Introduction
Global Blue Health (“GBH,” “we,” “us,” or “our”) is a healthcare growth consultancy that helps Med Spas, Assisted Living Facilities, Clinics, and International Medical Tourism Centers grow their practices. We respect your privacy and are committed to protecting the personal information you share with us.
This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding that information. It applies to all visitors and users of our website (www.globalbluehealth.com), our communications, and our services.
Please read this policy carefully. By using our website or providing your information to us, you acknowledge that you have read and understood this Privacy Policy.
1. Information We Collect
1.1 Information You Provide Directly
When you fill out a form, request a Growth Scorecard, subscribe to our newsletter, or contact us, we may collect:
- Contact information: Full name, email address, phone number
- Business information: Company name, job title, business type, website URL
- Service information: Details about your practice, growth goals, areas of interest
- Communications: Messages, questions, or feedback you send us
- Consent records: Your opt-in choices, including timestamps and the specific consent language you agreed to
1.2 Information Collected Automatically
When you visit our website, we automatically collect:
- Device and browser information: Browser type, operating system, screen resolution
- IP address: Your internet protocol address
- Usage data: Pages visited, time spent on pages, click patterns, referring URL
- Cookies and similar technologies: See Section 8 (Cookie Policy) below
1.3 Information from Third Parties
We may receive information about you from:
- Business directories and professional networks (e.g., LinkedIn)
- Event organizers (e.g., conferences or summits you attended where we were present)
- Referrals from existing clients or partners
2. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Respond to your inquiries and provide requested services | Performance of a contract / Legitimate interest |
| Deliver Growth Scorecards and consultations | Performance of a contract |
| Send marketing emails about growth strategies, industry insights, and service updates | Consent |
| Send SMS/text messages about appointments, updates, and marketing | Consent (TCPA) |
| Improve our website and user experience | Legitimate interest |
| Analyze website traffic and marketing effectiveness | Legitimate interest / Consent |
| Comply with legal obligations | Legal obligation |
| Prevent fraud and protect our business | Legitimate interest |
We will never sell your personal information to third parties.
3. SMS/Text Messaging
3.1 What You’re Consenting To
When you opt in to receive SMS/text messages from Global Blue Health, you agree to receive messages related to:
- Appointment reminders and confirmations
- Growth strategy tips and insights
- Service updates and promotions
- Follow-ups on consultations or inquiries
3.2 Message Frequency and Costs
- Message frequency varies. You may receive up to 4 messages per month.
- Message and data rates may apply. Contact your wireless carrier for details about your text plan.
3.3 How to Opt Out of SMS
You can opt out of SMS messages at any time by:
- Replying STOP to any message from us
- Emailing us at privacy@globalbluehealth.com
- Calling us at the number listed in Section 15
After you opt out, you will receive one final confirmation message. You will not receive any further SMS messages from us unless you opt in again.
3.4 Help
Reply HELP to any message for assistance, or contact us at privacy@globalbluehealth.com.
3.5 Supported Carriers
Major US carriers are supported including AT&T, Verizon, T-Mobile, Sprint, and others. Carrier messaging may not be available in all areas.
3.6 TCPA Compliance
We comply with the Telephone Consumer Protection Act (TCPA). We will only send text messages to individuals who have provided express written consent. Consent is not a condition of purchase.
4. Email Marketing
4.1 What We Send
When you subscribe or opt in, we may send you:
- Weekly healthcare growth insights and newsletters
- Growth strategy tips and case studies
- Service announcements and updates
- Event invitations
- Growth Scorecard results and follow-ups
4.2 CAN-SPAM Compliance
All marketing emails from Global Blue Health:
- Clearly identify GBH as the sender
- Include a valid physical postal address
- Include a clear and conspicuous unsubscribe mechanism
- Honor unsubscribe requests within 10 business days
- Use accurate subject lines and “From” information
4.3 How to Opt Out of Email
You can opt out of marketing emails at any time by:
- Clicking the “Unsubscribe” link at the bottom of any email
- Emailing us at privacy@globalbluehealth.com
- Visiting our unsubscribe page at www.globalbluehealth.com/unsubscribe
Opting out of marketing emails will not affect transactional emails related to active service engagements.
