may collect your username, password, and other registration details.
    • Marketing and Event Information: If you register for events, webinars, or participate in surveys, promotions, or marketing campaigns, we may collect your name, email address, phone number, organization, title, and any other information you provide. 
    • Transaction Information: When you make purchases or engage in transactions with us, we may collect information necessary to process the transaction, such as contact information, purchase details, and payment information. 
  • Automatically Collected Personal Data: 
    • Website Usage Information: When you interact with our websites and online platforms, we automatically collect certain information about your device and usage. This may include your IP address, browser type, operating system, referring URLs, pages visited, dates and times of access, and other browsing activity. 
    • Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities on our websites. This helps us to personalize your experience, remember your preferences, and analyze website traffic. For more information, please see our Cookie Policy. We will obtain your consent for cookies as required by law.
  • Personal Data from Third Parties: 
    • Business Partners: We may receive personal data from our business partners, such as those we collaborate with on events or marketing initiatives.
    • Third-Party Services and Platforms: If you interact with our services through third-party platforms (e.g., social media networks), we may receive information about you from those platforms, depending on your privacy settings. 
    • Other Sources: We may obtain personal data from other sources, such as public databases or data aggregators, to supplement the information we collect. 

4. How We Use Your Personal Data 

We use your personal data for various purposes related to our business operations, including: 

  • Providing Services and Support: To provide you with information, products, and services that you request, including responding to inquiries, processing transactions, and providing customer support. 
  • Communication: To communicate with you regarding your account, transactions, or our services, including sending important notices, updates, and administrative messages. 
  • Marketing and Promotion: To send you marketing communications, such as newsletters, promotional offers, and information about our products, services, and events. We will provide you with the option to opt out of marketing communications. 
  • Website Improvement and Personalization: To analyze website usage, trends, and effectiveness, and to personalize your experience on our websites and online platforms.
  • Business Operations: To operate and improve our business, conduct research and development, and for internal purposes such as auditing, reporting, and business planning. 
  • Legal Compliance and Security: To comply with applicable laws and regulations, protect our rights and property, and prevent fraud, security incidents, or illegal activities.
  • Other Purposes: For any other purposes disclosed to you at the time of collection or with your consent. 

5. Sharing Your Personal Data 

We may share your personal data with the following categories of recipients: 

  • Service Providers: We may share your personal data with third-party service providers who perform services on our behalf, such as website hosting, data analysis, payment processing, marketing, and customer support. These service providers are contractually obligated to protect your data and use it only for the purposes we specify. 
  • Business Partners: We may share your personal data with business partners with whom we collaborate on projects, events, or offerings. 
  • Affiliates: We may share your information with our affiliates, subsidiaries, or parent company for internal business purposes. 
  • Legal Authorities: We may disclose your personal data to law enforcement, government agencies, or other legal authorities when required by law or in response to a valid legal request.
  • Corporate Transactions: In the event of a merger, acquisition, sale of assets, or other corporate transaction, we may disclose your personal data to the acquiring or successor entity. 
  • With Your Consent: We may share your personal data with third parties for any other purpose with your consent.

6. Data Handling Clarifications 

To provide further transparency, we clarify the following regarding our data practices: 

  • Data We Do Not Collect: 
    • Geolocation Data: We do not knowingly collect geolocation data. This means we do not collect information that pinpoints your exact location, such as GPS coordinates. We may collect general location information, such as your city or region, to provide relevant content or services. 
    •  Financial Information (Beyond Transactions): We do not collect financial information beyond what is necessary to complete transactions. This means we do not collect information such as your credit score, investment portfolio, or detailed financial history. We do collect payment information (e.g., credit card details) to process purchases you make from us. 
    • Biometric Information: We do not collect biometric information. This includes data derived from biological measurements, such as fingerprints, facial 
    • recognition data, voiceprints, or other unique physical characteristics. 
  • Data We Will Not Share:
  • We will not share your mobile opt-in data (e.g., phone numbers collected for SMS messaging) with third parties for their own marketing or promotional purposes. This restriction does not apply to service providers who process data on our behalf or disclosures required by law. 

7. Legal Basis for Processing Personal Data 

We process your personal data based on one or more of the following legal bases, depending on the specific purpose of the processing: 

  • Contractual Necessity: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract. 
  • Legitimate Interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided that your interests and fundamental rights do not override those interests. 
  • Consent: You have given consent to the processing of your personal data for a specific purpose. You have the right to withdraw your consent at any time. 
  • Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject. 
  • Vital Interests: Processing is necessary to protect your vital interests or those of another person.

8. Your Data Protection Rights 

Depending on your location and applicable law, you may have certain rights regarding your personal data, including the following: 

  • Right to Access: You have the right to request access to your personal data that we hold. 
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data. 
  • Right to Erasure: You have the right to request that we delete your personal data under certain circumstances. 
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances. 
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller. 
  • Right to Object: You have the right to object to the processing of your personal data under certain circumstances, including for direct marketing purposes. 
  • Right to Withdraw Consent: If we rely on your consent to process your personal data, you have the right to withdraw your consent at any time. 
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection authority in your jurisdiction. 

To exercise your rights, please contact us as described in the “Contact Information” section below. We will respond to your request in accordance with applicable law.

9. Data Security and Retention 

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, use, disclosure, alteration, or destruction. We regularly review and update our security measures to maintain an appropriate level of security. 

We retain your personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. The retention period will vary depending on the type of personal data and the purpose for which it is processed. 

