Privacy Policy
Privacy Policy for website users
Effective as of August 6, 2025.
Prolacta Bioscience®, Inc. (for company address, please see "Contact Us" section below, and for company representative, please see here) is the world’s leading hospital provider of 100% human milk-based nutritional products.
We believe that protecting the Personal Data (defined below) of those we may interact with is vitally important. We believe that you should know what we do with your data, who we share it with, and the business reason for sharing it.
Prolacta will not sell your Personal Data, as this term is conventionally defined. We are dedicated to advancing the science of human milk, not selling Personal Data.
Purpose
This Privacy Policy (“Policy”) describes the privacy practices of Prolacta Bioscience, Inc. and all our corporate partners and affiliates (collectively, “Prolacta”, “we”, “us”, or “our”) and applies to the Sites (defined below) under applicable global privacy laws. This Policy describes how we collect, use, share, and otherwise process individually identifiable data about visitors to this Site (defined below), contact persons of our customers, prospects, distributors, sales representatives, vendors, investors, suppliers, human milk donors, infants and individual end-users of Prolacta products or services ("Personal Data").
Scope
For ease of use, when we refer to “Site” or “Sites” we are referring to any and all of the Prolacta-owned sites (Prolacta.com, prolacta.uk, prolacta.de, prolacta.asia, tinytreasuresmilkbank.com, helpinghandsbank.com, humanmilkscience.org and preemiemilkbank.com) as well as offline through contact forms and other communications. This Policy describes how we collect, use, disclose, and otherwise process Personal Data in connection with the Site(s) on which we post or link to this Policy (the “Sites”) and explains the rights and choices available to individuals with respect to their Personal Data.
This Policy does not apply to any information that you may provide directly to third parties including via links appearing on the Site.
Personal Data about our employees, contractors, and other Prolacta temporary workers are addressed through internal company policies and procedures, and are outside the scope of this Policy.
For the privacy policy applicable to recruiting and job candidates, please reach out to Prolacta separately using the contact information below.
Summary of Key Points
| 1. Collection | We collect name, contact details, and other Personal Data related to our products and services. Learn more below. |
| 2. Use | We use Personal Data to provide our products and services and respond to inquiries, to manage accounts and maintain business operations, to provide relevant marketing and targeted advertising, and to fulfil other business and compliance purposes. Learn more below. |
| 3. Disclosure | We disclose Personal Data as necessary to provide our products and services and respond to requests, and to fulfil other business and compliance purposes. Learn more below. |
| 4. Marketing Choices | You have control over how we use Personal Data for direct marketing. Learn more below. |
| 5. Data Security | We maintain technical and organizational measures to protect Personal Data from loss, misuse, alteration, or unintentional destruction. Learn more below. |
| 6. Cross-border Data Transfers | We provide appropriate protections for cross-border transfers of Personal Data where specified by law. Learn more below. |
| 7. Retention | We retain your Personal Data for as long as necessary to fulfil the purposes we collected it for. Learn more below. |
| 8. Data Subject Rights | Certain applicable global privacy laws, give residents certain rights to request access, rectification, deletion, or other actions regarding their Personal Data. Learn more below. |
| 9. Other | We provide other information in this Privacy Policy about the Personal Data we do and do not collect. Learn more below. |
| 10. Changes to this Privacy Policy | We may update this Privacy Policy from time to time, as required by applicable law. Learn more below. |
| 11. Contact Us | Please contact us as detailed below with any questions. Learn more below. |
1. Collection for Personal Data
Basic Data: Name, title, company, job responsibilities, hospital affiliation, phone number, mailing address, email address, contact details, date of birth and infant date of birth for the Milk Resourcing team, physician and pediatrician contact information for the Milk Resourcing team, and recordings in certain limited circumstances, where you have provided consent.
Credit Card Data: Includes credit card number and other payment information collected in limited circumstances from our business customers.
Device Data: Computer Internet Protocol (IP) address, unique device identifier (UDID), cookies and other data linked to a device, and data about usage of our Site and communications (Usage Data). Note, however, we do not consider Device Data to be Personal Data except where we link it to you as an individual or where applicable law requires.
