Who are we?
DrRedShoe.com is owned by Margarita Gurri, PhD, CSP and Dr. Red Shoe, a DBA of Shrink Rap, Inc.
- Contact data: 6353 John Daly St, Taylor, MI 48180. Maragarita@DrRedShoe.com, 844-DrRedShoe, 844-377-33740.
- Emergency contact number: +1-954-609-9904.
Our Promise about Security
- In reality, the safety of online material can never 100% guaranteed in these growing times of digital data.
- We promise to do our best to secure your data from digital and human security risks, to be mindful of security updates and procedures, and to guard confidentiality as fiercely as technology allows.
What personal data do we collect and why do we collect it?
- When you visit any website, your IP address, your current internet address, is collected by server logs. No other personal data is collected unless you choose to fill out an online form asking for more information or to make a purchase. We do collect the data shown on contact forms, including the visitor’s IP address
- When you complete an online form, we collect personal data, such as name, email address, personal account preferences; transactional data, such as purchase information; technical data, and browser agent string to help with spam detection.
- Purchases made through this website are through Authorize.net, a secure merchant service provider. Sensitive credit card purchasing data is collected for your account to allow for ease of future purchases and to be contacted should any issues arise with the payment or refund.
- Personal data is not just created by a user’s interactions with your site.
- By default, Dr. Red Shoe does not collect any personal data about visitors, and only collects the data shown on the User Profile screen from registered users. However, Calendar and Woo Commerce plugins may collect personal data. Personal data may also be generated from technical processes such as contact forms, comments, cookies, analytics, and third party embeds.
- To add a level of security, visitors cannot leave comments.
- No information will be disclosed without your permission. All uploaded files are not publicly accessible. If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
- Our contact form plugin captures data included in contact forms. We retain contact form submissions for customer service purposes but do not use the information submitted through them for marketing purposes.
Cookies and Future Cookie Possibilities
- If the future, we may collect cookies, if you opt-in to save your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
- If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
- When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
- If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
How does Webhost SiteGround protect my website?
Source: SiteGround. As one of the best and most preferred hosting providers on the market, we know how important security is for our customers. This is why server security is one of our top priorities. Here is just a small part of the measures we have taken to keep our servers and your websites secure.
- By default, we have set all servers to use the latest PHP 7 version with the latest security fixes.
- We are running Apache in a chrooted environment with suExec.
- We have sophisticated IDS/IPS systems that block malicious bots and attackers (Intrusion detection/prevention systems).
- ModSecurity is installed on all of our shared servers and we update our security rules weekly, thus protecting our customers from the most common attacks.
- We are providing easy to use and hassle-free auto-updates for WordPress core version and the plugins.
- We strive to keep the versions of all the software that is providing database services (FTP, SMTP, IMAP/POP3, HTTP, HTTPS) up to date with the latest security patches.
- We are constantly monitoring for vulnerabilities in the most popular applications and modules and whenever possible we develop virtual patches in the form of WAF rules (Web application firewall).
- We ensure that users’ data is accessed only by trusted personal on request by following strict policies and we keep detailed records for such access.
Unfortunately, the above is not always enough. Most web applications require constant attention and updates to remain safe from the latest security vulnerabilities.
Embedded content from other websites
- Our site contains links to other sites. While we are not responsible for their privacy practices or content, we want you to be informed.
- Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Zoom Videoconference Platform and Privacy
- Zoom is a HIPAA compliant web and video conferencing platform that is suitable for use in healthcare, provided a HIPAA covered entity enters into a business associate agreement with Zoom prior to using the platform and uses the platform compliantly (i.e. adhering to the HIPAA Minimum Necessary Standard).
- Our web hosting account and some plugins may collect some anonymous analytics data.
With whom do we share our data?
- Dr. Red Shoe does not share any personal data with anyone outside of the Dr. Red Shoe team. We value your digital safety and privacy. As such, we work hard to maintain your trust.
How long do we retain your data?
- For users that register on our website (if any), we store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
- If you have an account on this site, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
- Visitor comments may be checked through an automated spam detection service.
