Privacy Policy Lyphe Dispensary

 

At Lyphe Dispensary we aim to be your one-stop-shop for managing your medical cannabis prescriptions. We take pride in the quality of our prescription service and our ability to source and supply medical cannabis products to meet your prescription requirements, quickly and affordably. Our high business standards extend to our privacy practices and the safeguarding of your personal information.

This policy describes the information we collect, or you shared with us when you visit our website (regardless of where you visit it from) or use our platform and services to manage your medical cannabis prescriptions, as well as how that data is used, stored and safeguarded, and your choices regarding this information.

  1. What this policy covers

This policy outlines how we at Lyphe Dispensary collect and process your personal information through your use of our website (the “Website”), as well as the platform we use to manage your medical cannabis prescriptions, and such other services associated with the management and supply of prescribed medical cannabis (collectively the “Services”), including any data you may provide to us when you create an account, register to use our prescription management services (whether as a Patient, Carer or Doctor), manage your prescriptions through us, or interact with us in any way.

Our Website and Services are intended for use by patients, carers and doctors and only by those over the age of 18; we do not knowingly collect data relating to children.

It is important that you read this privacy policy together with any other policy on data processing or other notices we may provide on specific occasions so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

  1. Data controller and contact details

Total Health Midlands Ltd trading as Lyphe Dispensary (“Lyphe Dispensary”“we”“us” or “our”) is the ‘data controller’ of the processing of your personal information as described in this policy. As the data controller, we decide why and how your personal information is processed and are responsible to you for that processing under data protection laws.

Our details are as follows:

  • Correspondence address: Lyphe Dispensary, Unit 12 Farnborough Business Park, Eelmore Road, Farnborough, Hampshire, GU14 7XA
  • Email: hello@dispensarygreen.com
  • Registered office address: 20-22 Wenlock Road, London, N1 7GU, United Kingdom
  • Company number: 09383239
  1. How to contact us about your rights and data

We have appointed Kieron Heath who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us using the details set out below.

By email at: hello@dispensarygreen.com

We are regulated by the Information Commissioner’s Office (“ICO”) and you have the right to make a complaint at any time to them. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

  1. Third party links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. When you leave our website, we encourage you to read the privacy policy of every website you visit, connect with, or are referred to.

  1. Information collected about you

We have set out below the personal information about you we may collect, use, store and transfer when you interact with us through Lyphe Dispensary. Personal information means any information from which we can identify you, it does not include information we collected on an anonymous basis.

  • Identity & Contact Data includes your title, first name, last name, date of birth, email address, home address, telephone number, whether you are a Patient, Carer or Doctor, and in the case of Doctors, the name of your clinic or GP practice, and address. As part of our verification checks, we also collect a copy of your valid ID (passport, driving licence etc.) as well as a scan of your face, using secure facial recognition technology.
  • Medical & Prescription Data: as our Services assist you to manage your medical cannabis prescriptions, naturally we collect various information about your medical situation and your prescriptions, including information about your prescription such as its unique ID number and the type, brand and quantity of medication, as well as any other information your doctor may include on your prescriptions. We will also collect and store the physical copy of your prescription you send to us via the post.
  • Financial Data & Transaction Data: includes your payment card details, billing address, as well as details about payments to and from you and other details of any purchases you have made from us.
  • Profile Data: includes your username and password, details of your account, information about the prescriptions and orders made by you, your profile and account preferences, and any information provided through direction interactions with us. In addition, if you are a Carer or Doctor, we also collect the following information:
    • Carers: details about any patients you add to your account (such as their name, date of birth and their address).
    • Doctors: your GMC reference number, your field of specialism (e.g., pain, neurology, paediatrics etc.), details on any CQC checks against your clinic or GP practice, details of any patients you add to your account.
  • Usage Data: includes information created about you through your use of our Services, such as unique identifiers, activity logs, and your interactions with us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website or Services.
  • Marketing & Communications Data includes your preferences in receiving marketing from us and our third parties, other interactions with us, such as feedback to surveys or with our technical support or customer services teams, as well as your communication preferences.

We also collect, use and share aggregated data about you. This includes statistical or demographic data, which could be derived from your personal information but is not considered personal information in its own right as, on its own, it cannot be linked to you or reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature. We may also use software to analyse your Usage Data and Technical Data in order to improve our Website and our Services. However, if we combine or connect Aggregated Data with your personal information so that it can be linked to you or can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this privacy policy.

