top of page

PART 2: WEBSITE PRIVACY POLICY

This document covers data collected from visitors to minneapolisgenetics.com. It is separate from the HIPAA Notice of Privacy Practices above, which covers patient health information.

Effective date: 4/26/2026 Last updated: 4/26/2026

 

What this policy covers

This Website Privacy Policy explains what information we collect from visitors to minneapolisgenetics.com, how we use it, who we share it with, and the choices you have. It applies to information collected through our website, contact forms, and email communications with us.

It does not cover protected health information (PHI) collected during clinical care. PHI is governed by our Notice of Privacy Practices (link to NPP), which is required by HIPAA.

 

1. Data we collect

Information you give us directly

When you interact with our website, you may choose to provide:

  • Contact form submissions: name, email address, and the contents of your message

  • Email correspondence: any information you send to office@minneapolisgenetics.com

  • Appointment scheduling: information you enter into our scheduling system, Jane (this is governed by our HIPAA Notice of Privacy Practices once you become a patient, and by Jane's privacy policy for the scheduling process itself)

Information collected automatically

When you visit our website, certain information is collected automatically by our website host (Wix) and any analytics tools we use:

  • Device and browser information: browser type, operating system, device type

  • Connection information: IP address (which approximates your general location), referring website

  • Usage information: pages viewed, time spent on pages, clicks, and similar interactions

  • Cookies and similar technologies: see Section 5 below

Sensitive information

We do not intentionally collect sensitive personal information (including health information, financial information, racial or ethnic origin, sexual orientation, or biometric data) through our website. Please do not include sensitive health details in contact form messages or unencrypted emails. If you have a clinical question, please book an appointment so we can discuss it through our HIPAA-compliant platforms.

If you voluntarily share health information in a website form or email, we will treat it with discretion but it is not protected by HIPAA until you become a patient and are receiving clinical care.

 

2. How we collect data

We collect data through:

  • Forms on our website (contact form, provider inquiry form)

  • Direct email to office@minneapolisgenetics.com

  • Cookies and similar technologies placed by our website (see Section 5)

  • Our website host, Wix, which automatically collects standard web traffic data

  • Our scheduling platform, Jane, when you book an appointment

We do not knowingly collect data from third-party sources, social media scraping, or data brokers.

 

3. Why we collect data

We use the information we collect for the following purposes:

  • To respond to your inquiries sent through our contact form or email

  • To schedule and provide clinical services (this transitions data into PHI governed by our NPP)

  • To improve our website, including understanding which pages visitors find most useful

  • To communicate with referring providers who use our For Providers contact form

  • To comply with legal obligations, including healthcare and tax recordkeeping

  • [To send periodic email updates if you have opted in to our mailing list — DELETE if you do not have a newsletter]

We do not use your data for:

  • Targeted advertising

  • Selling or renting to third parties

  • Profiling for automated decision-making

  • Marketing unrelated to genetic counseling services

 

4. Third-party sharing and service providers

We share data only with service providers who help us operate the Practice and the website, and only as needed to perform their function. These include:

Service provider

Purpose

Data shared

Wix

Website hosting and forms

Visitor analytics, contact form submissions

Jane

Scheduling, intake, secure messaging

Appointment and patient information (covered by HIPAA BAA)

Zoho Mail

Practice email

Email contents



 

For all service providers who handle PHI, we have signed Business Associate Agreements as required by HIPAA.

We do not:

  • Sell your personal information to anyone, ever

  • Rent your personal information

  • Share your information with advertising networks for retargeting

  • Provide your information to data brokers

We may disclose information when required by law (subpoena, court order, regulatory investigation) or to protect the rights, property, or safety of the Practice, our patients, or others.

 

5. Cookies and tracking technologies

What we use

Our website uses the following cookies and similar technologies:

  • Strictly necessary cookies: required for the website to function (e.g., load balancing, session continuity). These cannot be disabled.

  • Functional cookies: remember your preferences (e.g., region, language).

  • Analytics cookies: Wix's built-in analytics, Google Analytics, These help us understand how visitors use the site.

What we do NOT use

We do not use:

  • Facebook Pixel or similar advertising trackers

  • Cross-site behavioral advertising trackers

  • Third-party marketing cookies

Managing your preferences

You can control cookies in several ways:

  • Browser settings: most browsers let you block or delete cookies. Note that disabling all cookies may limit functionality.

  • Wix cookie banner: a wix cookie banner may be used.

  • Do Not Track: we honor "Do Not Track" browser signals where technically feasible.

 

6. Data retention

We retain personal data only as long as needed for the purposes described in this policy, or as required by law:

Data type

Retention period

Contact form submissions and email inquiries

2 years from last contact, then deleted

Patient clinical records (PHI, governed by NPP)

Minimum 7 years from last date of service, in accordance with Minnesota state requirements (Minn. Stat. § 145.32)

Website analytics data

14 to 26 months 

Email mailing list (if applicable)

Until you unsubscribe

When data is no longer needed, we delete or de-identify it.

 

7. Security

We take the security of your data seriously. Measures include:

  • HTTPS encryption on our website (TLS in transit)

  • HIPAA-compliant platforms for all clinical communications (Jane for scheduling and messaging, and for telehealth)

  • Multi-factor authentication on administrative accounts

  • Access controls limiting data access to those who need it (in our solo practice, only Vaish Subramani has access to clinical records)

  • Vendor due diligence, including signed Business Associate Agreements with all HIPAA-covered service providers

  • Regular review of access logs and security practices

Despite these measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

If we discover a security breach affecting your personal information, we will notify you and applicable authorities as required by law.

 

8. Your rights and choices

Right to access, correct, or delete your data

You may request to:

  • Know what personal information we have about you

  • Receive a copy of that information

  • Correct inaccurate information

  • Delete your information (subject to legal retention requirements, particularly for medical records)

To make a request, email office@minneapolisgenetics.com. We will respond within 30 days. We may need to verify your identity before fulfilling your request.

Opt-out rights

  • Email communications: [If you send any marketing or newsletter emails, every email must include an unsubscribe link.] You may opt out of any non-essential email communication at any time.

  • Analytics: see Section 5 for cookie management options.

  • We do not engage in targeted advertising, so there is nothing to opt out of in that regard.

State-specific rights

If you are a resident of California, Colorado, Connecticut, Virginia, or other states with consumer privacy laws, you may have additional rights, including the right to know what categories of personal information we collect, the right to deletion, the right to data portability, and the right to non-discrimination for exercising your rights. Contact us at office@minneapolisgenetics.com to exercise these rights.

Children's privacy

Our services are not directed to children under 18. We do not knowingly collect personal information from children under 13 through our website. If you believe a child under 13 has provided us with personal information through the website, please contact us and we will delete it.

When a minor receives clinical services with appropriate parental or guardian consent, their PHI is governed by our Notice of Privacy Practices and applicable Minnesota law.

 

9. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this policy indicates when the most recent changes were made. Material changes will be communicated through a prominent notice on our website. We encourage you to review this policy periodically.

 

10. Contact us

Questions about this Privacy Policy, requests regarding your data, or concerns about our practices?

Minneapolis Genetics, PLLC Vaish Subramani, MGC, LCGC Email: office@minneapolisgenetics.com Phone: (612) 440-8269

bottom of page