Your contact information
- Contact Margarita Gurri at Margarita@DrRedShoe.com for privacy-specific concerns.
How we protect your data
- In this section, you should explain what measures you have taken to protect your users’ data. This could include technical measures such as encryption; security measures such as two-factor authentication; and measures such as staff training in data protection. If you have carried out a Privacy Impact Assessment, you can mention it here too.
What data breach procedures we have in place
- In this section, you should explain what procedures you have in place to deal with data breaches, either potential or real, such as internal reporting systems, contact mechanisms, or bug bounties.
What third parties we receive data from
What automated decision making and/or profiling we do with user data
- If your web site provides a service which includes automated decision making – for example, allowing customers to apply for credit, or aggregating their data into an advertising profile – you must note that this is taking place, and include information about how that information is used, what decisions are made with that aggregated data, and what rights users have over decisions made without human intervention.
- Source: LearnDash LMS. We collect information about you during the course purchase process (PayPal, Stripe, and/or 2Checkout), as well as information relating to your course progression and quiz performance.
What we collect and store
When you purchase from us, we’ll ask you to provide an email address. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Create your account for our LMS
If you register a free account, then we will store your email address. We store information about you for as long as your account exists.
- We store course progress, including completion status, quiz scores, assignments and/or essay submissions (if applicable). We will also store comments on courses, lessons, topics, assignments, and essays if you choose to leave them.
Who on our team has access
Members of our team have access to the information you provide us. For example, both Administrators and Group Leaders can access:
- Order information such as your enrolled courses, course progress and username/email address.
- Any additional information added in your WordPress User Profile can also be visible to the administrator(s).
What we share with others
- In this section, you should list who you’re sharing data with, and for what purpose. This could include, but may not be limited to, analytics/reporting tools, marketing services (such as email services like MailChimp), payment gateways, gamification programs, and third party embeds.
- Source: WooCommerce. Credit card payments are run through Authroize.net, a secure resource. We collect information about you during the checkout process in our store.
What do we collect and store?
While you visit our site, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address, and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
- We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for seven years for tax and accounting purposes. This includes your name, email address, and billing and shipping addresses.
Who on our team has access
Members of our team have access to the information you provide us. For example, Administrators and Shop Managers can access:
- Order information like what was purchased, when it was purchased and where it should be sent, and
- Customer information like your name, email address, and billing and shipping information.
Our team members have access to this information to help fulfill orders, process refunds and support you.
Gmail and HIPPA Compliance
Source: Copy from Google https://admin.google.com/terms/apps/3/2/en/hipaa_baa.html
Google Apps HIPAA Business Associate Amendment
This HIPAA Business Associate Amendment (“HIPAA BAA”) is made and entered into by and between Google Inc. and Customer effective as of the date electronically accepted by Customer and amends the Agreement for the purpose of implementing the requirements of HIPAA to support the parties’ compliance requirements thereunder. The “Agreement” refers to the Google Apps for Work (or Business), Education, or Government Agreement entered into between the parties pursuant to which Google Inc. provides Services to Customer. Customer must have an existing Agreement in place for this HIPAA BAA to be valid and effective. Together with the Agreement, this HIPAA BAA will govern each party’s respective obligations regarding Protected Health Information (defined below).
You represent and warrant that: (i) you have full legal authority to bind Customer to this HIPAA BAA, (ii) you have read and understand this HIPAA BAA, and (iii) you agree, on behalf of Customer, to the terms of this HIPAA BAA. If you do not have legal authority to bind Customer, or do not agree to these terms, please do not sign or accept the terms of this HIPAA BAA.
The parties agree as follows:
- Definitions. For purposes of this HIPAA BAA, any capitalized terms not otherwise defined herein will have the meaning given to them in the Agreement and under HIPAA.
“Google” means Google Inc. and its affiliates that provide the Services.
“HIPAA” means the Health Insurance Portability and Accountability Act of 1996 and the rules and the regulations thereunder, as amended (including with respect to the HITECH Act).
