Privacy Policy

Last Updated: January 2026

At Wellness Link Barbados (“we,” “our,” or “us”), we are committed to protecting your privacy and handling your personal information with care and transparency.

This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website (https://wellnesslinkbarbados.com) or use our concierge services.

1. Who We Are

Wellness Link Barbados is a concierge and coordination service based in Barbados. We connect clients with medical providers, wellness practitioners, and travel services.

Important: We are not a healthcare provider and do not provide medical treatment or diagnosis. However, we do collect and securely store basic medical information through our HIPAA-compliant client portal to facilitate care coordination with healthcare providers. All medical information is handled through secure, encrypted systems that comply with international healthcare privacy standards.

2. Information We Collect

We collect information necessary to coordinate services and ensure your safety and satisfaction:

Contact Information:

  • Name
  • Email address
  • Phone number
  • Preferred contact method
  • Mailing address

Service Preferences:

  • Type of services you’re interested in (medical concierge, wellness retreats, etc.)
  • Preferred travel dates
  • Budget range
  • Special requests or preferences
  • Accommodation preferences

Payment Information:

  • Billing address
  • Payment method details (processed securely through third-party payment processors)

Medical and Health Information (Collected via Secure Portal):

  • Basic medical history relevant to care coordination
  • Current medications and allergies
  • Health goals and treatment preferences
  • Previous medical procedures or diagnoses
  • Any health information necessary to match you with appropriate providers

How We Collect Medical Information:
All medical and health information is collected through our secure, HIPAA-compliant client portal using encrypted transmission and storage. We only collect information necessary for coordinating your care with healthcare providers.

Website Usage Information:

  • IP address
  • Browser type
  • Device information
  • Pages visited
  • Time and date of visits
  • Referring website

What We Do NOT Collect:

  • Complete medical records (these remain with your healthcare providers)
  • Medical imaging or lab results (unless you choose to share for coordination purposes)
  • Social Security numbers or government ID numbers
  • Credit card information (processed through secure third-party processors)

3. How We Use Your Information

General Information Usage:

We use your contact and service information to:

  • Coordinate appointments with providers
  • Communicate about service options
  • Arrange travel and accommodation bookings
  • Process payments for our coordination services
  • Send appointment reminders
  • Respond to your inquiries
  • Improve our services
  • Send newsletters and updates (with your consent)

Medical Information Usage:

We use medical information you provide strictly for care coordination purposes:

  • Matching you with appropriate healthcare providers
  • Sharing relevant medical history with providers (with your consent)
  • Coordinating treatment plans between multiple providers
  • Ensuring provider awareness of allergies, medications, and health conditions
  • Facilitating communication between you and your healthcare team

We Do NOT:

  • Provide medical diagnosis or treatment
  • Act as your primary medical record keeper
  • Share your medical information without your explicit consent
  • Use your information for purposes other than those stated in this policy

4. How We Share Your Information

With Your Permission:

  • Your contact information with providers you choose to work with
  • Your travel preferences with accommodation and transportation services
  • Your service interests with relevant practitioners

Medical Information Sharing (With Your Explicit Consent Only):

  • Relevant medical history shared with healthcare providers you choose to work with
  • Health information shared between coordinating providers when managing your care
  • Medical details shared with accommodation providers only when medically necessary (e.g., accessibility needs, dietary restrictions)

Service Providers:

We share limited information with trusted service providers who help us operate:

  • Payment processors (for billing) – Stripe, PayPal
  • Email service providers (for communications)
  • Website hosting services
  • Booking platforms
  • Portal provider (Formaloo – HIPAA-compliant)

All service providers are bound by confidentiality agreements and Business Associate Agreements (for those handling medical information).