Marketing Data: Computer Internet Protocol (IP) address, unique device identifier (e.g., MAC address), cookies and other data linked to a device, and data about usage of our Site and communications (Usage Data).
Network Data: Includes network name, network type, captive portal options, browser type, browser language, and telemetry information, among others. Note, however, we do not consider Network Data to be Personal Data except where we link it to you as an individual or where applicable law requires.
Registration Data: Newsletter requests, subscriptions, downloads, and username/passwords.
Other Data: any Personal Data you voluntarily provide to us, including any information you voluntarily provide in the section “What are your nutritional goals?” as well as information about you that is linked to the Personal Data above, such as inquiry and communication information when you contact us.
Sensitive Data. In limited circumstances, certain Personal Data that we collect may be considered “sensitive” within the meaning of applicable laws, such as government identifiers.
2. How We Use Your Personal Data
| Purpose of Use | Categories of Personal Data |
|---|---|
| Provide the products and services you requested, respond to your inquiries, and allow Prolacta to contact you. | Basic Data, Registration Data, Device Data, Network Data, and Biometric Data |
| Manage your accounts and maintain our business operations. | Basic Data, Registration Data, and Device Data |
| Make our Site more personal, intuitive and easy to use. | Device Data |
|
Protect the security and effective functioning of our Site and information technology systems. |
Basic Data, Registration Data, and Device Data |
| Process payment for requested products or services. | Credit Card Data |
| Make our Site and products more personal, intuitive and easy to use. | Device Data |
| Configure, manage and provision network elements | Network Data, Device Data |
| Protect the security and effective functioning of our products, Site and information technology systems. | Basic Data, Registration Data, and Device Data |
| Provide relevant marketing and targeted advertising about our or our affiliates' products and services, or promotions that we are developing, and opportunities that may be available to you. | Basic Data, Registration Data, Device Data, and Marketing Data |
| Set up, securely access, troubleshoot, and measure user experience. | Basic Data, Registration Data, Device Data, End-Client Data, Network Data |
| For the Milk Resourcing team. | Basic Data, Biometric Data, Other Data |
| Address our compliance, fraud prevention, safety, and legal obligations and exercise our legal rights. | Basic Data, Registration Data, and Device Data |
3. Disclosure of Personal Data
We disclose Personal Data to the following categories of recipients:
Affiliates
We may disclose your Personal Data specified in Section 1 above to our corporate partners and affiliates with which we have a commercial alliance. Our corporate partners and affiliates use the Personal Data for purposes specified in Section 2 above. For a list of corporate partners and affiliates with whom we share Personal Data, please contact us. Prolacta Bioscience, Inc. is responsible for management of the Personal Data shared with our corporate partners and affiliates.
Service providers
We may employ third-party companies and individuals (collectively, “service providers”) to perform services on our behalf, including:
- Data storage and analytics companies
- Technology services and support (including email and web hosting providers, marketing and advertising technology providers, email and text communications providers, mobile app developers)
- Providing items of appreciation or similar services
These service providers may use your Personal Data only as directed by Prolacta and in a manner consistent with this Policy and are prohibited from using or disclosing your Personal Data for any other purpose.
Internal professional advisors
We may disclose your Personal Data to professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services that they render to us.
Compliance with laws and law enforcement, protection, and safety
We may disclose your Personal Data to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern our websites, products, and services; (d) protect our rights, privacy, safety, or property, as well as that of you or others; and (e) protect, investigate, and deter against fraudulent, harmful, unauthorized, unethical, or illegal activity.
Business transfers
We may sell, transfer, or otherwise share some or all of our business or assets, including your Personal Data, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization, sale of assets, or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honor this Policy.
If you have questions about the parties to whom we disclose Personal Data, please contact us as specified below.
4. Marketing
You have control regarding our use of your Personal Data for directing marketing. If you no longer wish to receive any marketing communications, remain on a mailing list to which you previously subscribed, or receive any other marketing communication, you can choose to not receive such communications at any time. Please follow the unsubscribe link in the relevant communication, or contact us as detailed below.
