Flufree.com Is a Division of Passport Health
PASSPORT HEALTH, LLC
Passport Health (“we”, “us” or “Passport Health”) operates the website located at www.flufree.com (the “Site”). Passport Health also sells (at no cost) a mobile application under the same name. We respect the privacy of every individual who visits the Site or uses our app. This Privacy Statement outlines the types of information we collect when you use the Site, how we use that information, and the circumstances under which we may share that information.
This policy applies to information we collect:
- On this Site.
- In email, text, and other electronic messages between you and this Site.
- Through mobile applications you download from this Site or which we offer relating to the Site, which provide dedicated non-browser-based interaction between you and this Site.
It does not apply to information collected by:
- Us offline or through any other means, including on any other website operated by us or any third party, or
- Any third party, including through any application or content (including advertising) that may link to or be accessible from the Site.
This Statement will also tell you what to do if you do not want your personal information collected or shared by us. If you have any questions about how we collect, use and share your data, please email us at
We do not sell your personal information.
2. Your Acceptance of These Terms
Passport Health reserves the right to change its practices at any time, may update the Privacy Statement at any time and has no obligation to provide you actual notice of these changes. If we do choose to update our privacy practices, we will also update this Privacy Statement accordingly. By using the Site, you signify your consent to our Privacy Statement. If you do not agree with this Statement, please do not use the Site. Your continued use of the Site following the posting of changes to its terms means you accept those changes.
3. Personally Identifiable Information
Personally identifiable information is defined as information that can be used to trace an individual’s identity. Certain types of personally identifiable information exist standing alone, such as your name or social security number. Other types of information turn into personally identifiable information when they are combined with other identifying information that can be linked to a specific individual, such as a date and place of birth or your mother’s maiden name.
There are certain cases where, when you interact with the Site, we may ask you for personally identifiable information. The type of information we collect through the Site may include:
- Information that you provide by filling in forms on the Site. This includes information provided at the time of registering to use the Site or requesting further services, including booking appointments. We may also ask you for information if you report a problem with our Site.
- Records and copies of your correspondence (including email addresses) if you contact us.
- Your responses to surveys that we might ask you to complete for customer service purposes.
- Details of transactions you carry out through the Site, including booking appointments, and the fulfillment of your orders.
If you book an appointment with us, we may use your personally identifiable information to contact you regarding that appointment, or any follow-up after the appointment has concluded.
Sometimes, this personally identifiable information can also be categorized as “private information” – specifically, under New York’s Stop Hacks and Improve Electronic Data Security (“NY SHIELD”) Act. This is usually defined as a combination of different types of personal data.
Personal information does not include publicly available information from government records, or deidentified or aggregated customer information.
We will not collect any personally identifiable information about you unless you provide it to us voluntarily.
Disclosure of your PII
When you provide us with personally identifiable information, Passport Health may:
- store and process that information to better understand your needs, customize your experience, and improve our products and services;
- use that information to contact you via email, text message and postal mail for informational, marketing, and promotional purposes;
- disclose that information to third parties when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) Passport Health’s rights or property, other users of the Site, or anyone else that could be harmed by such activities;
- disclose that information to third parties when we believe in good faith that the law requires it.
We limit the ways in which we use the information you provide to us. Except as stated in this Privacy Statement, or as otherwise stated at the time the personally identifiable information is gathered, we will not provide personally-identifiable information to third parties. However, certain non-personally identifiable user information may be provided in aggregate form to third parties for legitimate business purposes other than identifying you.
4. Sensitive Personal Information
Some of the information we may ask you for and collect when you provide it to us may be categorized as “Sensitive Personal Information.” This type of information will be sought in rare circumstances, and only in ways which should be obvious to you why and how we are asking for the SPI. In the context of this Site, possible SPI includes personal information that reveals:
- your social security, driver’s license, state identification card, or passport number;
- account log-in, financial account, debit card, or credit card numbers in combination with any required security or access code;
- password, or credentials allowing access to an account;
- precise geolocation;
- racial or ethnic origin;
- genetic data, including,
- the processing of biometric information for the purpose of uniquely identifying a consumer; or,
- personal information collected and analyzed concerning a consumer’s health.
5. Financial Information
Passport Health may ask you for your credit card number and related personal financial information when you order goods or services from our Site or when you book an appointment online. We will use your credit card information for processing orders and/or reserving your appointment. We may share this information with credit card processing companies and any other third party that may need the information to process your orders. These organizations have their own privacy and data collection practices, and we have no responsibility for these independent policies. Currently, we use Paya and Sage for our payment processing through the Site. Their privacy statement and related policies can be found here.
6. Non-Personally Identifiable Information
Passport Health may collect information about you that is not personally identifiable. This type of information includes your age, gender, zip code, area code, interests, and preferences. We will not collect any such information about you unless you provide it to us voluntarily. We may share this information in the aggregate with advertisers, business partners, sponsors, and other third parties. For example, we may inform a business partner that the users of the Site are X% females and Y% males. This type of non-identifiable data is used by us and our vendors to customize our Site’s content. We may also use the data to make visits to the Site easier, quicker, and better for you and our other users.
We also may track certain information about your visit to the Site, including (without limitation) pages viewed, clickstreams, and searches. Such information is gathered in aggregate and is not linked to any specific users. Our explanation about this tracking is explained in further detail in our Automatic Data Collection Statement.