Our Services do involve the collection of certain types of information which we treat particularly sensitively. We refer to this information as “Special Category Data” and it includes:

  • information about your health, in particular your health Medical & Prescription Data; and,
  • biometric data, in particular when we use facial recognition technology to verify your account.

We have implemented additional safeguards with regard to the collection, use and storage of this data.

How your information is collected

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your Identity, Contact, Financial, Medical & Prescription, Profile, Marketing and Communications Data by interacting with us through our website or Services, filling in forms or completing our registration process, or by corresponding with us. If you are a Carer or Doctor, this will also extend to information about your Patients.

This includes personal information you provide when you:

  • create and verify your account;
  • upload and manage your prescriptions;
  • pay for your prescriptions;
  • subscribe to any of our mailing lists or request marketing to be sent to you;
  • select your marketing and communications preferences;
  • complete a survey; or
  • give us feedback or contact us.

When using the Services. Through your use of our Services, we will collect, process and store your Medical & Prescription Data, Usage Data and Transaction Data, specifically:

  • we will create records of your prescriptions when we process any paper copies of those prescriptions you upload using the Services;
  • we will generate Usage and Transaction Data as you order and pay for subscriptions and, more generally, interact with your account.

Automated technologies or interactions. As you interact with both our Website and Services, we automatically collect various information about you, such as the device you use when you interact with us, browsing actions and patterns. We collect this personal information by using cookies, server logs and other similar technologies.

Third parties including publicly available sources. We will receive personal information about you from various third parties as set out below:

  • Identity & Contact Data from the following parties:
    • Doctors & Carers: when either your Carer or Doctor provides us with your personal information on your behalf.
    • Get Address: we utilise the Get Address lookup tool to help you complete your address details. This tool works by cross-referencing the Ordnance Survey’s complete list of UK postcodes with various other data sources.
    • GMC & CQC: For doctors registering an account with us, we verify both your status as a doctor, as well as that of your clinic or GP practice, with the General Medical Council and Care Quality Commission, respectively.
  • Technical Data from the following parties:
    • analytics providers;
    • advertising networks; and
    • search information providers.
  • Contact, Financial and Transaction Data from providers of technical, payment and delivery services, such as our third-party payment processors, or social media platforms, where you sign up to Lyphe Dispensary through referrer from these platforms.
  1. How we use your information

We collect, process, store and disclose personal information for a variety of different reasons, but in all cases only to the extent the law allows us to.

Data protection laws require that organisations processing personal information set out the specific legal reason (known as the ‘lawful basis’s) on which they rely to process that information.

We rely on the following lawful bases for processing your personal information:

  1. Consent: we use your consent as a lawful basis for processing your personal information including for the purposes of sending marketing communications to you, in particular, where you register your interest with us through our website or otherwise. You have the right to withdraw consent at any time by contacting us, including by opting out through any marketing communication we may provide.
  2. Performance of Contract: where we need to perform the contract, we are about to enter into or have entered into with you.
  3. Legal Obligations: where we need to comply with a legal obligation
  4. Legitimate Interests: where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We rely on a wide range of legitimate interests as a business:
    • for marketing activities (other than where we rely on your consent);
    • to correspond or communicate with you;
    • to verify the accuracy of data that we hold about you;
    • to preserve the integrity of our network and information security and, in particular, for us to take steps to protect your information against loss or damage, theft or unauthorised access;
    • for prevention of fraud and other criminal activities;
    • to improve our Website, products and Services, in particular through analysing how you interact with us through our Website, products and Services to more generally improve your user experience;
    • for the management of queries, complaints, or claims, including when complying with a request from you in connection with the exercise of your data protection rights;
    • for the establishment and defence of our legal rights.

Special Category Data

For certain types of information identified in this policy as Special Category Data, we rely on the following lawful bases:

  • Medical & Prescription Data: for all health and medical related data you provide to us by uploading your prescriptions, we process this information in order to supply our Services to you (i.e., for the performance of our contract with you), and to deliver health care services to you (i.e., the provision of managed pain relief by fulfilling your prescription). As part of our rigorous standards, all services are provided under the ultimate supervision of a superintendent pharmacist.
  • Identity Data: in light of the sensitive nature of prescribed medicines, we want our verification process to be as rigorous as it can be. A key aspect of this process involves our use of facial recognition technology to scan your face against the ID you have submitted. When you scan your face using our verification tool, we ask you to confirm that you provide your Explicit Consent to your use of your image for this specific purpose. Our verification process is there to ensure we get the right prescriptions to the right people. However, if you are uncomfortable with providing consent to the use of our facial recognition technology, we can provide alternate means of ensuring your prescriptions reach you.

