Data Protection

Data Controller and Contact

National Health & Your Information Portal ("NHYIP") is the data controller for personal data processed through nhyip.com and related services in the United States of America. Owner and contact: Gareth Holbrook, 500 Mercer St, Seattle, WA 98109, United States. Email: [email protected].

No Data Protection Officer is formally appointed; all privacy inquiries should be directed to the contact above.

Scope and Applicability

This notice describes how NHYIP processes personal data in accordance with principles aligned to the EU/UK General Data Protection Regulation (GDPR) where applicable, and in compliance with relevant United States federal and state privacy laws. It applies to personal data collected online via our website and any interactive features, email communications, and customer support channels. If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, additional GDPR rights described below may apply to you.

Categories of Personal Data We Process

Information You Provide Directly

Identifiers and contact details (e.g., name, email address, postal address, telephone number).
Account and preference data (e.g., saved articles, newsletter choices, content interests).
Health and wellness context you choose to share (e.g., topics of interest related to medications, supplements, or conditions). Please do not submit sensitive information beyond what is necessary.
Support communications (e.g., inquiries, feedback, and correspondence).

Information Collected Automatically

Device and usage data (e.g., IP address, unique identifiers, browser and OS information, pages viewed, referring URLs, timestamps).
Cookies and similar technologies for essential site functions, analytics, preferences, and, where applicable, advertising measurement.

Derived and Inferred Data

Interest segments and analytics derived from your interactions to improve content relevance and service quality.

Aggregated and De-Identified Data

We may aggregate or de-identify data so that it can no longer reasonably be linked to an individual; such data is not considered personal data.

Purposes and Legal Bases for Processing

Providing and operating the site, including troubleshooting and support. Legal bases: performance of a contract (where applicable), legitimate interests.
Personalizing content and user experience. Legal bases: consent (where required), legitimate interests.
Analytics, measurement, and service improvement. Legal bases: consent (where required), legitimate interests.
Communications such as newsletters and updates. Legal bases: consent, legitimate interests with opt-out.
Security, fraud prevention, and integrity of our services. Legal bases: legitimate interests, legal obligations.
Compliance with laws and enforcement of our terms. Legal bases: legal obligations, legitimate interests.

Where consent is the legal basis, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

Cookies and Similar Technologies

We use cookies, web beacons, and similar technologies to enable essential functionality, remember preferences, perform analytics, and, where applicable, measure or improve advertising. You can manage cookies via your browser settings and device controls. In jurisdictions recognizing Global Privacy Control (GPC) signals, we endeavor to honor such signals for opt-out of certain data uses (e.g., cross-context advertising) to the extent required by applicable law.

Data Sharing and Disclosure

Service providers and processors that perform services on our behalf (e.g., hosting, analytics, email delivery) under contractual obligations to protect personal data.
Analytics and measurement partners to understand service usage and improve performance. Where required, we obtain consent before enabling non-essential analytics.
Advertising or marketing partners, if applicable, for measurement and limited personalization; you may opt-out of cross-context behavioral advertising as described below.
Legal, regulatory, and safety disclosures to comply with laws, respond to lawful requests, or protect rights, safety, and property.
Business transfers in connection with mergers, acquisitions, financing, or asset sales, subject to continued protection of personal data.

We do not sell personal information for monetary consideration. Some U.S. state laws define "share" to include certain disclosures for cross-context behavioral advertising; you have the right to opt-out of such sharing where it occurs.

International Data Transfers

Our services are operated in the United States. When we receive or process personal data from individuals in the EEA, UK, or Switzerland, we implement appropriate safeguards such as European Commission-approved Standard Contractual Clauses (and UK addenda where applicable), and adopt supplementary measures as needed. We may also rely on applicable derogations (e.g., your explicit consent or necessity for contract performance) in limited situations.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this notice, including to meet legal, accounting, or reporting requirements. Retention periods depend on the category of data, the sensitivity of the information, potential risk of harm from unauthorized use or disclosure, and our legal obligations. When data is no longer needed, we will delete, anonymize, or securely store it until deletion is feasible.

Data Security

We employ administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, destruction, loss, alteration, or disclosure. Despite these measures, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Children's Privacy

Our services are not directed to children under 13 years of age, and we do not knowingly collect personal data from children under 13. If we learn that we have collected such data, we will delete it. Parents or guardians who believe a child has provided personal data may contact us at [email protected].

Sensitive Health and Wellness Information

NHYIP provides informational content about medications, supplements, diseases, and wellness. Unless explicitly stated otherwise, NHYIP is not a HIPAA-covered entity or business associate, and information you provide to us is generally not protected health information (PHI) under HIPAA. We treat any health-related personal data you choose to share as sensitive, process it with care, and limit its use to the purposes described in this notice, subject to your choices and applicable U.S. state privacy laws.

Your Privacy Rights

Rights for Individuals in the EEA/UK/Switzerland (GDPR)

Access: request confirmation whether we process your personal data and receive a copy.
Rectification: request correction of inaccurate or incomplete data.
Erasure: request deletion in circumstances set out by law.
Restriction: request limiting of processing in certain cases.
Portability: receive your data in a structured, commonly used format and transmit it to another controller where technically feasible.
Objection: object to processing based on legitimate interests or for direct marketing.
Consent withdrawal: withdraw consent at any time, where processing is based on consent.

You also have the right to lodge a complaint with a supervisory authority; however, we encourage you to contact us first so we can address your concerns promptly.

Rights for Residents of the United States

Right to know/confirm processing and access specific pieces of personal information.
Right to correct inaccuracies.
Right to delete personal information, subject to exceptions.
Right to data portability for certain information.
Right to opt-out of sales and sharing for cross-context behavioral advertising, and to opt-out of certain profiling.
Right to limit the use and disclosure of sensitive personal information where state law affords this right.
Right to non-discrimination for exercising privacy rights.

How to Exercise Your Rights

You may submit privacy requests by emailing [email protected] or by mail to Gareth Holbrook, 500 Mercer St, Seattle, WA 98109, USA. Please describe your request, the right you wish to exercise, and sufficient information for us to verify your identity (e.g., contact details and the nature of your interaction with us). We may request additional information solely to verify and process your request.

We will respond to verifiable consumer requests within the timelines required by law (generally within 45 days in the United States, and within one month under the GDPR, with possible extensions where permitted). If we deny your request, you may appeal by replying to our decision with the subject line “Privacy Appeal.” If you are using an authorized agent (where permitted by law), we may require proof of authorization and direct verification of your identity.

Do Not Sell or Share My Personal Information

To opt-out of the sale or sharing of personal information for cross-context behavioral advertising (where applicable), contact us at [email protected] with the subject line “Do Not Sell or Share.” We also endeavor to honor browser-based Global Privacy Control (GPC) signals where required by law.

Automated Decision-Making

We do not use automated decision-making that produces legal or similarly significant effects about you. If this changes, we will provide meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing, and your related rights.

Third-Party Links and Services

Our services may include integrations or content from third parties. Your interactions with third-party services are governed by their own privacy practices. We encourage you to review those practices before engaging.

Changes to This Notice

We may update this Data Protection notice from time to time to reflect changes in our practices or legal requirements. Material changes will be indicated by updating the “Last Updated” date below. Your continued use of our services after an update signifies your acknowledgment of the revised notice.

Last Updated: 2025-08-21