Low T 99, LLC (“Low T 99,” “us,” “we,”” ours”) takes privacy very seriously. When using our
website, https://mensdirectrx.com, we collect your Personal Information (“PII”) solely for the
purpose of order fulfillment and support. We also share a commitment with our Covered
Entities to protect the privacy and confidentiality of Protected Health Information (“PHI”)
obtained and subject to the terms of a Business Associate Agreement and under the Health
Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended, as well as by the
Health Information Technology for Economic and Clinical Health (HITECH) Act (collectively,
“HIPAA/HITECH”).
We hope this Privacy Policy helps you better understand how we collect and use Personal
Information as well as how we use, disclose, and protect Protected Health Information in
accordance with the terms of Business Associate Agreements.
If you do not agree to this Privacy Policy or our terms of service, please do not use the Services
of Men’s Direct RX or its website.
Definitions
· “Business Associate” (“BA”) shall mean an entity that performs functions or activities
on behalf of a Covered Entity when those services involve access to, or the use or
disclosure of, Protected Health Information. For this Privacy Policy, Low T 99, LLC is
the Business Associate.
· “Business Associate Agreement” (“BAA”) shall mean a formal written contract
between a BA (Low T 99, LLC) and a Covered Entity that requires the BA to comply
with specific requirements related to PHI.
· “Covered Entity” shall mean a health plan, healthcare provider, or healthcare
clearinghouse who electronically transmit any health information in connection with
transactions for which the U.S. Department of Health and Human Services (“HHS”) has
adopted standards, and in which these entities must comply under the HIPAA Privacy
Rule.
· “Personal Information” (“PII”) shall mean any representation of information that
permits the identity of an individual to whom the information applies to be
reasonably inferred by either direct or indirect means.
· “Protected Health Information” (“PHI”) shall mean any information in a medical
record or designated record set that can be used to identify an individual and that was

created, used, or disclosed in the course of providing a health care service such as
diagnosis or treatment for that individual.
· “Services” shall mean the treatment services managed by Low T 99 and provided via
our website, Men’s Direct RX, at https://mensdirectrx.com.

Collection, Use, and Disclosure
PII
While using our Services, we may ask you to provide us with certain personally identifiable
information (“PII”) that can be used to contact or identify you. PII may include, but is not
limited to, your email address, name, phone number, postal address, and other information.
We collect and use this information for the sole purpose of providing the Service, identifying,
and communicating with you, responding to your requests/inquiries, servicing your purchase
orders, and improving our Services. Your PII is used for no other purpose and is not sold to any
third parties.
We may use PII internally for our own internal management, administration, data aggregation
and legal obligations, and may need to disclose this information for law enforcement purposes
as required by law or in response to a valid subpoena.

PHI
Low T 99 uses or discloses your personal health information (“PHI”) on behalf of, or to provide
services to, Covered Entities for purposes of performing our obligations under service
agreements to Covered Entities, provided that such use or disclosure is permitted or required
by the Business Associate Agreement and not in violation of HIPAA/HITECH.
We may use PHI internally for our own internal management, administration, data aggregation
and legal obligations, but only to the extent such use of PHI is permitted or required by the
applicable Business Associate Agreement and would not violate HIPAA/HITECH.
We may disclose PHI for law enforcement purposes as required by law or in response to a valid
subpoena.
We may need to disclose PHI to subcontractors or agents that provide supporting services to
us; but require these subcontractors and agents to comply with the same terms and conditions
that apply under the respective Business Associate Agreement and PHI, including the
implementation and maintenance of required safeguards.

Other uses and disclosures not described in this Privacy Policy will be made only with your
express written authorization.
Online Tracking of PII
Cookies
Cookies are files with a small amount of data, which may include an anonymous unique
identifier. Cookies are sent to your browser from a web site and transferred to your device. We
use cookies to collect information in order to improve our Services for you.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.
The Help feature on most browsers provide information on how to accept cookies, disable
cookies or to notify you when receiving a new cookie.