“HIPAA Implementation Guide” means the informational guide that Google makes available describing how Customer can configure and use the Services to support HIPAA compliance. The HIPAA Implementation Guide is available for review at the following URL: https://www.google.com/work/apps/terms/2015/1/hipaa_implementation_guide.pdf (as the content at that URL, or such other URL as Google may provide, may be updated by Google from time to time)
“HITECH Act” means the Health Information Technology for Economic and Clinical Health Act enacted in the United States Congress, which is Title XIII of the American Recovery & Reinvestment Act, and the regulations thereunder, as amended.
“Included Functionality” means functionality within the Services as described at the following URL: https://www.google.com/work/apps/terms/2015/1/hipaa_functionality.html (as the content at that URL, or such other URL as Google may provide, may be updated by Google from time to time).
“Protected Health Information” or “PHI” will have the meaning given to it under HIPAA to if provided to Google as Customer Data in connection with Customer’s permitted use of Included Functionality.
“Security Rule” means 45 C.F.R., Part 164, Subpart C, under HIPAA.
“Services” means the Google Apps Core Services as defined under the applicable Agreement.
- Applicability. Parties. This HIPAA BAA applies to the extent Customer is acting as a Covered Entity or Business Associate, to create, receive, maintain or transmit PHI via the Included Functionality and where Google, as a result, is deemed under HIPAA to be acting as a Business Associate of Customer.
Services Scope. As of the effective date of this Amendment, this Amendment is applicable only to the Included Functionality. Google may expand the scope of Included Functionality. If Google expands the scope of Included Functionality then this HIPAA BAA will automatically apply to such additional new functionality and features as of the date the Included Functionality description is updated, or the date Google has otherwise provided written communication regarding an update to the scope of Included Functionality to Customer’s Notification Email Address (whichever date is earlier).
Permitted Use and Disclosure
- By Google. Google may use and disclose PHI only as permitted under HIPAA as specified in the Agreement and under this HIPAA BAA. Google may also use and disclose PHI for the proper management and administration of Google’s business and to carry out the legal responsibilities of Google, provided that any disclosure of PHI for such purpose may only occur if (1) required by applicable law; or (2) Google obtains written reasonable assurances from the person to whom PHI will be disclosed that it will be held in confidence, used only for the purpose for which it was disclosed, and that Google will be notified of any Breach.
- By Customer. Customer will not request Google or the Services to use or disclose PHI in any manner that would not be permissible under HIPAA if done by a Covered Entity itself (unless otherwise expressly permitted under HIPAA for a Business Associate). In connection with Customer’s management and administration of the Services to End Users, Customer is responsible for using the available controls within the Services to support its HIPAA compliance requirements, including reviewing the HIPAA Implementation Guide and enforcing appropriate controls to support Customer’s HIPAA compliance. Customer will not use the Services to create, receive, maintain or transmit PHI to other Google services outside of the Included Functionality, except where Google has expressly entered into a separate HIPAA business associate agreement for use of such Google services. If Customer uses Included Functionality in connection with PHI, Customer will use controls available within the Services to ensure: (i) all other Google products not part of the Services are disabled for all End Users who use Included Functionality in connection with PHI (except those services where Customer and Google already have an appropriate HIPAA business associate agreement in place); and (ii) it takes appropriate measures to limit its use of PHI in the Services to the minimum extent necessary for Customer to carry out its authorized use of such PHI. Customer agrees that Google has no obligation to protect PHI under this HIPAA BAA to the extent Customer creates, receives, maintains, or transmits such PHI outside of the Included Functionality (including Customer’s use of its offline or on-premise storage tools or third party applications).
- Appropriate Safeguards. Google and Customer will use appropriate safeguards designed to prevent against unauthorized use or disclosure of PHI, consistent with this HIPAA BAA, and as otherwise required under the Security Rule, with respect to the Included Functionality.