5. Security
The security of your Personal Data important to us. We will take reasonable steps, proportionate to the sensitivity of the Personal Data, to protect Personal Data we collect, both during transmission and once we receive it from loss, misuse, unauthorized access, disclosure, alteration, or destruction. We have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure Personal Data from loss, misuse, and unauthorized access or disclosure, alteration, or destruction such as role based access controls, user authentication / authorization, logging mechanisms and physical access and security access controls.
We will only process and use Personal Data in a way that is compatible with and relevant to the purposes for which it was collected, or authorized by you, including the purposes set out above. To the extent necessary for those purposes, we will take reasonable precautions to ensure that Personal Data is accurate, complete, and current. Additionally, Personal Data may be retained in a form identifying or making identifiable individuals only for as long as it serves a purpose for which the data was collected or as authorized by the individual.
6. Cross-border Data Transfers
Prolacta is headquartered in the United States and has affiliates and service providers in other countries. Your Personal Data is processed in the United States or other locations outside of your country of residence where privacy laws may not provide the same level of data protection as those in your jurisdiction.
However, we have taken appropriate security measures as listed above in Section 5 “Security" to ensure that your Personal Data will remain protected in accordance with this Policy.
Whenever we transfer your Personal Data originating from a jurisdiction outside the United States (e.g., the EU and the UK) to countries not deemed to provide an adequate level of personal data protection, we implement standard contractual clauses, and other appropriate safeguards that allow us to conduct the transfer in accordance with applicable law.Where required by such laws, you may request a copy of the suitable mechanisms we have in place by contacting us as detailed below in Section 10 (“Contact Us”).
To the extent required by applicable law, only the minimum necessary Personal Data will be transferred outside of your jurisdiction.
7. Retention
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data, whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, we may anonymize your Personal Data (so that it can no longer be associated with you) in which case we may use this data for as long as necessary without further notice to you.
8. Your Rights
US States
If you are a resident of California, please visit: https://www.prolacta.com/en/california-privacy-statement/
If you are a resident of another US state that has applicable privacy laws, including but not limited to, Colorado, Delaware, Oregon or Virginia, you may have the right to obtain confirmation that we maintain certain Personal Data relating to you, to verify its content, origin, and accuracy, as well as the right to access your Personal Data, request updates or corrections to your Personal Data, request deletion or portability of your Personal Data. You may also have the right to obtain the identities of the third parties to whom we disclose your Personal Data. You may also request restriction of the processing, including for targeted advertising. Additionally, in certain states you may have the right to opt-out of the “sale” of your Personal Data, as the term is defined under applicable law.
In some states, you can designate an authorized agent to make a request on your behalf. Please note that we may need to retain certain information for recordkeeping purposes, to complete any transactions that you began prior to your request, or for other purposes as required or permitted by applicable law. In any event, should you choose to exercise any of your rights as detailed above, we will not discriminate against you by offering you different pricing or products, or by providing you with a different level or quality of products, based solely upon this request.
European Economic Area (EEA), Switzerland, and the United Kingdom (UK)
If you are a resident of the EEA, Switzerland, or the UK, where required by applicable law (such as the EU General Data Protection Regulation), you may have the right to obtain confirmation that we maintain certain Personal Data relating to you, to verify its content, origin, and accuracy, as well as the right to access your Personal Data, request their update, integration or completion, request deletion or portability of your Personal Data. You may also object to the processing of your Personal Data or request restriction of the processing, as well as withdraw your consent to the processing of Personal Data
(without affecting the lawfulness of processing based on consent before its withdrawal).
You may also have the right to lodge a complaint with the relevant data protection supervisory authority. You always have the right to object to the processing of your Personal Data for direct marketing purposes at any time.
Australia and New Zealand
If you are a resident of Australia or New Zealand, where required by applicable law, you may have the right
to verify the content, origin, and accuracy of the Personal Data we hold about you, as well as the right to access your Personal Data and request the correction/rectification of incomplete or inaccurate Personal Data.
