Effective Date: August 15, 2025

This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit our website or use our services. We are committed to safeguarding your data in accordance with internationally recognized privacy principles and applicable laws.

This may include general personal information, as well as limited health-related data, such as allergies, symptoms, or other relevant medical information, when necessary to fulfill your request or provide specific services.

By using this website, you agree to the collection and use of your information in accordance with this Privacy Policy.

  1. Information We Collect

    We may collect the following categories of information, depending on the nature of your interaction with our website or the type of form you submit:

    • Personal Information: This may include your name, email address, phone number, postal address, and any other information you provide when filling out forms on our website or when contacting us.
    • Employment and Educational Background: Information related to job applications, such as employment history, resume content, educational qualifications, and references.
    • Health or Sensitive Information: In certain cases, especially through online forms such as appointment, enrollment, consultation, or other service-related forms, we may collect health-related information, such as allergies, current symptoms, or other medical details that you voluntarily provide. This information is treated as sensitive and is collected solely to fulfill the specific service request
    • Usage Information: We may collect information about your interactions with our website and services, such as your IP address, browser type, operating system, and browsing behavior. This data helps us improve our site’s performance and user experience.
    • Cookies: We use cookies and similar tracking technologies to collect information about your browsing preferences, such as the pages you visit, the links you click, and other actions you take on our website.
    • Other Information You Voluntarily Provide: Any information you choose to share with us through open-form text fields or uploaded documents.

  2. How We Use Your Information

    Legal Basis for Processing

    We process personal data based on one or more of the following: your consent, the need to perform a contract or respond to your inquiries, compliance with legal obligations, or our legitimate business interests.

    We may use your personal information for the following purposes:

    • To communicate with you and respond to your inquiries submitted through our contact forms or other channels.
    • To process applications, registrations, reservations, or other service-related requests.
    • To fulfill the specific service or transaction you initiated through our website.
    • To send reminders or confirmations about your appointments, submissions, or service status.
    • To provide and maintain our products and services.
    • To improve and personalize your experience on our website.
    • To monitor and analyze website usage and trends.
    • To send you marketing communications, promotions, and updates if you have provided your consent.
    • To comply with legal obligations or respond to lawful requests from authorities.
    • To detect, prevent, and address fraud, abuse, security risks, or technical issues.

  3. Sharing Your Information

    We do not sell your personal data. However, we may share your information with third parties in the following cases:

    • Authorized Personnel or Service Providers: Your information may be accessed by authorized personnel or third-party service providers strictly for the purpose of fulfilling your requests, processing transactions, or maintaining and improving our website and services.
    • Legal Requirements: We may disclose your information if required by law, such as in response to a court order, legal process, or a request from government authorities.
    • Third-Party Tools and Analytics: We may use third-party services (e.g., Google Analytics), advertising platforms, or embedded tools that help us understand how visitors interact with our website. These tools may collect information such as IP address, browser type, and page activity, and may use cookies or tracking technologies to perform their functions.

  4. International Data Transfers

    Your information may be transferred to and processed in countries outside of your own, including locations where our service providers or technical teams operate. These countries may have different data protection standards, but we implement appropriate safeguards to ensure that your information is handled in accordance with applicable privacy laws and internationally recognized data protection principles.

  5. Data Security

    We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. Sensitive data, such as health-related information, is subject to additional security controls to help ensure its confidentiality and integrity.

    However, no data transmission over the internet can be guaranteed to be completely secure. We encourage you to take appropriate precautions when submitting personal information online.

  6. Data Breach Notification

    In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected individuals and regulatory authorities in accordance with applicable data privacy laws. We are committed to acting promptly and transparently to mitigate any impact.

  7. Sensitive Personal Information

    In some cases, we may collect sensitive personal information to fulfill specific services. This data is collected only, when necessary, with your explicit consent, and is handled in strict accordance with applicable data privacy laws.

    It is treated with the highest level of confidentiality and is accessible only to authorized personnel.

  8. Data Retention

    We retain personal data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by applicable law.