- Reporting. Google will promptly notify Customer following the discovery of a Breach resulting in the unauthorized use or disclosure of PHI in violation of this HIPAA BAA in the most expedient time possible under the circumstances, consistent with the legitimate needs of applicable law enforcement and applicable laws, and after taking any measures necessary to determine the scope of the Breach and to restore the reasonable integrity of the Services system by using commercially reasonable efforts to mitigate any further harmful effects to the extent practicable. Google will send any applicable Breach notifications to the Notification Email Address (as such contact is designated in the Services by Customer) or via direct communication with the Customer. For clarity, Customer and not Google, is responsible for managing whether its End Users are authorized to create, receive, maintain or transmit PHI within the Services and Google will have no obligations relating thereto. This Section 5 will be deemed as notice to Customer that Google periodically receives unsuccessful attempts for unauthorized access, use, disclosure, modification or destruction of information or interference with the general operation of Google’s information systems and the Services and even if such events are defined as Security Incident under HIPAA, Google will not provide any further notice regarding such unsuccessful attempts.
- Agents and Subcontractors. Google will take appropriate measures to ensure that any agents and subcontractors used by Google to perform its obligations under the Agreement that require access to PHI on behalf of Google are bound by written obligations that provide the same material level of protection for PHI as this HIPAA BAA. To the extent Google uses agents and subcontractors in its performance of obligations hereunder, Google will remain responsible for their performance as if performed by Google itself under the Agreement.
- Accounting Rights. Google will make available to Customer the PHI via the Services so Customer may fulfill its obligation to give individuals their rights of access, amendment, and accounting in accordance with the requirements under HIPAA. Customer is responsible for managing its use of the Services to appropriately respond to such individual requests.
- Access to Records. To the extent required by law, and subject to applicable attorney client privileges, Google will make its internal practices, books, and records concerning the use and disclosure of PHI received from Customer, or created or received by Google on behalf of Customer, available to the Secretary of the U.S. Department of Health and Human Services (the “Secretary”) for the purpose of the Secretary determining compliance with this HIPAA BAA.
- Return/Destruction of Information. Google agrees that upon termination of the Agreement, Google will return or destroy all PHI received from Customer, or created or received by Google on behalf of Customer, which Google still maintains in accordance with the section titled “Effects of Termination” (or as otherwise expressly agreed in writing) under the Agreement; provided, however, that if such return or destruction is not feasible, Google will extend the protections of this HIPAA BAA to the PHI not returned or destroyed and limit further uses and disclosures to those purposes that make the return or destruction of the PHI infeasible. In the event this HIPAA BAA is terminated earlier than the underlying Agreement Customer may continue to use the Services in accordance with the Agreement, but must delete any PHI it maintains in the Services and cease to create, receive, maintain or transmit such PHI to Google or within the Services.
- Breach/Cure. Customer may immediately terminate this HIPAA BAA and the Agreement upon 10 days written notice to Google if Google has materially breached this HIPAA BAA and such breach is not reasonably capable of being cured.
- Term. This HIPAA BAA will expire upon the earlier of: (i) a permitted termination in accordance with this HIPAA BAA; (ii) the natural expiration or termination of the existing Agreement; or (ii) the execution of an updated HIPAA BAA that supersedes this HIPAA BAA.
- It is the parties’ intent that any ambiguity under this HIPAA BAA be interpreted consistently with the intent to comply with applicable laws.
Effect of Amendment
- This HIPAA BAA supersedes in its entirety any pre-existing HIPAA BAA executed by the parties covering the same Services. To the extent of any conflict or inconsistency between the terms of this HIPAA BAA and the remainder of the Agreement, the terms of this HIPAA BAA will govern. Except as expressly modified or amended under this HIPAA BAA, the terms of the Agreement remain in full force and effect. By Customer electronically accepting or signing the terms of this HIPAA BAA made available by Google, Customer and Google (on behalf of itself and its affiliates that provide the Services) agree that it constitutes a written agreement between the parties.
HIPAA BAA (Google Inc. Apps Amendment) 020215
Our Promise about Security
- The safety of online material is never 100% guaranteed in these growing times of digital data.
- We promise to do the best to secure your data from digital and human security risks, to be mindful of security updates and procedures, and to guard confidentiality as fiercely as technology allows.
Thank you for visiting our site. It’s an honor to be of service to you and yours in your business and personal life.
Margarita Gurri, PhD, CSP and the Red Shoe Team