Wellness Medical Clinic
Operated by: Intellimed Nutritional Systems, LLC
349 Ave. Felisa Rincón de Gautier, Paseo Las Cumbres Shopping Center, Ste 204, San Juan, Puerto Rico 00926
Tel.: 787-244-0145 | 787-738-2871
Official contact channel: Contact Us page form
Effective Date: March 18, 2026

1. SCOPE, ACCEPTANCE, AND RELATIONSHIP TO OTHER POLICIES

This Cookie Policy governs the use of cookies, pixels, tags, SDKs, session storage, local storage, web beacons, measurement scripts, attribution tools, remarketing technologies, and other similar tracking or storage technologies (collectively, “Tracking Technologies”) used by Wellness Medical Clinic and Intellimed Nutritional Systems, LLC (collectively, the “Clinic”) on its website, landing pages, forms, booking calendars, chat experiences, telehealth interfaces, informational pages, and other associated digital assets.

By entering, browsing, or continuing to use the site after receiving the corresponding consent notice, THE USER / PATIENT acknowledges that they have read this Cookie Policy and understand that the site may use Tracking Technologies subject to this policy, the HIPAA-level Privacy Policy / Notice of Privacy Practices, and the Terms and Conditions. Where the law or the configuration chosen by the Clinic requires prior consent for certain categories of Tracking Technologies, mere browsing shall not substitute for such consent, and the Clinic shall seek to limit activation of those categories until a valid preference is received.

2. PURPOSE OF THIS POLICY ON A HEALTHCARE SITE

On a health-related website, Tracking Technologies must be handled with greater caution than on ordinary commercial sites because, depending on the context, they may collect or transmit information that reasonably identifies a person in connection with that person’s health, healthcare, or payment for healthcare. HHS has indicated that tracking technologies on websites and apps of regulated entities may involve Protected Health Information (PHI) and that disclosures to vendors for marketing without HIPAA-compliant authorization may be impermissible.

For that reason, this policy is not limited to describing cookies in a generic manner, but instead establishes substantive rules of minimization, segmentation, opt-out, restriction of sensitive remarketing, and limitation of activation by context. The Clinic adopts a defensive posture: if a Tracking Technology cannot operate in a manner reasonably compatible with applicable privacy, security, and confidentiality obligations, the Clinic reserves the right to disable it, limit it, reconfigure it, or exclude it entirely from clinical flows, forms, telehealth, authenticated pages, or any experience where there is a risk of capture or improper disclosure of sensitive information.

3. WHAT COOKIES AND TRACKING TECHNOLOGIES ARE

Cookies are small files or identifiers that a website or an authorized third party may place on or read from your browser or device in order to remember preferences, maintain active sessions, understand patterns of use, improve performance, measure traffic, or facilitate certain functions. Other Tracking Technologies include pixels, web beacons, tags, scripts, session replay, fingerprinting, local storage, SDKs, and similar identifiers that may collect or transmit interaction information. HHS expressly identifies cookies, web beacons/pixels, session replay, and fingerprinting as common examples of tracking technologies.

Not all Tracking Technologies carry the same level of risk. Some are strictly necessary for security, authentication, or basic functionality; others support analytics, preferences, or performance; and others relate to measurement, attribution, or advertising. In healthcare, classification depends not only on the name of the technology, but also on what data it collects, on which page or flow it is activated, to whom it transmits that data, and for what purpose. Accordingly, the Clinic reserves the right to reclassify, block, or restrict a technology if the actual risk exceeds its theoretical category.

4. CATEGORIES OF COOKIES AND TECHNOLOGIES WE MAY USE

The Clinic may use strictly necessary cookies for essential site functions, including security, fraud prevention, load balancing, session management, consent maintenance, authentication of restricted areas, site stability, and basic technical support. These technologies are materially necessary to operate the site securely and, to the extent permitted by law, may be activated without separate consent when indispensable to provide the digital service requested by the user.

The Clinic may also use functional or preference cookies, analytics or measurement cookies, and, in limited and legally conditioned cases, attribution/marketing cookies or pixels. However, the latter will not be deployed indiscriminately. In particular, the Clinic will limit or avoid their use on authenticated pages, portals, telehealth environments, clinical forms, appointment calendars containing individualized information, intake flows, or pages whose context may reasonably reveal a condition, treatment, appointment, or sensitive clinical interest. HHS warns that tracking technologies on authenticated pages generally have access to PHI and require HIPAA-compliant configuration, including Business Associate Agreements (BAAs) where applicable.

5. DATA THAT MAY BE COLLECTED BY THESE TECHNOLOGIES

Depending on the tool, flow, and configuration, Tracking Technologies may collect or infer data such as IP address, browser or device identifiers, operating system, browser type, timestamps, language preferences, traffic source, interaction with buttons or pages, duration of visit, form events, session data, visited URLs, referrer pages, and aggregated usage metrics. HHS has highlighted that tracking technologies may capture information ranging from IP addresses or geolocation to appointment dates or other data that, in certain contexts, may constitute Protected Health Information (PHI).

