GC
GuardianCryo
Legal Information

Privacy Policy

Last Updated: November 2025

Our Commitment to Privacy

GuardianCryo is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services or visit our website.

Information We Collect

Personal Information

  • Name, email address, phone number, and contact preferences
  • Clinic or organization affiliation
  • Transfer request details (origin, destination, material type)
  • Payment and billing information
  • Communication preferences and correspondence

Protected Health Information (PHI)

  • Patient consent forms and authorization documents
  • Medical records related to biological material transfers
  • Chain of custody documentation
  • Temperature and transport logs

Technical Information

  • IP address, browser type, and device information
  • Website usage data and analytics
  • Cookies and tracking technologies

How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To coordinate, execute, and complete biological material transfers
  • Communication: To respond to inquiries, provide quotes, and send service updates
  • Compliance: To maintain chain of custody records and meet regulatory requirements
  • Quality Assurance: To monitor and improve our services
  • Legal Obligations: To comply with applicable laws and regulations
  • Safety and Security: To protect against fraud and unauthorized access

HIPAA Compliance

As a business associate under the Health Insurance Portability and Accountability Act (HIPAA), we maintain strict safeguards to protect Protected Health Information (PHI):

  • All PHI is encrypted in transit and at rest
  • Access to PHI is restricted to authorized personnel only
  • We execute Business Associate Agreements (BAAs) with covered entities
  • Regular security audits and risk assessments are conducted
  • Staff receive ongoing HIPAA training and certification
  • Breach notification procedures are in place as required by law

Data Security Measures

We implement industry-standard security measures to protect your information:

Technical Safeguards

  • • 256-bit SSL/TLS encryption
  • • Secure cloud infrastructure
  • • Regular security updates
  • • Intrusion detection systems

Administrative Safeguards

  • • Role-based access controls
  • • Background checks for staff
  • • Confidentiality agreements
  • • Incident response procedures

Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share information only in these circumstances:

  • With Your Consent: When you authorize us to share information with third parties
  • Service Providers: With trusted partners who assist in our operations (under strict confidentiality agreements)
  • Regulatory Compliance: When required by law, court order, or regulatory agencies
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with continued protection)
  • Safety and Protection: To protect rights, property, or safety of GuardianCryo, clients, or others

Your Privacy Rights

You have the following rights regarding your personal information:

  • Access: Request copies of your personal information
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal requirements)
  • Restriction: Request restriction of processing in certain circumstances
  • Portability: Request transfer of your information to another provider
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise these rights, contact us at [email protected]

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy and to comply with legal obligations:

  • Transfer records: Retained for 10 years (regulatory requirement)
  • Financial records: Retained for 7 years (tax and accounting purposes)
  • Marketing communications: Until you unsubscribe
  • Website analytics: Retained for 26 months

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

  • Essential Cookies: Required for website functionality
  • Analytics Cookies: Help us understand website usage
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.

GDPR Compliance

GuardianCryo complies with the European Union's General Data Protection Regulation (GDPR). If you are located in the European Economic Area (EEA) or if GDPR applies to our processing of your personal data, you have specific rights and protections.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our cryogenic transport services
  • Legal Obligation: Compliance with HIPAA, IATA, DOT, and other regulations
  • Legitimate Interest: Improving our services, security, and fraud prevention
  • Consent: Marketing communications and optional data processing (you can withdraw anytime)

Your GDPR Rights

Under GDPR, you have the following rights:

  • Right to Access: Obtain confirmation and a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing for direct marketing or legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing
  • Right to Lodge a Complaint: File a complaint with your data protection authority

Exercise Your Rights: Visit our Data Rights page or email [email protected]

International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA, including the United States. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Appropriate safeguards in compliance with GDPR Article 46

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact our DPO at [email protected] for any questions about your data rights or our data protection practices.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Specific retention periods include:

  • Service Records: 7 years after service completion (regulatory requirement)
  • Marketing Consents: Until consent is withdrawn
  • Quote Requests: 2 years if no service is provided

Questions About This Privacy Policy?

If you have questions or concerns about our privacy practices, please contact us:

Email: [email protected]

Phone: +1 (858) 808-2796

Address: GuardianCryo, 1827 Richmond PKWY, Richmond TX 77469