Health & IT

Effective Date: 1st April, 2026

This Privacy Policy (“Policy”) governs the collection, processing, use, storage, disclosure, and protection of information by LaCharme LLC, a Florida limited liability company doing business as Health & IT (“H&IT,” “Company,” “we,” “us,” or “our”), in connection with:

https://healthandit.com and all associated subdomains, portals, systems, applications, integrations, and services (collectively, the “Website”).

By accessing, using, or submitting information through the Website, you acknowledge that you have read, understood, and agree to the practices described in this Policy.

1. SCOPE AND STRUCTURAL LIMITATION

This Policy applies exclusively to information collected through the Website.

The Website is an informational and engagement platform and is not designed, intended, or authorized to collect, receive, store, transmit, or process Protected Health Information (“PHI”).

Any processing of PHI by the Company occurs solely:

• (a) outside the Website environment;
• (b) within secured client or operational systems; and
• (c) pursuant to separate written agreements, including Business Associate Agreements (“BAAs”).

This Policy does not constitute a Notice of Privacy Practices under HIPAA and shall not be interpreted as governing PHI.

2. ROLE OF THE COMPANY

The Company acts as a Data Controller with respect to personal data collected through the Website.

In the course of providing IT, cybersecurity, and infrastructure services, the Company may also act as a Business Associate or Data Processor; however, such roles arise exclusively within contractual service environments and are not governed by this Policy.

3. CATEGORIES OF INFORMATION COLLECTED

The Company may collect and process information including:

3.1 Personal Identification Information

Information capable of identifying an individual, including name, email address, telephone number, and organizational affiliation.

3.2 Business and Technical Inquiry Information

Information submitted in connection with service inquiries, including system requirements, infrastructure descriptions, and operational context.

3.3 Technical and Usage Data

Information automatically collected through Website interaction, including IP address, device identifiers, browser type, session data, and interaction patterns.

3.4 Communications and Submission Data

Information contained in messages, forms, or communications submitted through the Website.

3.5 System Interaction and Diagnostic Data (Limited Scope)

Where applicable, limited metadata related to Website performance, diagnostics, or security monitoring, which may include logs and interaction data.

4. EXPRESS EXCLUSION OF PHI AND SENSITIVE DATA

The Website is not a secure channel for the transmission of sensitive or regulated information.

Users are expressly prohibited from submitting:

• PHI;
• system credentials or administrative access data;
• network configurations or security architecture details;
• confidential or proprietary system information.

The Company:

• (a) does not request such information through the Website;
• (b) does not knowingly process such information via the Website;
• (c) assumes no responsibility or liability for such submissions.

The Company undertakes no obligation to monitor or intercept such submissions.

5. PURPOSES OF PROCESSING

Information collected through the Website is processed for legitimate business purposes, including:

• responding to inquiries and communications;
• evaluating potential client engagements;
• providing information regarding services;
• maintaining Website functionality and security;
• monitoring system performance and preventing misuse;
• improving Website design, usability, and reliability;
• complying with applicable legal and regulatory obligations.

Information shall not be processed in a manner inconsistent with these purposes.

6. LEGAL BASIS FOR PROCESSING

Where applicable, processing is conducted on one or more of the following bases:

• consent provided by the User;
• legitimate interests in operating and securing the Website;
• pre-contractual necessity;
• compliance with legal obligations.

Users may withdraw consent at any time without affecting prior lawful processing.

7. DISCLOSURE OF INFORMATION

Information may be disclosed, where necessary and appropriate, to:

• affiliated entities and operational divisions;
• service providers supporting Website and infrastructure operations;
• professional advisors, including legal and compliance consultants;
• regulatory or governmental authorities where required by law.

The Company does not sell personal data.

8. THIRD-PARTY SYSTEMS AND PROCESSORS

The Website may incorporate or rely upon third-party systems, hosting providers, analytics tools, or communication platforms.

While the Company exercises reasonable diligence in selecting such providers, it does not control their independent data practices and disclaims responsibility for their actions.

9. DATA RETENTION

Information shall be retained only for as long as necessary to fulfill the purposes described in this Policy, including operational, legal, and compliance requirements.

The Company may retain anonymized or aggregated data indefinitely for analytical, security, and system improvement purposes.

10. DATA SECURITY AND MONITORING

The Company implements reasonable administrative, technical, and organizational safeguards designed to protect information collected through the Website.

Such safeguards may include:

• access controls and authentication mechanisms;
• system monitoring and logging;
• network security controls;
• encryption where applicable.

Healthcare data protection frameworks require safeguards ensuring confidentiality, integrity, and availability of electronic information

However, no system can be guaranteed to be completely secure, and Users acknowledge the inherent risks of internet-based communication.

11. INCIDENT RESPONSE

In the event of a data security incident affecting personal data:

• (a) the Company shall take reasonable steps to investigate and mitigate the incident;
• (b) notifications shall be made where required by applicable law;
• (c) corrective actions shall be implemented as appropriate.

12. INTERNATIONAL DATA TRANSFERS

Information collected through the Website may be transferred across jurisdictions, including outside the User’s country of residence.

Where required, such transfers shall be subject to appropriate safeguards.

13. USER RIGHTS

Where applicable, Users may have the right to:

• access personal data;
• request correction or deletion;
• restrict or object to processing;
• request data portability;
• withdraw consent;
• lodge a complaint with a supervisory authority.

Requests may be submitted to:

📧 [email protected]

The Company reserves the right to verify identity prior to fulfilling requests.

14. DATA ACCURACY AND USER RESPONSIBILITY

Users are responsible for ensuring that submitted information is accurate, complete, and lawful.

The Company shall not be liable for decisions made based on inaccurate or incomplete information.

15. COOKIES AND TRACKING

The Website uses cookies and similar technologies as described in the Cookie Policy.

16. CHILDREN’S DATA

The Website is not intended for individuals under eighteen (18), and the Company does not knowingly collect personal data from minors.

17. LIMITATION OF LIABILITY

To the fullest extent permitted by law, the Company shall not be liable for any loss, damage, or claim arising from:

• unauthorized access to data;
• misuse of Website communication channels;
• submission of prohibited or sensitive information;
• reliance on Website functionality or content.

18. MODIFICATIONS

The Company reserves the right to modify this Policy at any time.

Continued use of the Website constitutes acceptance of any revised Policy.

19. GOVERNING LAW

This Policy shall be governed by the laws of the State of Florida, United States.

20. CONTACT INFORMATION

Health & IT
3919 Tampa Road, Oldsmar, FL 34677, USA
📧 [email protected]
📞 +1 (321) 233 1516