Our Commitment to Your Privacy

Generative Health Consulting LLC 

Effective Date: June 21, 2025 

Last Updated: June 21, 2025 

  1. IDENTIFICATION AND CONTACT INFORMATION 

Data Controller 

Company Name: Generative Health Consulting LLC 

Owner/Data Protection Officer: Tom Richards 

Address: 26 Spear Street, NJ 08840 

Email: tom@genhealthconsult.ai 

Phone: (908) 337-5164

Data Protection Officer (DPO) 

For all privacy-related matters, inquiries, or to exercise your rights under this Privacy Policy, please  contact: 

Tom Richards 

Email: tom@genhealthconsult.ai 

Phone: (908) 337-5164

  1. PURPOSES OF PROCESSING 

Generative Health Consulting LLC processes personal information for the following specific purposes: 

2.1 Consulting Services 

  • Engaging consultants and healthcare professionals for specific consulting services
  • Managing ongoing consulting relationships and contractual obligations 
  • Providing strategic healthcare consulting, regulatory compliance guidance, and business advisory  services
  • Facilitating communication and project management between parties 

2.2 Research and Development 

  • Conducting healthcare market research and data analysis 
  • Supporting clinical research and scientific collaborations 
  • Developing healthcare insights and industry reports 
  • Analyzing healthcare trends and regulatory developments 

2.3 Compliance and Legal Obligations 

  • Meeting legal and regulatory requirements under HIPAA, New Jersey Privacy Act (NJPA), and other  applicable laws 
  • Conducting transparency reporting and adverse event reporting as required
  • Maintaining records for audit and inspection purposes 
  • Ensuring compliance with healthcare industry standards and certifications 

2.4 Business Operations 

  • Internal reporting and business development activities 
  • Financial management and payment processing 
  • Marketing our services to potential clients 
  • Maintaining business relationships with partners and vendors 
  1. CATEGORIES OF PERSONAL DATA COLLECTED 

3.1 Identifying Information 

  • Name, title, and professional credentials 
  • Contact details (business address, phone number, email address) 
  • Professional registration numbers and licensing information 
  • Company affiliation and job function
  • Professional qualifications and certifications 

3.2 Financial Information 

  • Bank account details for payment purposes (when providing consulting services)
  • Billing addresses and payment information 
  • Tax identification numbers for contractor payments 
  • Invoice and payment history 

3.3 Consulting-Related Data 

  • Information about consultant expertise, experience, and specializations
  • Work product and deliverables from consulting engagements 
  • Performance evaluations and feedback 
  • Project documentation and communications 
  • Intellectual property and proprietary information related to consulting work 

3.4 Communication Data 

  • Email correspondence and other written communications 
  • Meeting notes and call logs 
  • Documentation of consulting agreements and contracts 
  • Any information provided during the consulting relationship 

3.5 Technical Information (Website Visitors) 

  • IP addresses and device information 
  • Browser type and operating system 
  • Website usage data and analytics 
  • Cookies and similar tracking technologies 
  1. LEGAL BASIS FOR PROCESSING

4.1 Contractual Necessity 

Processing is necessary for the performance of consulting agreements and to fulfill our contractual  obligations to clients and consultants. 

4.2 Legitimate Interests 

We process personal data based on our legitimate business interests, including: 

  • Providing high-quality healthcare consulting services 
  • Maintaining professional relationships 
  • Improving our services and operations 
  • Protecting our business interests and intellectual property 

We have balanced these interests against individuals' privacy rights and determined that our processing  does not override those rights. 

4.3 Legal Obligations 

We process personal data to comply with legal requirements, including: 

  • HIPAA Privacy and Security Rules (when acting as a Business Associate) 
  • New Jersey Privacy Act (NJPA) requirements 
  • Tax and financial reporting obligations 
  • Healthcare industry regulatory requirements 
  • Anti-money laundering and fraud prevention laws 

4.4 Consent 

For certain specific processing activities, we may rely on explicit consent, particularly for: 

  • Marketing communications 
  • Use of sensitive personal information beyond what is necessary for our services
  • International data transfers where required 
  1. DATA SHARING AND DISCLOSURE

5.1 Internal Use 

Personal information may be shared within Generative Health Consulting LLC for the purposes outlined in  this policy. As a sole proprietorship, this is limited to the owner, Tom Richards. 

5.2 Third-Party Service Providers 

We may share personal information with trusted third-party service providers who assist us in operating  our business, including: 

  • Cloud storage and computing providers (with appropriate safeguards) 
  • Payment processors and financial institutions 
  • IT support and cybersecurity services 
  • Legal and professional advisors 
  • Audit and compliance service providers 

All third-party processors are required to maintain confidentiality and use appropriate security measures. 

5.3 Business Associates and Subcontractors 

When we act as a Business Associate under HIPAA, we may engage subcontractors who must also comply  with HIPAA requirements through appropriate Business Associate Agreements. 

5.4 Legal Requirements 

We may disclose personal information when required by law, including: 

  • Responding to valid legal process (subpoenas, court orders) 
  • Reporting to regulatory authorities as required 
  • Cooperating with law enforcement investigations 
  • Protecting our legal rights and interests 
  • Preventing fraud or protecting public safety 

5.5 Business Transfers 

In the event of a business sale, merger, or acquisition, personal information may be transferred as part of  the business assets, subject to appropriate confidentiality obligations.

