PRIVACY POLICY

Last updated: June 2025

This Privacy Policy explains how I, Karolina Praskeviciute, operating as Karolina MD ("I", "me", or "my"), collect, use, and protect your personal information when you visit www.karolinamd.com (the "Site") or use my services. By using this Site, you agree to the practices described below.

This policy is designed to comply with applicable US privacy laws as well as the European Union General Data Protection Regulation (GDPR) and UK GDPR, as I serve clients in the United States, the European Union, and internationally.

1. Interpretation and Definitions

The words of which the initial letter is capitalised have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Karolina MD refers to Karolina Praskeviciute, a sole proprietor providing educational integrative health consultations at www.karolinamd.com.

Cookies are small files placed on your computer, mobile device, or any other device by a website, containing details of your browsing history on that website among other uses.

Country refers to the United States (primary jurisdiction) and, where applicable, Lithuania and the European Union.

Device means any device that can access the Service, such as a computer, mobile phone, or digital tablet.

Personal Data is any information that relates to an identified or identifiable individual.

Sensitive Personal Data includes health information, medical history, and other categories of data afforded heightened protection under applicable law, including GDPR.

Service refers to the Site and all consultations, educational materials, and services provided through it.

Service Provider means any natural or legal person who processes data on my behalf, including third-party companies or individuals employed to facilitate or support the Service.

Usage Data refers to data collected automatically, either generated by use of the Service or from the Service infrastructure itself, such as the duration of a page visit.

Website refers to Karolina MD, accessible at www.karolinamd.com.

You means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service.

2. Who I Am

Karolina MD is my personal practice. I am Karolina Praskeviciute, a sole proprietor providing educational integrative health consultations. I hold a medical degree (MD) from the Lithuanian University of Health Sciences. I do not currently hold an active medical license in the United States and do not practice medicine. All services are provided in my capacity as an educational health consultant and Certified Integrative Health Practitioner. The use of "MD" reflects my academic qualification only.

For GDPR purposes, I am the data controller of your personal information.

3. What Information I Collect

I collect the following categories of personal information:

Contact information: Your name, email address, and any information you provide through my contact or newsletter signup forms on the Site.

Booking information: When you book a consultation through Calendly, I collect the information you provide during the booking process, including your name, email address, and any intake information submitted.

Health-related information: Information you voluntarily share during consultations, including health history, symptoms, and lab results. This is considered Sensitive Personal Data under GDPR and is treated with the highest level of protection.

Client portal information: Information submitted through Healthie, my client management platform, including health history forms, uploaded documents, and communications.

Technical data: IP address, browser type, device information, and pages visited, collected automatically through Squarespace's built-in analytics. In the future, I may also use Google Analytics. This policy will be updated accordingly.

Communications: Records of any email or message communications between you and me.

4. Tracking Technologies and Cookies

I use cookies and similar tracking technologies to track activity on the Site and store certain information. The technologies used may include:

Cookies or Browser Cookies: A cookie is a small file placed on your Device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. If you do not accept cookies, some parts of the Site may not function correctly.

Web Beacons: Certain sections of the Site and my emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, or single-pixel gifs) that permit me to count users who have visited those pages or opened an email, and for other related website statistics.

I use the following types of cookies:

Necessary / Essential Cookies (Session Cookies): These cookies are essential to provide you with services available through the Site and to enable you to use its features. They help authenticate users and prevent fraudulent use. Without these cookies, the services you have requested cannot be provided.

Cookie Policy / Notice Acceptance Cookies (Persistent Cookies): These cookies identify whether users have accepted the use of cookies on the Site.

Functionality Cookies (Persistent Cookies): These cookies allow the Site to remember choices you make, such as language preferences, to provide you with a more personalised experience.

You can control and manage cookies through your browser settings at any time.

5. How I Use Your Information

I use your personal information for the following purposes:

To provide my services: Delivering educational health consultations, responding to inquiries, and managing bookings.

To communicate with you: Sending session confirmations, follow-up materials, and — only if you have opted in — occasional updates.

To improve the Site: Analysing usage patterns through analytics tools to improve the user experience.

To comply with legal obligations: Meeting my obligations under applicable law.