Summary of how and why we use your information

We have summarised below the various ways we use your personal information and our lawful basis for doing so.

Purpose / Activity

Type of data

Lawful basis for processing including basis of legitimate interest

To register your account for our Services

(a) Identity
(b) Contact
(c) Profile Data

Performance of a contract

To verify your identity and, in the case of doctors, to verify your credentials and those of your clinic of GP practice.

(a) Identity
(b) Contact
(c) Profile Data
(d) Special Category Data (namely a facial recognition scan)
(e) Communications

Your Explicit Consent and, additionally, in relation to doctors,
(a) Performance of a contract; and
(b) Necessary for our legitimate interests

To manage and process your prescriptions

(a) Identity
(b) Contact
(c) Special Category Data (namely your Medical & Prescription Data)
(d) Profile
(e) Usage
(f) Technical
(g) Communications

(a) Performance of a contract
(b) Necessary for our legitimate interests (for running our business, provision of administration, to prevent fraud and for audit purposes) and, for Medical & Prescription Data
(c) For the purpose of providing you with health services (in this case, managed pain relief medication), under the supervision of a superintendent pharmacist.

To facilitate and process your orders and the delivery of your prescriptions:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us

(a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Communications

(a) Performance of a contract
(b) Necessary for our legitimate interests (for our audit purposes and to act as a record that prescriptions have been processed and payment has been made)

Where you are using our Services to manage prescriptions on behalf of a patient, either as a Carer or Doctor

(a) Identity
(b) Contact
(c) Special Category Data (namely the Medical & Prescription Data of your patient)
(d) Financial
(e) Transaction
(f) Communications

(a) Performance of a contract
(b) Necessary for our legitimate interests (for our audit purposes) and, for Medical & Prescription Data
(c) For the purpose of providing your patient with health services (in this case, managed pain relief medication).

To manage our relationship with you which will include:
(a) Notifying you about changes to our terms or privacy policy
(b) Asking you to leave a review or take a survey
(c) Notifying you about new releases, planned downtime and other changes to our products and Services.

(a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications

(a) Performance of a contract
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (for our audit purposes and to understand how customers use our products/services)

To enable you to participate in a survey or to obtain feedback from you

(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications

(a) Performance of a contract
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)

To administer and protect our business, our network and your data (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity
(b) Contact
(c) Technical
(d) Profile
(e) Usage

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation

To deliver relevant content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Technical

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To use data analytics to improve our products and Services, our website, as well as our marketing, customer relationships and user experiences

(a) Technical
(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

To make suggestions and recommendations to you about goods or services that may be of interest to you

(a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile
(f) Marketing and Communications

Necessary for our legitimate interests (to develop our products/services and grow our business)

  1. Cookies and other technologies

Cookies come in a variety of forms but are essentially small data files used to collect and store information about you. We use them on our website for a variety of different functions:

  • for the smooth and safe operation of Lyphe Dispensary and our website;
  • to manage your preferences and remember you for future visits;
  • to analyse how you use Lyphe Dispensary and our website to continually make improvements.

The majority of these cookies are linked to your browser session (session cookies) and disappear once you close your browser. Others remain on your device for a longer period (persistent cookies).

For further information about the cookies we use, please see our Cookie Policy.

  1. Our use of social media

We use social media platforms in a variety of different ways, including by publishing pages through which you can interact, running competitions or advertising to you using information you have provide those platforms or which has been provided by us or collected from our website. Our legal relationship with each platform will vary with the particular way we are using that platform.