The Clinic internally prohibits, to the maximum technical and legal extent possible, the use of these technologies to transmit to advertising platforms or external vendors any information that identifies an individual in connection with appointments, diagnoses, treatments, clinical forms, portals, telehealth, payments for medical services, or any data functionally equivalent to PHI without a sufficient legal and technical basis. If a platform does not allow its technologies to be configured in a manner compatible with these restrictions, the Clinic will not authorize the transmission of sensitive data through it, even if that platform recommends such implementation for advertising optimization purposes.

6. PERMITTED PURPOSES OF COOKIE USE

The Clinic may use Tracking Technologies for legitimate purposes related to site operation, security, fraud prevention, session maintenance, aggregated measurement, technical administration, performance, debugging, preference retention, and verification of consent status. These purposes are considered part of the Clinic’s legitimate interest and operational necessity to maintain a secure and functional site, always subject to applicable privacy and security limitations.

The Clinic may also use certain technologies for campaign measurement, general attribution, aggregated traffic source analysis, and user experience improvement, but only within strict limits. Under no circumstances does this policy authorize the use of Tracking Technologies to convert identifiable clinical information into marketing audiences, customer matching, sensitive remarketing, condition-based segmentation, or individualized health profiles. The FTC has explained that sharing identifiable or reasonably identifiable health information with advertising networks for targeted marketing without authorization may trigger significant obligations and regulatory risks.

7. EXPRESS LIMITATION ON SENSITIVE REMARKETING

The Clinic prohibits the use of cookies, pixels, or similar technologies for remarketing, retargeting, or behavioral segmentation based on information that reasonably reveals, suggests, or allows inference of a person’s health status, interest in treatment, appointment request, medical history, metabolic condition, weight, medication use, symptoms, results, telehealth usage, or any other sensitive health attribute of an identifiable or reasonably identifiable individual. This restriction applies even if the technology is marketed as “anonymous,” “pseudonymous,” “hashed,” or “measurement-only,” where the real context of use creates a reasonable risk of sensitive inference.

Accordingly, the Clinic may use campaign measurement or attribution tools only in limited, aggregated, minimized, de-identified, or contextually neutral forms, and always subject to prudent configuration. If any Meta, Google, CRM, CAPI, ad network, or similar vendor tool does not allow the reasonable exclusion of sensitive information or clinical events, the Clinic reserves the right not to use it, to limit it to non-sensitive pages, or to replace it with less intrusive alternatives. Commercial convenience shall never, by itself, prevail over the protection of health data.

8. PIXELS, AD PLATFORMS, AND ADVERTISING MEASUREMENT

The Clinic may operate campaigns on Meta, Google, or other digital platforms and, in certain cases, use measurement or attribution technologies related to such campaigns. However, the mere fact that an advertising platform recommends installing a pixel or event does not mean that such implementation is legally appropriate on a healthcare site. HHS has warned that regulated entities may not use tracking technologies in a manner that results in impermissible disclosures of PHI to tracking vendors.

Accordingly, the Clinic’s rule shall be the following: no pixel, CAPI, tag, SDK, CRM sync, audience connector, or similar tool may receive PHI, ePHI, or functionally equivalent information, nor be triggered in contexts where a visit or action reasonably reveals sensitive health information, unless there is a valid legal basis, consent where applicable, and a technical and contractual architecture compatible with the applicable obligations. The Clinic may block events, mask parameters, exclude URLs, limit firing rules, segment containers, or completely disable integrations in order to comply with this rule.

9. THIRD-PARTY COOKIES AND STACK PROVIDERS

The Clinic may use third-party tools within its operational stack, including, depending on the flow and configuration, services related to hosting, security, telehealth platform, forms, CRM, analytics, Stripe, Calendly, chat widget, AI tools, advertising platforms, or consent preferences. Use of a third-party tool does not imply that the third party has unrestricted authorization to use data for its own purposes. Where appropriate, the Clinic will seek to impose contractual restrictions, minimization configurations, and reasonable controls consistent with the risk of the integration.

However, THE USER / PATIENT acknowledges that some third parties operate with their own technologies, policies, and infrastructures, and that the Clinic does not have absolute control over their internal systems. To the maximum extent permitted by law, the Clinic limits its responsibility to reasonable selection and configuration, compliance with its own duties, and adoption of prudent measures according to the context. The Clinic does not guarantee the performance, absolute security, or internal decisions of independent vendors outside its reasonable control, although it reserves the right to discontinue, suspend, or restrict any integration that creates excessive risk.

10. CONSENT, OPT-IN, OPT-OUT, AND PREFERENCES

The Clinic will implement a consent banner and a preference-management mechanism that allows THE USER / PATIENT to accept, reject, or customize categories of Tracking Technologies, according to the level of risk and applicable law. Strictly necessary cookies may remain active when indispensable for security, authentication, site stability, or preservation of the consent preference. Non-essential categories, including analytics, measurement, or advertising, should not be activated before a valid preference where the legal framework or internal policy so requires.