Legal basis under GDPR: Where GDPR applies, I process your data on the basis of (a) contractual necessity — to provide the services you have requested; (b) your consent — for marketing communications and newsletter signup; and (c) legitimate interests — for analytics and site improvement, balanced against your privacy rights.

6. Third-Party Services

I use the following third-party services that may process your data:

Squarespace (squarespace.com): Website hosting and built-in analytics. Privacy policy available at squarespace.com/privacy.

Calendly (calendly.com): Appointment booking. Privacy policy available at calendly.com/privacy.

Healthie (gethealthie.com): HIPAA-compliant client management platform for intake forms, messaging, and records. Privacy policy available at gethealthie.com/privacy.

Zoom / Google Meet: Video consultation platforms. Sessions may be recorded only with your prior consent. Zoom's privacy policy is available at zoom.us/privacy. Google's privacy policy is available at policies.google.com/privacy.

Google Analytics: If and when implemented, Google Analytics will be used to analyse site traffic. You may opt out using the Google Analytics Opt-Out Browser Add-on.

I do not sell your personal information to any third party.

7. Session Recording

Some consultations may be recorded for educational or record-keeping purposes. You will be informed and asked for your explicit consent before any session is recorded. You have the right to decline recording. If you consent and later wish to withdraw consent, please contact me and I will delete the recording.

8. Data Retention

I retain your personal information for as long as necessary to provide my services and comply with legal obligations. Health-related consultation records are retained for a minimum of 7 years in accordance with standard professional practice. Marketing opt-in data is retained until you unsubscribe or request deletion.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Right to access: Request a copy of the personal data I hold about you.

Right to rectification: Request correction of inaccurate or incomplete data.

Right to erasure: Request deletion of your personal data, subject to my legal retention obligations.

Right to restrict processing: Request that I limit how I use your data.

Right to data portability: Request your data in a structured, machine-readable format.

Right to object: Object to processing based on legitimate interests or for direct marketing.

Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

EU/UK residents: You also have the right to lodge a complaint with your local supervisory authority. In Lithuania, this is the State Data Protection Inspectorate (vdai.lrv.lt). In the EU, contact your national data protection authority. In the UK, contact the Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, please contact me at karolina@karolinamd.com.

10. Deleting Your Personal Data

You have the right to request deletion of the personal data I hold about you, subject to certain legal limitations.

You may request deletion of your data at any time by contacting me at karolina@karolinamd.com. I will respond to your request within 30 days.

Please note that I may be required to retain certain information where I have a legal obligation to do so — for example, health-related consultation records retained for the minimum period required by applicable professional standards, or financial records required for tax purposes. In such cases, I will inform you of what data must be retained and why.

Where data is held through third-party platforms such as Healthie or Calendly, you may also need to contact those platforms directly to request deletion of data held in their systems. I will assist you in identifying the appropriate contact where possible.

11. Data Security

I implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. All health-related data is processed through HIPAA-compliant platforms where applicable. However, no method of internet transmission or electronic storage is 100% secure, and I cannot guarantee absolute security.

12. International Data Transfers

Your data may be processed in the United States and other countries where my service providers operate. All service providers I use maintain appropriate data protection agreements to ensure your information is handled in compliance with GDPR requirements.

13. Children's Privacy

My services are not directed to individuals under the age of 18. I do not knowingly collect personal data from minors. If you believe I have inadvertently collected such data, please contact me immediately.

14. Disclosure of Your Personal Data

Business Transactions: If my practice is involved in a merger, acquisition, or asset sale, your personal data may be transferred. I will provide notice before your data is transferred and becomes subject to a different Privacy Policy.

Law Enforcement: Under certain circumstances, I may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities such as a court or government agency.

Other Legal Requirements: I may disclose your personal data in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend my rights or property, prevent or investigate possible wrongdoing, protect the personal safety of users or the public, or protect against legal liability.

15. Changes to This Policy

I may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised effective date. I encourage you to review this policy periodically. Continued use of the Site after any changes constitutes your acceptance of the updated policy.

16. Contact

For any questions, requests, or concerns regarding this Privacy Policy, please contact me at: karolina@karolinamd.com,