We process your personal information using social media platforms as follows:

  • Pages. We use your personal information when you post content or otherwise interact with us on our official pages on Facebook, Instagram, LinkedIn, Twitter and other social media platforms. We also use the Page Insights service for Facebook, Instagram and LinkedIn to view statistical information and reports regarding your interactions with the pages we administer on those platforms and their content. Where those interactions are recorded and form part of the information we access through the Page Insights services, we and the relevant platform are joint controllers of the processing necessary to provide that service to us.
  • Targeted advertising. We use social media platforms (as well as search engines and third-party websites and other platforms to deliver targeted advertising to you via those platforms unless you object. You may receive advertising because you have previously interacted with us (such as by visiting one of our websites) or because of your profile on a social media platform on which you have an account. You can find out more by consulting the help pages of the relevant social media platform but in summary, we use social media platforms to send targeted advertising using two methods:
    • ‘Custom audience’ targeting. You may receive advertising based on information about you that we have provided to the platform or allowed it to be collected using cookies/pixels or code embedded in this Website (or a combination of the two). For example, we may target you if you have signed up to our mailing list and where cookies have detected that you have visited this Website in the last month. Please see the paragraph below regarding our use of cookies to send targeted advertising using social media.
    • ‘Lookalike audience’ targeting. You may also receive advertising because, at our request, the social media platform has identified you as falling within a group or ‘audience’ whose attributes we have selected, or a group that has similar attributes to you (or a combination of the two).

Information we send using social media cookies

We also use cookies and similar technologies to collect and send information to Facebook (who operates the Facebook and Instagram platforms), LinkedIn and Twitter about actions you take on our website or through our Services. In particular:

  • Facebook (who operate the Facebook and Instagram platforms) uses this information to provide services to us and also for further processing for its own business purposes. We and Facebook are joint controllers of the processing involved in collecting and sending your personal information to Facebook using cookies and similar technologies as each of us has a business interest in Facebook receiving this information. You can find out more about these technologies by visiting our Cookie Policy. The services we receive from Facebook that use this information are delivered to us through Facebook’s Business Tools, which include Facebook Login (Facebook’s single sign-on service, see above), Facebook Pixel and Website Custom Audiences (which includes ‘lookalike audience’ targeting). The data from these tools allows us to target advertising to you within Facebook’s social media platform by creating audiences based on your actions on our website and applications. They also allow Facebook to improve and optimise the targeting and delivery of our advertising campaigns for us. Please see the paragraph above for further information.
  • We use LinkedIn Insight Tag, a small piece of code that we embed in this Website that allows us to perform in-depth campaign reporting and unlock insights about users that may visit this Website via our LinkedIn campaigns (e.g. by allowing us to discover business demographics by layering LinkedIn data on data about our website’s visitors). LinkedIn Insight Tag enables the collection of metadata such as IP addresses, timestamps, and events such as page views. You can find out more about these technologies by visiting our Cookie Policy.

Our relationship with Facebook, LinkedIn and Twitter. As we are joint controllers with these platforms for certain processing, we and each platform have:

  • entered into agreements in which we have agreed each of our data protection responsibilities for the processing of your personal information described above;
  • agreed that we are responsible for providing to you the information in this privacy statement about our relationship with each platform; and
  • agreed that each platform is responsible for responding to you when you exercise your rights under data protection law in relation to that platform’s processing of your personal information as a joint controller.

Facebook, LinkedIn and Twitter may also process, as our processors, personal information that we submit for the purposes of matching, online targeting, measurement, reporting and analytics purposes. These services include the processing these platforms carry out when they display our advertisements to you in your news feed at our request after matching contact details for you that we have uploaded to them. These advertisements may include forms through which we collect contact information you give to us.

Further information. The Facebook company that is a joint controller of your personal information is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The LinkedIn company that is a joint controller of your personal information is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. For further information regarding these platforms and their use of your personal information, please see:

  1. Information sharing and disclosure

We share the information we collect or that is provided to us as follows:

Sharing with our Group Company

Lyphe Dispensary is part of the Lyphe Group, a UK-based provider of patient-focused medical cannabis solutions (our “Group Company”).

We share the information we collect and process about you with our Group Company for a variety of reasons. In particular:

  • Our Group Company may assist us in the performance of certain processing activities described in this policy. As the controller of your personal information, when we do share your information for these reasons, we decide why and how it is processed.
  • If, and to the extent that, your personal information is sent to our Group Company for a processing purpose that is in both our and their interests or where we make decisions together in relation to that particular processing, we will be “joint controllers” with the organisations involved. Where this applies, we and the other organisation will be jointly responsible to you under data protection laws for this processing.
  • Our Group Company may require your personal information solely for its own business use (such as for auditing or business reporting purposes). In such circumstances it will be an independent controller, separately responsible to you for that processing (and performed in accordance with its own privacy policy).