Legal Requirements:

We may disclose information when required by law:

  • In response to legal process (subpoena, court order)
  • To protect our rights or safety
  • To prevent fraud or illegal activity
  • To comply with healthcare privacy regulations

We Never:

  • Sell your personal information
  • Share your medical information without your explicit consent
  • Use your information for marketing purposes without consent
  • Share medical information with third parties not directly involved in your care

5. Medical Information Handling

How We Collect Medical Information:

When you engage our services, you provide medical information through our secure, HIPAA-compliant client portal. This information is:

  • Transmitted using SSL/TLS encryption
  • Stored on HIPAA-compliant servers (Formaloo)
  • Accessible only to authorized Wellness Link staff involved in your care coordination
  • Never shared without your explicit written consent
  • Protected by multiple layers of security

What We Collect:

We collect medical information necessary for coordinating your care:

  • Current health conditions and relevant medical history
  • Medications, allergies, and dietary restrictions
  • Previous treatments and procedures
  • Health goals and treatment preferences
  • Emergency contact information
  • Any information necessary to match you with appropriate providers
  • Insurance information (if applicable)

How Medical Information is Shared:

With your explicit consent, we share relevant portions of your medical information with:

  • Healthcare providers you select for treatment
  • Coordinating providers involved in your care plan
  • Accommodation providers (only if medically necessary, e.g., wheelchair accessibility, severe allergies)

Before sharing any medical information, we:

  1. Obtain your written consent
  2. Share only the minimum necessary information
  3. Verify the recipient’s identity and authorization
  4. Document all information sharing

Your Healthcare Providers:

Healthcare providers you work with maintain their own complete medical records in their secure systems. They are independently responsible for medical record privacy and security under their own legal obligations (HIPAA, local healthcare privacy laws, etc.).

Your Rights Regarding Medical Information:

You have the right to:

  • Access your medical information stored in our portal
  • Request corrections to your medical information
  • Request deletion of your information (subject to legal retention requirements)
  • Withdraw consent for sharing with specific providers
  • Receive a copy of your medical information in portable format
  • Restrict how we use or share your medical information
  • Receive an accounting of disclosures (who we’ve shared your information with)

To exercise these rights, contact us at hello@wellnesslinkbarbados.com

Our Role:

We act as a care coordinator and secure information custodian, not as a healthcare provider. We facilitate communication and coordination between you and your chosen healthcare providers. We do not diagnose, treat, or prescribe.

6. Data Security

We implement comprehensive security measures to protect your information:

For All Data:

  • SSL/TLS encryption on our website and portal
  • Secure payment processing through PCI-compliant processors
  • Password-protected systems with multi-factor authentication available
  • Regular security audits and updates
  • Secure backup systems
  • Limited physical and digital access to systems

For Medical Information (HIPAA-Compliant Standards):

  • End-to-end encryption for data transmission
  • Encrypted storage on HIPAA-compliant servers (Formaloo)
  • Role-based access controls (only authorized staff can access medical data)
  • Audit logs tracking all access to medical information
  • Regular staff training on medical privacy requirements
  • Business Associate Agreements with all service providers handling medical data
  • Automatic session timeouts
  • Secure deletion procedures
  • Incident response plan in place

Physical Security:

  • Secure office facilities with restricted access
  • Locked filing cabinets for any physical documents
  • Clean desk policy
  • Secure disposal of physical documents (shredding)

Administrative Security:

  • Background checks for staff with access to medical information
  • Regular privacy and security training
  • Confidentiality agreements with all staff
  • Clear policies and procedures for data handling

However, no internet transmission is 100% secure. While we implement industry-standard security measures, we cannot guarantee absolute security. You also play a role in security by:

  • Using strong passwords
  • Not sharing portal login credentials
  • Logging out after using the portal
  • Reporting suspicious activity immediately

6A. HIPAA Compliance and Medical Privacy

While Wellness Link Barbados is not a covered entity under the U.S. Health Insurance Portability and Accountability Act (HIPAA), we voluntarily comply with HIPAA standards for handling medical information.

Security Standards We Follow:

  • Administrative safeguards (privacy training, access controls, security management)
  • Physical safeguards (secure facilities, encrypted devices, secure disposal)
  • Technical safeguards (encryption, audit logs, secure transmission, access controls)

Business Associate Agreements:

We maintain Business Associate Agreements with all third-party service providers who may access medical information, ensuring they also maintain HIPAA-equivalent security standards.