  1. DATA RETENTION 

6.1 Retention Period 

We retain personal data for the following periods: 

  • Consulting relationship data: For the duration of the consulting relationship plus 7 years after  termination 
  • Financial records: 7 years from the date of the last transaction 
  • Marketing communications: Until consent is withdrawn or 3 years of inactivity
  • Website analytics: 26 months from collection 
  • Legal compliance records: As required by applicable law (typically 7-10 years) 

6.2 Data Deletion 

After the retention period expires, we will securely delete or anonymize personal data unless: 

  • Legal obligations require longer retention 
  • The data is needed for legitimate business purposes 
  • You have specifically consented to longer retention 
  1. YOUR RIGHTS 

Under the New Jersey Privacy Act (NJPA), HIPAA (where applicable), and other privacy laws, you have the  following rights: 

7.1 Right to Access 

You may request access to the personal data we hold about you, including: 

  • Categories of personal data processed 
  • Purposes of processing 
  • Recipients of the data
  • Retention periods 

7.2 Right to Rectification 

You may request correction of inaccurate or incomplete personal data. 

7.3 Right to Erasure (Right to be Forgotten) 

You may request deletion of your personal data under certain circumstances: 

  • The data is no longer necessary for the original purpose 
  • You withdraw consent (where consent was the legal basis) 
  • The data has been unlawfully processed 
  • Legal obligations require erasure 

7.4 Right to Restrict Processing 

You may request that we limit how we process your personal data in certain situations: 

  • You contest the accuracy of the data 
  • Processing is unlawful but you don't want erasure 
  • We no longer need the data but you need it for legal claims 

7.5 Right to Data Portability 

You may request a copy of your personal data in a structured, commonly used, and machine-readable  format for transfer to another organization. 

7.6 Right to Object 

You may object to processing based on legitimate interests, including for direct marketing purposes. 

7.7 Right to Withdraw Consent 

Where consent is the legal basis for processing, you may withdraw your consent at any time without  affecting the lawfulness of processing before withdrawal. 

7.8 Right to Opt-Out 

Under the NJPA, you have the right to opt-out of:

  • Targeted advertising 
  • Sale of personal data 
  • Profiling in furtherance of decisions that produce legal or similarly significant effects 

To exercise any of these rights, contact us at tom@genhealthconsult.ai or (908) 337-5164. We will  respond within 30 days. 

  1. SECURITY MEASURES 

We implement appropriate technical and organizational security measures to protect personal  information: 

8.1 Technical Safeguards 

  • End-to-end encryption for data transmission and storage 
  • Secure, password-protected systems with multi-factor authentication 
  • Regular security updates and patches 
  • Firewall and intrusion detection systems 
  • Secure backup and disaster recovery procedures 

8.2 Administrative Safeguards 

  • Regular security risk assessments 
  • Employee training on data protection and HIPAA compliance 
  • Incident response and breach notification procedures 
  • Access controls based on job responsibilities 
  • Regular review and updating of security policies 

8.3 Physical Safeguards 

  • Secure office facilities with controlled access 
  • Locked filing cabinets for physical documents 
  • Secure disposal of confidential documents
  • Workstation and device security controls 
  1. INTERNATIONAL DATA TRANSFERS 

If we transfer personal data internationally, we ensure appropriate safeguards are in place: 

  • Standard Contractual Clauses approved by relevant authorities 
  • Adequacy decisions by regulatory bodies 
  • Binding Corporate Rules where applicable 
  • Specific consent for the transfer when required 

Currently, Generative Health Consulting LLC primarily operates within the United States and does not  regularly transfer data internationally. 

  1. COOKIES AND TRACKING TECHNOLOGIES 

Our website may use cookies and similar technologies to: 

  • Analyze website usage and improve user experience 
  • Remember user preferences 
  • Provide personalized content 
  • Measure the effectiveness of our marketing 

You can control cookie settings through your browser preferences. However, disabling cookies may affect  website functionality. 

  1. HIPAA BUSINESS ASSOCIATE OBLIGATIONS 

When Generative Health Consulting LLC acts as a Business Associate under HIPAA: 

11.1 Permitted Uses and Disclosures 

We only use and disclose Protected Health Information (PHI) as permitted by our Business Associate  Agreement and HIPAA regulations.

11.2 Safeguards 

We maintain appropriate administrative, physical, and technical safeguards to protect PHI in accordance  with HIPAA Security Rule requirements. 

11.3 Breach Notification 

We will notify covered entities of any breach of unsecured PHI within 60 days of discovery. 

11.4 Individual Rights 

We will assist covered entities in fulfilling individual rights requests related to PHI. 

  1. CHILDREN'S PRIVACY 

Our services are directed toward healthcare professionals and organizations. We do not knowingly collect  personal information from children under 13 years of age. If we become aware that we have collected  such information, we will take steps to delete it promptly. 

  1. CALIFORNIA PRIVACY RIGHTS 

For California residents, additional rights may apply under the California Consumer Privacy Act (CCPA).  Please contact us for information about these rights. 

  1. CHANGES TO THIS PRIVACY POLICY 

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or  business operations. We will: 

  • Post the updated policy on our website 
  • Update the "Last Updated" date 
  • Notify affected individuals of material changes when required by law
  1. COMPLAINTS AND REGULATORY CONTACT 

If you have concerns about our privacy practices, you may: 

Contact us directly: 

Tom Richards 

Email: tom@genhealthconsult.ai 

Phone: (908) 337-5164

File a complaint with regulatory authorities: 

  • HIPAA complaints: U.S. Department of Health and Human Services, Office for Civil Rights • New Jersey Privacy Act: New Jersey Division of Consumer Affairs 
  • General privacy concerns: Federal Trade Commission 
  1. CONTACT INFORMATION 

For questions about this Privacy Policy or our privacy practices: 

Generative Health Consulting LLC 

Tom Richards, Owner/Data Protection Officer 

26 Spear Street 

NJ 08840 

Email: tom@genhealthconsult.ai 

Phone: (908) 337-5164

This Privacy Policy is effective as of June 21, 2025, and governs the collection, use, and disclosure of personal  information by Generative Health Consulting LLC.