If you do not provide us with your Personal Data, we may not be able to provide you with our services, If you want to exercise your privacy rights, or if you have a complaint about the way we have handled privacy issues, including your rights with respect to your Personal Data as detailed above, you should contact us as detailed under the "Contact Us" section below. We will consider your complaint, determine whether it requires further investigation, and notify you of the outcome of the investigation as appropriate. You may also contact the relevant data protection authority for guidance on alternative courses of action.
Japan
If you are a resident of Japan, where required by applicable law, you may have the right to access the Personal Data we hold about you, as well as the right to request the correction/rectification of incomplete or inaccurate Personal Data about you, request deletion of your Personal Data, and request the cessation of processing and transferring of your Personal Data to third parties.
If you wish to exercise any of these privacy rights, or if you have a complaint about the way we have handled your Personal Data, you may contact us as detailed under the "Contact Us" section below.
Middle East
If you are a resident in the UAE or Saudi Arabia, where required by applicable data protection law, you may have the right to obtain confirmation that we process certain Personal Data relating to you, to verify its content, origin, and accuracy, as well as the right to access your Personal Data, request their update, integration or completion, request deletion or, under UAE data protection law, portability of your Personal Data. In accordance with the applicable data protection law, you may also object to the processing of your Personal Data or request restriction of the processing, as well as withdraw your consent to the processing of Personal Data (without affecting the lawfulness of processing based on consent before its withdrawal).
You may also have the right to lodge a complaint with the relevant data protection supervisory authority. You have the right to revoke your consent to the processing of your Personal Data for marketing purposes at any time.
You can exercise any of the rights listed above, as applicable, and submit these requests by email to privacy@prolacta.com or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why subject to legal restrictions. If you would like to submit a complaint about our use of your Personal Data or response to your requests regarding your personal data, you may contact us as described above or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here for residents of European Commission countries and here for residents of Saudi Arabia.
9. Other
(i) Legal Basis for Processing
The legal bases for our processing of your Personal Data are described below.
Some jurisdictions require an explanation of the legal basis for the collection and processing of Personal Data. We have several different legal grounds on which we collect and process Personal Data, including, without limitation: (a) as necessary to perform a transaction (such as in order to provide the products and services you requested); (b) as necessary to comply with a legal obligation (such as when we use Personal Data for record keeping to substantiate tax liability); (c) consent (where you have provided consent as appropriate under applicable law, such as for direct marketing or certain cookies); and, where permitted under the applicable law, (d) necessary for legitimate interests (such as when we act to maintain our business generally, including maintaining the safety and security of the Site). With respect to legitimate interests, we typically collect and process limited Personal Data about customer contacts as well as Personal Data of our human milk donors and other individuals.
(ii) Other Sites and Services
For your convenience and information, we may provide links to sites and other third-party content that are not owned or operated by Prolacta. These links are not an endorsement, authorization, or representation that we are affiliated with that third party. We do not exercise control over third-party sites or services and are not responsible for their actions. Other sites and services follow different rules regarding the use or disclosure of the personal data you submit to them. We encourage you to read the privacy policies of the other sites you visit and services you use.
(iii) What are the consequences of not providing Personal Data?
You are not required to provide all Personal Data identified in this Policy to use our Site or to interact with us offline, but certain functionality will not be available if you do not provide certain Personal Data. If you do not provide certain Personal Data, we may not be able to respond to your request, perform a transaction with you, or provide you with marketing that we believe you would find valuable.
(iv) Do we engage in automated decision-making without human intervention?
We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.
(v) Does the Site honor do not track ("DNT") signals sent via browsers?
Given the divergent practices of organizations that offer browsers and the lack of a standard in the marketplace, we do not respond to DNT signals at this time.
10. Changes to this Privacy Policy
We reserve the right to modify this Policy at any time, by publishing a new version on our Sites. You can see the date of the last revision at the beginning of this policy.
11. Contact Us
Prolacta is the controller of your Personal Data covered by this Policy. If you have any questions or concerns about our Policy or privacy practices, please contact us at:
Prolacta Bioscience, Inc.
1800 Highland Avenue
Duarte, CA 91010
Attention: Privacy
privacy@prolacta.com
626-599-9260
Prolacta’s EU representative, Vincent Gaspar, can be reached at vgaspar@prolacta.com.