Our Portal Provider:

Medical information is collected and stored through Formaloo, a HIPAA-compliant platform that meets international healthcare data security standards. Formaloo provides:

  • SOC 2 Type II certification
  • HIPAA-compliant infrastructure
  • Regular security audits
  • Encrypted data storage and transmission
  • Business Associate Agreement

Breach Notification:

In the unlikely event of a data breach involving medical information, we will:

  • Notify affected individuals within 72 hours
  • Report to relevant authorities as required
  • Investigate the cause and extent of the breach
  • Take immediate steps to prevent future breaches
  • Provide guidance on protective steps you can take

International Standards:

We also follow international healthcare privacy standards including:

  • GDPR principles (for European clients)
  • PIPEDA guidelines (for Canadian clients)
  • Caribbean data protection standards

7. Data Retention

We retain information for different periods based on type and legal requirements:

Contact Information:

  • Retained while you are an active client
  • Retained for 2 years after last contact for follow-up purposes
  • Deleted upon request (unless retention is legally required)

Payment Records:

  • Retained for 7 years for accounting and tax purposes
  • Required by financial regulations

Marketing Preferences:

  • Retained until you unsubscribe
  • Can be updated or deleted at any time

Medical Information:

  • Retained for 7 years after last service or as required by applicable healthcare privacy laws
  • May be retained longer if legally required or if there’s an ongoing legal matter
  • Securely deleted after retention period expires
  • Can be deleted upon request (subject to legal retention requirements)

Service Records:

  • Retained for 7 years for quality assurance and legal purposes

Website Analytics:

  • Anonymized after 14 months
  • Used only for aggregate statistical analysis

Deletion Process:

When information is deleted:

  • Permanently removed from active systems
  • Removed from backups within 90 days
  • Securely overwritten to prevent recovery
  • Certificate of deletion available upon request (for medical information)

8. Your Rights

You have comprehensive rights regarding your information:

Access Rights:

  • Request a copy of all information we hold about you
  • Receive information in a portable, readable format
  • Review how your information has been used

Correction Rights:

  • Request corrections to inaccurate information
  • Update your contact or medical information
  • Add context or explanations to your records

Deletion Rights:

  • Request deletion of your information
  • Right to be forgotten (subject to legal retention requirements)
  • We’ll confirm deletion within 30 days

Restriction Rights:

  • Limit how we use your information
  • Restrict sharing with specific providers
  • Opt out of marketing communications
  • Withdraw consent at any time

Portability Rights:

  • Receive your medical information in portable format
  • Transfer your information to another service
  • Request machine-readable format

Objection Rights:

  • Object to processing of your information
  • Opt out of automated decision-making
  • Challenge our use of your information

To Exercise These Rights:

For General Information:
Email: hello@wellnesslinkbarbados.com
Phone: +1 (246) 266-4887
We’ll respond within 30 days

For Medical Information:
Email: hello@wellnesslinkbarbados.com with subject line “Medical Information Request”
We’ll respond within 30 days
May require identity verification for security

For Complete Medical Records (maintained by your healthcare provider):
Contact your healthcare provider directly

No Discrimination:

We will never discriminate against you for exercising your privacy rights. Your care coordination services will not be affected.

9. Cookies

We use cookies to improve your website experience:

Essential Cookies (Required):

  • Session management
  • Security features
  • Login functionality
  • Form submission

Analytics Cookies (Optional):

  • Google Analytics (anonymized)
  • Website performance monitoring
  • User behavior analysis
  • Traffic sources

Preference Cookies (Optional):

  • Remember your settings
  • Language preferences
  • Display preferences

Marketing Cookies (Optional):

  • Social media integration
  • Remarketing (if you consent)
  • Conversion tracking

Managing Cookies:

You can control cookies through your browser settings:

  • Block all cookies
  • Delete existing cookies
  • Set preferences for specific sites
  • Receive notifications when cookies are set

Note: Disabling essential cookies may affect website functionality.

Cookie Duration:

  • Session cookies: Deleted when you close browser
  • Persistent cookies: Stored for up to 2 years
  • Analytics cookies: Stored for 14 months

10. Third-Party Services

We work with trusted third-party services to operate our business:

Payment Processors:

  • Stripe (PCI DSS compliant)
  • PayPal (PCI DSS compliant)
  • We do not store credit card information

Email Providers:

  • For communications and newsletters
  • Subject to their privacy policies

Portal Provider:

  • Formaloo (HIPAA-compliant)
  • Stores medical information securely

Booking Platforms:

  • For accommodation and travel arrangements
  • Share only necessary information

Analytics:

  • Google Analytics (anonymized IP addresses)
  • Website performance monitoring

Social Media:

  • Facebook, Instagram, LinkedIn
  • When you interact with our social pages

Each third-party service has its own privacy policy. We are not responsible for their practices, but we carefully select partners who maintain high privacy and security standards.