10. International Data Transfers 

We may transfer your personal data to countries outside of your jurisdiction, including to countries where data protection laws may differ from those in your jurisdiction. When we transfer personal data internationally, we implement appropriate safeguards to ensure an adequate level of protection for your data, such as: 

  • Adequacy Decisions: Transferring data to countries that have been deemed to provide an adequate level of protection by relevant authorities.
  • Standard Contractual Clauses: Using standard contractual clauses approved by the European Commission or other appropriate authorities. 
  • Other Appropriate Safeguards: Implementing other legally recognized mechanisms for international data transfer. 

11. Data & Storage (GDPR Compliance) 

Within this Clause the terms “Controller,” “Data Controller,” “Processor,” “Data Processor,” “Data,” “Personal Data,” “Processing,” and “Sub-Processor” shall have the meanings assigned to them under the United Kingdom Data Protection Act 2018 (“Data Protection Legislation”). For the purposes of this Privacy Policy, Timeless Medical Systems is the “Processor,” and you (the Customer) are the “Controller.” 

In respect of the processing of Personal Data by the Processor under or in connection with this Agreement, the Processor shall: 

  1. Only process the Personal Data in accordance with the Data Protection Legislation;
  2. Ensure that all Agents engaged by the Processor have entered into confidentiality or non-disclosure agreements and fulfill the Processor’s obligations concerning the security and protection of Personal Data; 
  3. Implement appropriate technical and organizational measures to safeguard Personal Data; 
  4. Co-operate and assist the Controller as reasonably requested to enable the Controller to comply with any exercise of rights by a Data Subject, including requests for access, deletion, or correction; 
  5. Reasonably assist the Controller in ensuring compliance with obligations under the Data Protection Legislation; 
  6. Upon termination or expiration of this Agreement, return or securely delete Personal Data upon the Controller’s request (subject to any applicable law requiring retention);
  7. Make available to the Controller reasonable information necessary to demonstrate compliance with the Data Protection Legislation. 

The Controller authorizes the Processor to use Agents and Sub-Processors in the provision of the Services, subject to the Processor ensuring equivalent obligations are imposed upon any Sub-Processor. 

The Processor shall notify the Controller as soon as reasonably practicable of: 

  1. Any legally binding request for disclosure of Personal Data by a law enforcement authority, unless prohibited by law; 
  2. Any correspondence or notice from a data protection regulator or supervisory authority relating to the Personal Data. 

12. Supplemental Terms for California Residents

This section provides additional information for California residents as required by the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). 

  • Categories of Personal Information Collected, Sold, or Shared: 
    1. We may have collected the categories of personal information in the preceding 12 months as outlined in section 2. 
    2. We have not sold or shared any personal information in the preceding 12 months. 
  • Purposes for Collecting and Disclosing Personal Information:
  • We collect and disclose personal information for the purposes described in Section 3. 
  • California Consumer Rights: 
    • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you.
    • Right to Delete: You have the right to request the deletion of your personal information. 
    • Right to Correct: You have the right to request the correction of inaccurate personal information we maintain about you. 
    • Right to Opt-Out of Sale or Sharing: You have the right to opt-out of the sale or sharing of your personal information, as defined under California law. 
    • Right to Limit the Use and Disclosure of Sensitive Personal Information: You have the right to limit the use and disclosure of your sensitive personal information, as defined under California law, for purposes other than those permitted. 
  • Exercising Your California Rights:
  • To exercise your California rights, please contact us as described in the “Contact Information” section. We will respond to your request in accordance with CCPA/CPRA requirements. 
  • Non-Discrimination:
  • We will not discriminate against you for exercising your California privacy rights. 

13. Supplemental Information for the EEA, Switzerland, and the U.K. 

This section provides additional information for individuals in the EEA, Switzerland, and the U.K. regarding our processing of personal data. 

  • Legal Basis for Processing: We process your personal data based on the legal bases described in Section 5. 
  • Your Data Protection Rights: 
    1. You have the rights outlined in Section 6, and you can exercise those rights by contacting us. 
    2. You also have the right to lodge a complaint with a supervisory authority.
  • International Data Transfers: We may transfer your personal data to countries outside the EEA, Switzerland, and the U.K. If we do, we will comply with applicable data protection laws, including by implementing appropriate safeguards, such as:
    • Adequacy decisions by the European Commission 
    • Standard Contractual Clauses (SCCs)
    • Other approved transfer mechanisms 

14. Supplemental Information for Other Regions 

For individuals in other regions, we comply with applicable local data protection laws. This section may include specific information about how Timeless Medical complies with data protection laws in countries such as: 

  • Australia (Privacy Act 1988) 
  • Canada (PIPEDA) 
  • Bermuda’s Personal Information Protection Act (PIPA) 
  • Other Relevant Jurisdictions 

15. Children’s Privacy 

Our websites and online services are not intended for children under the age of 16. We do not knowingly collect personal data from children under that age. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us, and we will take steps to delete that information. 

16. Links to Other Websites 

Our websites may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to review the privacy policies of any third-party websites you visit. 

17. Contact Information 

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at privacy@timelessmedical.com. 

18. English Version Controls 

This Privacy Policy is written in English. In the event of any inconsistency or discrepancy between the English version and any translated version of this Policy, the English version shall prevail. 

About

Timeless Medical Systems® is the global leader in maternal breast milk, donor human milk and infant formula & nutritional supplement management and administration software.

Linkedin-in

Solutions & Services

Resources

Quick Links

Timeless Medical Systems® – © 2025 – All Rights Reserved.

Login

Register

Your personal data will be used to support your experience throughout this website, to manage access to your account, and for other purposes described in our privacy policy.