5. Data Sharing and Third Parties
We share your information only with the following categories of service providers, and only as necessary to operate our business:
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Twilio | SMS messaging delivery | Phone number, message content |
| Instantly | Email marketing and outreach | Email address, name, company |
| n8n (self-hosted) | Workflow automation | Form submissions, consent records |
| Supabase | Database hosting and storage | All collected data |
| Google Analytics | Website analytics | IP address, usage data, cookies |
| Vercel / Hosting Provider | Website hosting | IP address, usage data |
We require all service providers to:
- Process your data only on our instructions
- Maintain appropriate security measures
- Not use your data for their own purposes
- Delete your data when no longer needed
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
6. Data Retention
We retain your personal information for the following periods:
| Data Type | Retention Period | Reason |
|---|---|---|
| Consent records | Minimum 5 years from date of consent | Regulatory compliance, audit trail |
| Client/prospect contact information | Duration of business relationship + 3 years | Business operations, legal obligations |
| Email marketing data | Until you unsubscribe + 30 days | Processing unsubscribe |
| SMS consent records | Minimum 5 years | TCPA compliance, Twilio verification |
| Website analytics data | 26 months | Analytics purposes |
| Cookie data | Varies by cookie (see Section 8) | Functionality and analytics |
After the retention period expires, we securely delete or anonymize your data.
7. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encrypted data transmission (HTTPS/TLS)
- Encrypted data storage
- Access controls and authentication
- Regular security reviews
- Secure third-party service providers
While we strive to protect your information, no method of transmission or storage is 100% secure. If you believe your information has been compromised, please contact us immediately.
8. Cookie Policy
8.1 What Are Cookies
Cookies are small text files stored on your device when you visit our website. They help us understand how you use our site and improve your experience.
8.2 Cookie Categories
| Category | Purpose | Examples | Required? |
|---|---|---|---|
| Essential | Core website functionality, security, and session management | Session cookies, CSRF tokens | Yes — cannot be disabled |
| Analytics | Understanding how visitors use our website | Google Analytics | No — opt-in required (EU/EEA) |
| Marketing | Tracking ad effectiveness and retargeting | Facebook Pixel, LinkedIn Insight | No — opt-in required (EU/EEA) |
8.3 Managing Cookies
You can manage your cookie preferences:
- Through our cookie consent banner when you first visit the site
- By adjusting your browser settings to block or delete cookies
- By using browser extensions that manage cookies
Note: Disabling essential cookies may impair website functionality.
9. International Data Transfers
Global Blue Health is based in the United States. If you are visiting our website or providing information from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States.
9.1 For EU/EEA Residents (GDPR)
If you are located in the European Union or European Economic Area, we process your data under the following legal bases:
- Consent: When you opt in to marketing communications
- Legitimate interest: For business operations and website improvement
- Contract performance: When delivering requested services
Your rights under GDPR include:
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate data
- Right to erasure (“right to be forgotten”): Request deletion of your data
- Right to restrict processing: Request that we limit how we use your data
- Right to data portability: Receive your data in a structured, machine-readable format
- Right to object: Object to processing based on legitimate interest
- Right to withdraw consent: Withdraw consent at any time without affecting prior processing
Data transfers from the EU/EEA to the US are conducted under appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission.
To exercise any of these rights, contact us at privacy@globalbluehealth.com. We will respond within 30 days.
9.2 For UK Residents (UK GDPR + PECR)
UK residents have equivalent rights under the UK General Data Protection Regulation and the Privacy and Electronic Communications Regulations. Contact us at privacy@globalbluehealth.com to exercise your rights.