    When personal data is no longer needed, we take appropriate steps to securely delete, anonymize, or de-identify it.

  9. Your Rights

    Depending on your location and applicable law, you may have the right to:

    • Request access to, correction of, or deletion of your personal information.
    • Request restriction of processing of your data, subject to legal exceptions.
    • Withdraw previously granted consent.
    • Object to or restrict certain data uses of your data.
    • Request a copy of your data in a portable format.
    • Opt out of receiving promotional communications.

    To exercise these rights, please contact us using the communication method provided on the website where your data was collected.

  10. Children’s Privacy

    Our website is not intended for use by children under the age of 13 (or the equivalent minimum age under your local laws), unless the website or service is specifically designed for children, such as pediatric care or child-focused programs.

    For child-related services, we may collect personal information from minors only when necessary to fulfill a specific service request (e.g., appointment scheduling, enrollment, or medical consultations) and only with verifiable consent from a parent or legal guardian.

    For websites or services clearly intended for adults (e.g., 18+ products), individuals under the age of 18 should not submit personal information.

    If we become aware that we have collected personal data from a minor without the required consent, we will take appropriate steps to delete the information.

  11. Changes to This Privacy Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.

    Any updates will be posted on this page, and the “Effective Date” at the top of the policy will be updated accordingly. We encourage you to review this policy periodically to stay informed about how we protect your information.

  12. Contact Us

    If you have any questions, concerns, or requests regarding this Privacy Policy or how your personal information is handled, please contact us using the communication method provided on the website where your data was collected.

NOTICE OF PRIVACY PRACTICES — FEDERAL & CONNECTICUT STATE LAW

[BRISTOL PHARMACY]

HIPAA Notice of Privacy Practices

Effective Date: August 15, 2025 | Last Revised: May 13, 2026

State of Connecticut — Licensed Retail Pharmacy

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Sections marked with this symbol Connecticut Law reflect additional protections provided under Connecticut state law, which in these areas is more stringent than federal HIPAA requirements.

  1. Our Legal Duty

    [Your Pharmacy Name] (“we,” “our,” or “the Pharmacy”) is required by law to maintain the privacy of your protected health information (“PHI”) and to provide you with this Notice of our legal duties and privacy practices. We are required to abide by the terms of this Notice while it is in effect and to notify you following a breach of your unsecured PHI. We reserve the right to change the terms of this Notice at any time as permitted by law, and to make changes effective for PHI we already hold. A current copy of this Notice is posted in our pharmacy and on our website. You may request a paper copy at any time.

    • Connecticut Law: Under Connecticut General Statutes (C.G.S.) § 4-190 et seq. (Connecticut Privacy Act) and § 38a-988 et seq., Connecticut residents have additional rights regarding the privacy of personal data, including health information. Where Connecticut law affords greater protection than federal HIPAA, we comply with the stricter Connecticut standard.

  2. How We May Use and Disclose Your Health Information

    The following categories describe the ways we may use and disclose your PHI. Not every use or disclosure will be listed, but all permitted uses and disclosures fall within one of these categories.