7. Modification of Information and Opt-Out
We respect your time (and your inbox) and honor CAN-SPAM. If you registered to receive emails from us, we may occasionally send you emails about products and services we believe may be of interest to you. If you do not want to receive these emails, you should click on “Unsubscribe” at the bottom of the email. We will honor all opt-out requests within 10 business days, if not sooner.
8. Your Statutory Data Privacy Rights – CA residents
The CCPA/CPRA provides consumers (California residents) with specific rights regarding their personal information. This section describes your rights under California law and explains how to exercise those rights.
Right to Know and Data Portability
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or disbursing that personal information.
- The categories of third parties with whom we share that personal information.
- If we disclosed your personal information for a business purpose, two separate lists disclosing:
- Sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- The specific pieces of personal information we collected about you (also called a data portability request).
Right to Delete
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
Exercising Your Rights to Know or Delete
To exercise your rights to know or delete described above, please submit a request by either:
Calling us at (844) 224-3177
Filling out the online form here.
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information.
You may also make a request to know or delete on behalf of your child by contacting us in the same manner as directed above, and providing additional information with respect to the data you are seeking for your child, including specific identifying information so we can verify the relationship.
You may only submit a request to know twice within a 12-month period. Your request to know or delete must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative;
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
You do not need to create an account with us to submit a request to know or delete. However, we typically consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.
We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.
Response Timing and Format
We will confirm receipt of your request within ten business days.
We endeavor to substantively respond to a verifiable consumer request within forty-five days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically, Microsoft Excel and/or Word.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Non-Discrimination For CCPA Invocation
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
9. Information Collected Automatically
Passport Health may also automatically collect non-personally identifiable information about your use of the Site, such as the domain from which you access the Internet (for example, aol.com, if you are connecting from an America Online account), the date and time you access the Site, and the Internet address of the website from which you linked directly to our Site. This information will not be linked to personally-identifiable information. We may use this information to analyze and enhance our Site and for security purposes, and we may aggregate this information and share the aggregated information with business partners, sponsors, and other third parties.
10. Compliance With the Health Insurance Portability and Accountability Act (HIPAA)
Passport Health utilizes electronic protected health information security measures with the goal ensure the confidentiality, integrity and availability of health information for its customers. Before you visit an in-person Passport Health location, you will have to sign and agree to our HIPAA Statement and Consent Form. This form will be made available to you electronically once you make an appointment at Passport Health. A paper copy of this form is also available at each of our offices and can be completed at the time of the appointment if it was not completed electronically prior to the appointment. You can view the form and our policy statement regarding HIPAA by clicking here.
11. Child Online Privacy Protection Act (COPPA)
The Site is not directed at individuals under thirteen years of age, and Passport Health does not intend to collect any personally identifiable information from such individuals through the Site. However, a parent or guardian may use the Site to make an appointment for a child under the age of thirteen, and if the parent or guardian makes such an appointment, they may be required to submit PII for the child.
Each individual Passport Health location may be owned by a franchisee, which is a separate legal entity from us. As a result, we may share certain data with those individual franchisee entities so they can provide products and services to you, send you communications, and for analytical, reporting, and other legitimate business purposes. In addition, information that you share with any individual location or franchisee may be submitted back to us and maintained by us and may be shared with other franchisees. We have no responsibility or liability for the acts or omissions of any third party or any data privacy or security measures of any third party, including any third-party franchisee that may receive access to your data. This Statement only sets forth our business practices with respect to your data, and may not apply to what any Passport Health franchisee does.
13. Links to Third-Party Websites
Some third-party vendors have links on the Site that take you to other websites not owned or controlled by us. Those external third-party websites may collect personally identifiable information about you. This Privacy Statement does not cover third-party data collection practices. Passport Health has no control over, and no responsibility for, the data collection practices of any third-party website which you may visit after visiting this Site.
14. Our Site Security
Securing all personally identifiable information associated with our users is of the utmost concern to us. Unfortunately, we can’t ensure or warrant the security of any information you transmit to us or receive from our online products or services, and you choose to undertake those transmissions at your own risk. Once we receive your personally identifiable information, we will take reasonable efforts to ensure its security on our systems.
15. Your Security Responsibilities
As a client of Passport Health, you will be asked to complete an online medical history form through our electronic medical records (“EMR”) system, which is called PASSageware. The information kept in PASSageware is encrypted and password protected. You will be assigned a temporary password and login so you can access PASSageware to provide Passport Health with your personal medical history prior to your appointment. You should not share your PASSageware password with anyone.
Passport Health will never ask you for your PASSageware login information. You are responsible for maintaining the secrecy of your passwords and any account information.
16. Passport Health Mobile Application
Passport Health has developed a mobile application for consumers who are interested in accessing their electronic health records through their phone or tablet. Our app requires you to provide and transmit certain personally identifiable information when creating an account. This information falls under the Personally Identifiable Information section of this Privacy Statement. In addition, users of our app will have the ability to download their health records as well as upload their own supplemental documentation. This action will require that our app have access to your device’s internal storage to complete the download or upload request.
Our app allows users to view previous and upcoming appointments, and to add upcoming appointments to your device’s calendar application. Our app will need to access your device’s calendar to read the data and then create the appointment on the calendar. Our app does not use any of your calendar data outside of the intended in-app functionality, nor do we share this user data with any third parties.
17. Contact Information
If you have questions or concerns regarding this Privacy Statement and its enforcement by Passport Health, its employees or its franchisees, you can contact Passport Health at:
c/o Passport Health, LLC
4343 Outlier Boulevard
Phoenix, AZ 85008
Last updated: June 2, 2022