9.3 For Canadian Residents (PIPEDA + CASL)
If you are located in Canada:
- We obtain your express consent before sending commercial electronic messages, as required by Canada’s Anti-Spam Legislation (CASL)
- You have the right to access and correct your personal information under PIPEDA
- You may withdraw consent at any time
9.4 For Japanese Residents (APPI)
Under Japan’s Act on Protection of Personal Information, we notify you of the purpose of use, handle data securely, and provide access upon request.
9.5 For Korean Residents (PIPA)
Under South Korea’s Personal Information Protection Act, we obtain explicit consent before collecting personal data, clearly state the purpose, and provide you with rights to access, correct, and delete your information.
9.6 For Colombian Residents (Law 1581 of 2012)
You have the right to know, update, rectify, and delete your personal data. We obtain your prior, express, and informed authorization before processing your data.
9.7 For Mexican Residents (LFPDPPP)
Under Mexico’s Federal Law on Protection of Personal Data Held by Private Parties, you have ARCO rights: Access, Rectification, Cancellation, and Opposition. Contact us at privacy@globalbluehealth.com.
9.8 For Vietnamese Residents (PDPD)
Under Vietnam’s Personal Data Protection Decree, we obtain your consent before processing personal data, ensure data security, and respect your right to access and delete your data.
9.9 For Panamanian Residents (Law 81 of 2019)
You have the right to access, correct, and delete your personal data. We process your data only with your informed consent and for the stated purposes.
9.10 For Norwegian and Swedish Residents
As EU/EEA member states, Norway and Sweden are covered under GDPR protections outlined in Section 9.1 above.
10. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to know: What personal information we collect, use, disclose, and sell
- Right to delete: Request deletion of your personal information
- Right to opt out of sale: We do not sell personal information, but you may still make this request
- Right to non-discrimination: We will not discriminate against you for exercising your rights
- Right to correct: Request correction of inaccurate personal information
- Right to limit use of sensitive personal information: Where applicable
To exercise your California privacy rights, contact us at privacy@globalbluehealth.com or call us at the number listed in Section 15.
We will verify your identity before processing your request and respond within 45 days.
11. HIPAA Notice
Global Blue Health is a growth consultancy — we are not a healthcare provider, health plan, or healthcare clearinghouse.
We do not collect, store, or process Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA).
Our services focus on business growth, marketing strategy, and operational consulting for healthcare businesses. We do not access, handle, or manage patient records, medical histories, treatment information, or any other PHI.
If you are a healthcare provider exploring our services, please do not include any patient information in your communications with us.
12. Children’s Privacy (COPPA)
Our website and services are intended for business professionals and are not directed at children under the age of 13 (or 16 in the EU/EEA).
We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 13, we will promptly delete it. If you believe we have collected information from a child, please contact us immediately at privacy@globalbluehealth.com.
13. Do Not Track Signals
Some browsers send “Do Not Track” (DNT) signals. There is currently no industry standard for how to respond to DNT signals. Our website does not currently respond to DNT signals, but we respect your cookie preferences as set through our cookie consent banner.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:
- We will update the “Last Updated” date at the top of this page
- We will post the updated policy on our website
- For significant changes, we may notify you via email or a prominent notice on our website
We encourage you to review this policy periodically.
15. Contact Us
If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about how we handle your data, please contact us:
Global Blue Health
- General Privacy: privacy@globalbluehealth.com
- Legal: legal@globalbluehealth.com
- General Inquiries: info@globalbluehealth.com
- Support: support@globalbluehealth.com
- Website: www.globalbluehealth.com
- Address: Global Blue Health, 418 Broadway # 6259, Albany, NY 12207
For GDPR inquiries, you may also contact us at privacy@globalbluehealth.com with the subject line “GDPR Request.”
If you are in the EU/EEA and are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority.
This Privacy Policy is provided for informational purposes and should be reviewed by a qualified attorney to ensure compliance with all applicable laws in your jurisdiction.