If you do not accept cookies, you may not be able to use some features of our Service.
“Do Not Track” Disclosure
We support Do Not Track (“DNT”). DNT is a preference you can set in your web browser to
inform websites that you do not want to be tracked.

You can enable or disable DNT by visiting the Preferences or Settings page of your web
browser.
Log Data
We may also collect information that your browser sends whenever you visit our Service (“Log
Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”)
address, browser type, browser version, the pages of our Service that you visit, the time and
date of your visit, the time spent on those pages and other statistics.

In addition, we may use third party services such as Google Analytics that collect, monitor, and
analyze this type of information in order to increase our Service’s functionality. These third-
party service providers have their own privacy policies addressing how they use such
information.
Revocation of Your Consent to Collection, Use and Disclosure
PHI
Certain uses and disclosures of PHI are performed only with your express, written consent.

Your written authorization is required for any use or disclosure of PHI not for treatment,
payment, or health care operations, or otherwise permitted or required by the HIPAA Privacy
Rule.
You may revoke your consent to use or disclose your PHI at any time by sending written
revocation of your consent of processing your PHI to us at legal@lowt99.com. Any and all PHI
processed before we receive your revocation of consent will be considered legally processed
with your consent.
You may also request that all of your PHI be removed from our systems and processes by
sending a written request for removal and destruction of all your data to us at
legal@lowt99.com. Upon receipt, Low T 99 will remove your PHI completely and permanently
EXCEPT only if needed for any legal, compliance, regulatory, or other legitimate reasons.
Individual Rights
PII
We are committed to complying with all applicable data protection laws that apply to its
processing of Personal Data.  This Privacy Policy applies universally unless it conflicts with
jurisdictional laws, in which case Low T 99 will process PII in accordance with those laws to the
extent they apply.  While this privacy statement is designed, in part, to satisfy the requirements
of the California Consumer Privacy Act (CCPA) as amended, and other applicable data
protection laws and regulations, and to apply standards which are generally consistent with
those laws and regulations, this Privacy Policy does not create rights under those data
protection laws and regulations for individuals whose Personal Data is being processed outside
the scope of the application of those laws and regulations. Under applicable data protection
laws and regulations, an individual may have various rights in relation to their Personal Data.
For California residents and where the CCPA applies to an individual’s PII, they may have the
right to:
· Know about the PII collected about them and how it is used or shared;
· Delete PII collected from them (with some exceptions);
· Opt-out of the sale or sharing of their PII;
· Face no discrimination for exercising their CCPA rights;
· Correct inaccurate information; and
· Limit the use and disclosure of sensitive information collected about the individual.
Low T 99 will try to honor all requests to the fullest extent possible and as required by the
CCPA. An individual who falls under CCPA may have the right to act with either the California
Attorney General or, as of July 1, 2023, the California Protection Agency.

PHI
Similar to PII, an individual has certain rights to their PHI data under the HIPAA/HITECH
provisions as enforced by HHS, including the rights to request information about their PHI as
well as actions an individual may exercise.
You have the right to request information about:
· The purpose of the use and disclosure of your PHI;
· Our legal basis for the use and disclosure of your PHI;
· Categories of PHI and the subjects concerned;
· The type or identity of third parties to which your PHI may be disclosed and the
protections provided;
· The source of your PHI (directly or indirectly provided);
· The period for which your PHI will be stored; and
· The method in which your PHI will be permanently and completely removed.
You also have the right to:
· Access your PHI;
· Correct your inaccurate PHI;
· Request erasure of your PHI;
· Restrict the processing of your PHI;
· Object to the processing of your PHI;
· Request your PHI to be moved (data portability);
· Opt-out of PHI being transferred to a third party, unless there is a legal reason to do so;
and
· Opt-out of direct marketing.
To exercise your PHI rights, please contact us at legal@lowt99.com or the U.S. Department of
Health and Human Services.
Requests for Access
Requests for access to your PII or PHI, requests to amend your PII or PHI, or requests for an
accounting of disclosures of your PII or PHI shall be in writing to us at legal@lowt99.com. In the
event that we deny any request, the response will include an explanation as to why access was
denied. The denial of your request may be based on a number of reasons, including that PII or
PHI that is not part of a designated record set or if anticipated for use in a legal or
administrative action proceeding.
Cooperation with Covered Entities Under HIPAA/HITECH