    • Treatment: We may use and disclose your PHI to provide, coordinate, or manage your healthcare and related services, including sharing medication information with your prescribing physician, specialist, or other pharmacies involved in your care.
    • Payment: We may use and disclose your PHI so that we or others may bill and receive payment for pharmacy services you receive, including disclosures to your health plan or insurer./li>
    • Healthcare Operations: We may use and disclose your PHI for internal pharmacy operations including quality assurance, staff training, compliance reviews, and general administration.
    • As Required by Law: We will disclose your PHI when required by federal, state, or local law, including court orders, lawful subpoenas, or law enforcement requests as permitted under HIPAA.
    • Public Health Activities: We may disclose your PHI to public health authorities for adverse drug event reporting, product recalls, communicable disease reporting, or FDA-required disclosures.
    • Health Oversight Activities: We may disclose your PHI to oversight agencies such as the Connecticut Department of Consumer Protection — Drug Control Division, the DEA, or the Connecticut Insurance Department for audits, inspections, and licensure.
    • Abuse or Neglect Reporting: We may disclose your PHI to appropriate authorities if we believe you are a victim of abuse, neglect, or domestic violence, as required or permitted by law.
    • Serious Threats to Health or Safety: We may use or disclose your PHI when necessary to prevent a serious and imminent threat to your health or safety or the health or safety of others.
    • Business Associates: We may disclose your PHI to third-party business associates performing services on our behalf. These entities are required to safeguard your PHI under HIPAA-compliant Business Associate Agreements.
    • Connecticut Law: Connecticut Prescription Monitoring Program (PMP): Under C.G.S. § 21a-254a, we are required to report all dispensed Schedule II–V controlled substance prescriptions to the Connecticut PMP administered by the Department of Consumer Protection. This reporting is required by law and does not require your separate authorization.
    • Connecticut Law: Confidentiality of Alcohol and Drug Treatment Records: Under C.G.S. § 17a-688 and federal 42 CFR Part 2, records related to substance use disorder treatment receive heightened protection and generally may not be disclosed without your specific written consent, except in limited circumstances (e.g., medical emergencies, court orders, or child abuse reporting).

  3. Uses and Disclosures Requiring Your Authorization

    Other uses and disclosures of your PHI not described in this Notice will be made only with your written authorization, unless otherwise required by law. This includes: (a) most uses and disclosures of psychotherapy notes; (b) uses and disclosures for marketing purposes; and (c) disclosures that constitute a sale of PHI. You may revoke any authorization at any time in writing, except to the extent action has already been taken in reliance on it.

    • Connecticut Law: Mental Health Records — Connecticut Law: Under C.G.S. § 52-146d et seq. (Psychiatric Patient Advocate Act) and § 17a-688, mental health and substance use disorder records in Connecticut carry additional confidentiality protections beyond federal HIPAA. Disclosure of such records generally requires your specific written consent and may not be made based on a general HIPAA authorization alone.
    • Connecticut Law: HIV/AIDS-Related Information — Connecticut Law: Under C.G.S. § 19a-583, HIV-related test results and treatment information may not be disclosed without your specific written consent, with narrow exceptions (e.g., licensed healthcare provider treatment, court order). We will not disclose HIV-related PHI from your pharmacy records without your explicit written authorization except as required by law.

  4. Your Rights Regarding Your Health Information

    You have the following rights with respect to your PHI. To exercise any right, please submit a written request to our Privacy Contact listed in Section 6.

    • Right to Inspect and Copy: You have the right to inspect and obtain a copy of your PHI in our designated record set, including prescription records. We may charge a reasonable, cost-based fee for copies and may deny requests in limited circumstances.
    • Right to Request an Amendment: You have the right to request amendment of your PHI if you believe it is incorrect or incomplete. We may deny your request if we determine the information is accurate and complete.
    • Right to an Accounting of Disclosures: You have the right to request a list of certain disclosures of your PHI made in the six years prior to your request, excluding disclosures for treatment, payment, operations, or those you authorized.
    • Right to Request Restrictions: You have the right to request restrictions on certain uses and disclosures. We are not required to agree, except that if you pay out-of-pocket in full for a service, we must honor your request not to disclose information about that service to your health plan.
    • Right to Request Confidential Communications: You have the right to request we contact you through alternative means or at alternative locations. We will accommodate reasonable requests.
    • Right to a Paper Copy of This Notice: You may request a paper copy of this Notice at any time, even if you previously agreed to receive it electronically.
    • Right to Be Notified of a Breach: You have the right to be notified if there is a breach of your unsecured PHI, as required under the HITECH Act and applicable law.
    • Connecticut Law: Connecticut Data Breach Notification: Under C.G.S. § 36a-701b (Connecticut’s data breach notification law, as amended by Public Act 21-59), if a security breach involving your PHI or personal information occurs, we are required to notify you without unreasonable delay and no later than 60 days after discovery of the breach. Notification must include specific information about the breach and steps you can take to protect yourself. Credit monitoring services may also be required.
    • onnecticut Law: Right to Access Pharmacy Records: Under Connecticut pharmacy practice law (C.G.S. § 20-633b) and regulations of the Department of Consumer Protection, you have the right to access your prescription records maintained by this pharmacy. Requests may be made in writing to the pharmacist-in-charge.