THE USER / PATIENT may change their preferences at any time through the permanent “Cookie Preferences,” “Manage Cookies,” or equivalent mechanism available on the site. The opt-out shall apply prospectively and does not obligate the Clinic or third parties to “retrieve” or “undo” data already lawfully processed before the change, although the Clinic will make reasonable efforts for the new preference to be reflected in the future behavior of the site. If the user deletes browser cookies or changes devices, they may need to reconfigure their preferences.

11. HOW TO DISABLE COOKIES FROM YOUR BROWSER OR DEVICE

In addition to the site’s preference manager, THE USER / PATIENT may disable or limit cookies from their browser, mobile device, or privacy extensions. However, the Clinic warns that indiscriminate blocking of strictly necessary cookies may affect security, authentication, session persistence, consent integrity, form functionality, reservations, telehealth access, or the general stability of the site.

The Clinic shall not be responsible for errors, unavailability, loss of functionality, loading problems, authentication failures, form interruptions, unexpected session expirations, or incompatibilities arising from browser settings, blocking software, third-party extensions, or restrictions unilaterally imposed by the user on their own device. Even where the user disables certain technologies, this does not guarantee the blocking of all technical signals inherent to the basic functioning of the internet or browser infrastructure.

12. SECURITY, MINIMIZATION, AND IMPLEMENTATION CONTROLS

The Clinic shall apply reasonable controls to minimize the risk associated with Tracking Technologies, including context-based evaluation, restriction by page type, consent management, parameter reduction, exclusion of sensitive flows, vendor review, segmentation of implementations, and other prudent technical or operational measures. On authenticated pages, telehealth environments, portals, clinical forms, and environments where a tool may have access to PHI, HHS requires that any tracking technology use or disclose PHI only in accordance with HIPAA and that ePHI remain protected under the Security Rule.

Even so, THE USER / PATIENT acknowledges that no technological implementation can offer an absolute guarantee of perfection or total absence of risk. To the maximum extent permitted by law, the Clinic disclaims any absolute guarantee with respect to third parties, browsers, platform changes, vendor scripts, external configuration failures, zero-day exploits, or unpredictable technical behavior. The Clinic’s obligation is one of reasonable and prudent diligence, not of absolute result.

13. LIMITATION OF LIABILITY RELATED TO COOKIES AND TRACKING

Any claim related to cookies, pixels, tags, SDKs, analytics, tracking, consent tools, attribution, digital advertising, CRM sync, forms, telehealth interfaces, or similar technologies shall also be subject to the limitations of liability validly established in the Clinic’s Terms and Conditions, except to the extent that a mandatory legal rule expressly and non-waivably provides otherwise. Nothing in this policy creates an absolute guarantee of total absence of tracking, zero error, or the technical impossibility of incidents.

THE USER / PATIENT acknowledges that interaction with web technologies involves residual risks inherent in the functioning of the internet, browsers, devices, third-party vendors, and adjacent platforms. The Clinic shall not be responsible for indirect, incidental, special, exemplary, punitive, or consequential damages related to cookie preferences, disabling of technologies, browser interoperability, or technical decisions of third parties outside its reasonable control, to the maximum extent permitted by law.

14. COMPLIANCE, INVESTIGATION, AND REMEDIES

The Clinic reserves the right to monitor, audit, and review its consent implementations and Tracking Technologies, as well as to suspend, correct, replace, or remove integrations if it identifies a risk of privacy, security, noncompliance, improper disclosure, or conflict with this policy. If any person attempts to manipulate the consent system, inject scripts, interfere with tags, extract configurations, engage in scraping, falsify consent signals, or induce an improper disclosure, the Clinic may block access, preserve evidence, and exercise the available contractual, legal, and equitable remedies.

When the conduct of a third party, vendor, user, or attacker causes or threatens to cause an improper disclosure, alteration of configurations, data exposure, consent fraud, or reputational harm related to tracking, the Clinic may seek injunctive relief, damages, costs, attorneys’ fees, and any other available remedy. This clause does not limit the user’s regulatory rights where such rights exist, but it does fully preserve the Clinic’s defenses and remedies against abusive, malicious, or fraudulent uses of the technological environment.

15. CHANGES TO THIS COOKIE POLICY

The Clinic may update this Cookie Policy at any time to reflect legal, regulatory, technological, operational, or vendor-related changes. The then-current version shall be the version published on the site with its corresponding date, and continued use of the site after an update shall constitute acceptance of the revised version, to the extent permitted by law.

Where the nature of the change so warrants, the Clinic may request a new consent preference, reset prior configurations, or display an updated banner. The absence of a new acceptance for non-essential categories may result in those categories remaining disabled until a valid preference is received.

16. CONTACT

For questions regarding this Cookie Policy, requests related to cookie preferences, or notices regarding possible privacy issues linked to tracking, THE USER / PATIENT must use the Contact Us page form on the website. The Clinic may require reasonable information to verify identity, technical context, browser, device, or affected URL before investigating a reported incident.

Telephone numbers 787-244-0145 and 787-738-2871 are provided for general contact, but they do not replace the formal channel designated for privacy matters or technical site-configuration issues, unless the Clinic indicates otherwise in writing. The Clinic may retain records of requests, consent configurations, timestamps, and related logs for purposes of compliance, audit, security, and legal defense.