Per the BAA, we make available to Covered Entities information necessary to give individuals
their rights of access, amendment, and accounting in accordance with HIPAA regulations.
Upon request, we will make our internal practices, books, and records, including policies and
procedures, relating to the use and disclosure of PHI received from, or created or received by
the Business Associate on behalf of a Covered Entity, available to the Covered Entity or the
Secretary of the HHS to ensure compliance with the terms of the BAA and HIPAA regulations.
Legal
Low T 99 lawfully obtains personal information from individuals via their consent and for the
limited sole purpose of contact information, correspondence, order fulfillment and support,
and post-sale activities to form the legal basis for the collection and use of PII. We also use PII
to support our Services to our customers, improve these Services, and fulfill our contractual
obligations with our customers. An individual’s PII is used for no other purpose and is not sold
to any third-party. Any misuse or unauthorized access to an individual’s PII will be addressed
immediately and reported to the relevant authorities as well as to our customers.
Our legal responsibilities pertaining to PHI, as a Business Associate, include the following:
· Entering into a written BAA with our Covered Entities that requires us to maintain the
privacy of PHI, limit our use or disclosure of PHI to those purposes authorized by the
Covered Entities, and assist Covered Entities in responding to your requests concerning
your PHI;
· Complying with Privacy Rule provisions, including rules governing the uses and
disclosure of PHI and your rights concerning your PHI;
· Making certain disclosures available to a Covered Entity in order for the Covered Entity
to fulfill its obligation to you to provide accountings of certain disclosures to you;
· Entering into a BAA with each of our subcontractors who may have access to your PHI;
· Amending PHI relating to you when requested by a Covered Entity;
· Performing a Security Rule risk analysis; implementing Security Rule safeguards; training
personnel concerning the HIPAA Rules;
· Responding immediately to any security violation or breach; and
· Timely reporting of security incidents and breaches; maintaining required
documentation.

Safeguards
We use appropriate safeguards to prevent the unauthorized use or disclosure of PII and PHI.
We have implemented administrative, physical, and technical safeguards that reasonably and
appropriately protect the confidentiality, integrity, and availability of the personal information
we collect as well as the electronic protected health information that we receive, maintain, or
transmit on behalf of a Covered Entity.
Mitigation of Harm
Any unauthorized collection, use or disclosure of PII or PHI data will be addressed by our task
force identifying the source of the incident, securing the logical and physical areas, eliminating
the vulnerabilities, coordinating with any third-parties, performing internal assessments, and
reporting to potentially impacted individuals as well as to the relevant authorities.
In the event of a use or disclosure of PHI that violates the BAA requirements, we will mitigate,
to the extent practicable, any harmful effect resulting from the violation. Such mitigation will
include:
· Reporting any use or disclosure of PHI not provided for by the BAA and any security
incident of which we become aware to the Covered Entity; and
· Documenting such disclosures of PHI and information related to such disclosures as
would be required for Covered Entity to respond to a request for an accounting of
disclosure of PHI in accordance with HIPAA.
Children
Only individuals aged 18 or older have permission to access our Service and is not intended for
any individuals under that age.
We do not knowingly collect, use, or disclose PII or PHI from children under 13. If you are a
parent or guardian and you learn that your Children have provided us with PII or PHI, please
contact us at legal@lowt99.com and we will take the necessary steps to permanently remove
that information.
Changes to Our Privacy Policy
We may change or update our Privacy Policy and we reserve the right to make changes or
updates at any time. If we make material changes to the way we process your information, we will provide notification via our services or other communication channels.