Third-Party Links:

Our website may contain links to external sites. We are not responsible for the privacy practices of external websites. We encourage you to review their privacy policies.

11. International Data Transfers

Cross-Border Data Transfer:

We are based in Barbados and work with international clients. Your information may be processed in:

  • Barbados (our primary location)
  • United States (cloud services, portal provider)
  • Other countries where our service providers operate

Data Protection Standards:

When transferring data internationally, we ensure:

  • Adequate data protection measures in place
  • Compliance with applicable data protection laws
  • Standard contractual clauses where required
  • HIPAA-equivalent standards for medical information

For European Clients (GDPR):

  • We comply with GDPR standards for EU residents
  • Data transfers use approved mechanisms
  • You have all rights under GDPR
  • You can lodge complaints with EU data protection authorities

For Canadian Clients (PIPEDA):

  • We comply with PIPEDA standards
  • Consent-based information handling
  • Right to access and correct information

For US Clients:

  • HIPAA-compliant handling of medical information
  • State privacy law compliance where applicable

12. Children’s Privacy

Minimum Age:

Our services are not directed to children under 18. We do not knowingly collect information from minors without parental consent.

Parental Consent Required:

If a minor requires our services:

  • Parent or legal guardian must provide consent
  • Parent/guardian controls the minor’s information
  • Parent/guardian can access and delete information

If We Learn We’ve Collected Minor’s Information:

  • We’ll delete it immediately
  • We’ll notify the parent/guardian
  • We’ll implement additional safeguards

Special Protections for Minors:

  • Enhanced privacy protections
  • Limited data collection
  • No marketing to minors
  • Parental access to all information

13. Changes to This Policy

Policy Updates:

We may update this Privacy Policy periodically to reflect:

  • Changes in our practices
  • New legal requirements
  • Technology updates
  • Service expansions

Notification of Changes:

When we update this policy:

  • Updated “Last Updated” date will be posted
  • Significant changes will be highlighted
  • Email notification for material changes
  • 30 days notice before changes take effect

Material Changes:

For significant changes affecting medical information handling:

  • Direct email notification to all active clients
  • Option to opt-out of new practices
  • Consent required for expanded uses

Your Continued Use:

Continued use of our services after policy updates constitutes acceptance of changes. If you don’t agree with changes, you may:

  • Request deletion of your information
  • Discontinue services
  • Contact us with concerns

Policy History: Previous versions of our Privacy Policy are available upon request.

14. Contact Us

Questions, concerns, or requests regarding this Privacy Policy?

General Inquiries:

Email: hello@wellnesslinkbarbados.com
Phone: +1 (246) 266-4887
Address: Bridgetown, Barbados

Medical Information Requests:

Email: hello@wellnesslinkbarbados.com
Subject line: “Medical Information Request”

Privacy Complaints:

If you have concerns about how we handle your information:

  1. Contact us first at hello@wellnesslinkbarbados.com
  2. We’ll investigate and respond within 30 days
  3. If unresolved, you may contact relevant authorities

Data Protection Authority Contacts:

  • For EU residents: Your national data protection authority
  • For Canadian residents: Office of the Privacy Commissioner of Canada
  • For US residents: HHS Office for Civil Rights (for medical information)

Healthcare Provider Inquiries:

For questions about medical records maintained by your healthcare provider:
Contact your healthcare provider directly

Emergency Contact:

For urgent security or privacy concerns:
Phone: +1 (246) 266-4887 (24/7 for active clients)

Acknowledgment

By using our services, you acknowledge that you have read, understood, and agree to this Privacy Policy and our handling of your information as described herein.

For medical services, you will be asked to provide explicit written consent for collection and use of medical information through our client portal.

Thank you for trusting Wellness Link Barbados with your care coordination needs.

Last Updated: January 2026
Wellness Link Barbados
Bridgetown, Barbados
https://wellnesslinkbarbados.com