Sharing with our Partners

We may share your personal information with the organisations listed below for the purposes we have identified above:

  • Project Twenty21: the international trial into medical cannabis treatment, monitored by Drug Science and with whom we may share aggregated information with (if you are a T21 candidate) for the purpose of them running that trial. This will not identify you.
  • The Medical Cannabis Clinics: cross-refer with their database for those patients that are due a follow up appointment or running out of medications and require a repeat prescription.

If you are a Patient, we also share your personal information with Carers and Doctors, as necessary, to fulfil prescription orders.

Sharing with our Suppliers

External Third Parties, who help us provide our Services. Currently, we use the following trusted Partners:

Recipient / relationship to us

Industry sector (and sub-sector)

Advertising, PR, digital and creative agencies

Media (Advertising & PR)

Banks, payment processors and financial services providers

Finance (Banking & Payment Processing)

CCTV administration and monitoring service providers

Surveillance (CCTV)

Cloud software system providers, including database, email and document management providers

IT (Cloud Services)

Customer care/services providers

Customer Services (Support)

Delivery and mailing services providers

Logistics (Delivery Service)

Facilities and technology service providers including scanning and data destruction providers

IT (Data Management)

Social media platforms

Media (social media)

Gift card service providers

Customer Services (Support)

Health and safety claims administrators and consultants

Health & Safety (Claims)

Insurers and insurance brokers

Insurance (Underwriting & Broking)

Legal, security and other professional advisers and consultants

Professional Services (Legal & Accounting)

Market and customer research providers

Media (Market Research)

Website and data analytics platform providers

IT (Data Analytics)

Website and App developers

IT (Software Development)

Website hosting services providers

IT (Hosting)

WIFI and other communication service providers

IT (Telecommunications)

International Transfers

Some of the information you provide to us may be transferred to countries outside the UK and European Economic Area (“EEA”). These countries may not have similar data protection laws to the UK and EEA.

Where we transfer your information outside of the UK and EEA in this way, we take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected in the ways required by data protection law as outlined in this policy. These steps include imposing contractual obligations on the recipient of your personal information. Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy or access to the relevant documents.

If you use our Services whilst you are outside the UK and EEA, your information may be transferred outside the UK and EEA in order to provide you with those services.

  1. How we safeguard your data

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

  1. Retention and Deletion

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

As a general rule we retain your personal information for 7 years from the date our relationship with you ends, however we apply shorter/longer retention periods for the following information:

  • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law;
  • you exercise your right to require us to retain your personal information for a period longer than our stated retention period;
  • we bring or defend a legal claim or other proceedings or receive complaints during the period we retain your personal information, in which case we will retain your personal information until those proceedings or complaints have concluded and no further appeals are possible;
  • we archive the information; in which case we will delete it in accordance with our routine deletion cycle; or
  • in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.

In some circumstances you can ask us to delete your data by contacting us.

In some circumstances we will anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

  1. Your information, your rights

You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to verify your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 1 month after we have received this information or, where no such information is required, after we have received full details of your request.

You can enforce your rights by contacting us, or in most cases, by deleting your account and/or by ending your use of our website, products or Services.

You have the following rights, some of which may only apply in certain circumstances:

  • to be informed about the processing of your personal information (this is what this statement sets out to do);
  • to have your personal information corrected if it is inaccurate and to have incomplete personal information completed;
  • to object to processing of your personal information;
  • to withdraw your consent to processing your personal information;
  • to restrict processing of your personal information;
  • to have your personal information erased;
  • to request access to your personal information and information about how we process it;
  • to electronically move, copy or transfer your personal information in a standard, machine-readable form; and
  • rights relating to automated decision making, including profiling.

To find out more about each of your rights, please click the ✓ icon next to each right above. To exercise these rights, please contact us using the details at the end of this policy.

You have the right to lodge a complaint with the UK data protection regulator. The contact details for the ICO, the data protection regulator in the UK, are available on the ICO website, where your personal information has or is being used in a way that you believe does not comply with data, however, we encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have.

  1. Updates to this Privacy policy

As we further enhance our Website, our Services and your user experience, we may make changes to this policy from time to time. If we make any major changes, or any changes which directly affect the services provided to you or the data collected or processed by us, we will notify you of those changes directly. For all other changes and enhancements, we will notify you by posting an updated version on our website. However, we encourage you to periodically review this policy for the most up to date version.