  5. Pharmacy-Specific Privacy Practices

    As a Connecticut licensed retail/community pharmacy, we are committed to protecting your privacy in all aspects of our operations:

    • Prescription Pick-Up: We take reasonable steps to limit incidental disclosures at the pharmacy counter, including the use of privacy screens, consultation areas, and trained staff.
    • Prescription Records: Your prescription history and related PHI are stored securely and accessible only to authorized pharmacy personnel on a need-to-know basis.
    • Electronic Prescribing: We handle electronically transmitted prescriptions in accordance with HIPAA Security Rule requirements and Connecticut e-prescribing regulations under C.G.S. § 20-619(g).
    • Online and Telepharmacy Refills: If you use our telephone refill line or online/mobile refill services, your PHI is protected using industry-standard security safeguards.
    • Controlled Substances: Dispensing of controlled substances is reported to the Connecticut PMP as required by law. Federal DEA and state DCP regulations govern all controlled substance records.
    • Connecticut Law: Connecticut Licensed Pharmacist Obligations: Under C.G.S. § 20-570 et seq. and Connecticut Pharmacy Practice Act regulations, licensed pharmacists in Connecticut are independently obligated to maintain patient confidentiality as a condition of licensure. Violations may be reported to the Connecticut Department of Consumer Protection, Drug Control Division.
    • Connecticut Law: Patient Counseling: Under Connecticut regulations (Conn. Agencies Regs. § 20-576-28), pharmacists are required to offer counseling on new prescriptions. Information shared during counseling is treated as confidential PHI and is protected under both HIPAA and Connecticut law.
    • Connecticut Law: Minor Patients: Connecticut law (C.G.S. § 19a-14c) permits minors to consent to certain healthcare services (e.g., sexual health, substance use treatment) without parental consent. When a minor has the right to consent independently, the corresponding PHI may be withheld from parents or guardians to the extent required or permitted by law.

  6. Privacy Contact, Complaints, and State Resources

    If you have questions about this Notice or wish to exercise your rights, please contact:

    • Privacy / Compliance Contact Bristol Pharmacy 194 Main St. Bristol, CT 06010-6308 Phone: (860)-845-5634 Email: BristolpharmacyCT@outlook.com Hours: Monday to Friday: 8 am to 6 pm, Saturday: 8 am to 2 pm

      • If you believe your privacy rights have been violated, you have the right to file a complaint with us, with the U.S. Department of Health and Human Services, or with the applicable Connecticut state agency — without fear of retaliation.

    • Federal — HHS Office for Civil Rights (HIPAA Complaints) 200 Independence Avenue, S.W., Washington, D.C. 20201 Toll-Free: 1-800-368-1019 | TDD: 1-800-537-7697 Website: www.hhs.gov/ocr/privacy/hipaa/complaints/
    • Connecticut — Department of Consumer Protection, Drug Control Division 450 Columbus Blvd., Suite 901, Hartford, CT 06103 Phone: (860) 713-6065 Website: portal.ct.gov/DCP
    • Connecticut — Office of the Attorney General (Data Privacy / Breach) 165 Capitol Avenue, Hartford, CT 06106 Phone: (860) 808-5420 Website: portal.ct.gov/AG

We will not retaliate against you in any way for filing a complaint with us or with any government agency.

This Notice is provided in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the HITECH Act of 2009; Connecticut General Statutes including C.G.S. §§ 4-190 et seq., 19a-583, 21a-254a, 36a-701b, 52-146d et seq.; and all applicable federal and Connecticut state regulations governing pharmacy practice and health information privacy. Connecticut Licensed Retail Pharmacy | [Your Pharmacy Name] | [City, CT]