1. PERSONAL INFORMATION WE COLLECT
"In conducting every aspect of our business, we may collect personal information to help obtain your health data. The information we collect will vary depending on your interaction with us. Such information may include, without limitation: your name, addresses, email addresses, telephone numbers, date of birth, age, insurance information, gender, sex, protected health information, and other types of personal information that you choose to provide to us or that we may obtain about you. We collect personal information, as well as other information, in multiple ways. You are provided options to fill out information if you are comfortable sharing with our team when using our platform.
We will not share identifying information to any outside third parties that you are not aware of. You may delete your profile at any time and we will not keep copies of your data on our servers.
Information You Provide to Us: We collect information you provide to us. This may include, for example, when you request information or materials from us, visit or use our Sites, purchase our products or services, create an account in our application, register for an account on the customer portal, communicate with our customer service or sales teams, respond to a survey, or respond to our advertisements.
Information We Collect from Other Sources: We may collect information about you from a variety of third parties. For example, we may obtain information about you from: covered entities such as health plans, health insurance companies, health care providers and healthcare clearinghouses; organizations, universities and private clinics conducting research studies or clinical trials; companies that search for, provide, and/or aggregate information from public records, such as LexisNexis Risk Solutions and Accurint; state and federal government agencies, such as the IRS and Medicare/Medicaid; credit bureaus and credit reporting agencies, such as Equifax; your existing health, medical, provider, or insurance accounts when you grant permission to access your accounts or information; social media networks; and publicly-available sources and data suppliers from which we obtain data to validate or supplement the information we hold.
Information We Collect Automatically: When you use or visit our Sites, we collect some information automatically. For example, when you visit our website, we may collect device, usage and log information such as your computer’s operating system, Internet Protocol (IP) address, access times, browser type and language, the search engine you used to locate the website, and the website you visited before or after our site. In addition, we gather certain navigational information about where you go on our website to help us determine which areas of the website are most frequently visited and helps us to tailor the sites to the needs and interests of our online visitors. If you use our mobile applications or use our Services on a mobile device or tablet, we may also collect your device type, mobile phone number, operating system type, wireless carrier, and device IDs, on our mobile applications.
2. HOW WE USE PERSONAL INFORMATION
We use your personal information to help us assist you.
We may use your personal information to: Complete contracts as well as any disclosures or other documents required by law; Provide, develop, maintain, and improve our products and Services (e.g. evaluate the performance of our staff, assess the quality of our products and Services, and help us improve our website and processes);Process any applications, forms, requests, inquiries, or other information submitted to us; Send marketing communications, promotional offers, and periodic customer satisfaction, market research or quality assurance surveys; Communicate with you; Administer and process payments to you or from you; Create and update your customer account, including aggregating your health and medical records and treatment information; Allow creation, maintenance, customization, enrollment, registration, and securing of accounts on your behalf; Administer and support participation in sweepstakes, special offers, special pricing, discounts, and promotions; Personalize our products, websites, and Services, including content, ads and offerings; Perform research and analytical activities (e.g. identifying trends and the effectiveness of marketing campaigns); Solicit your participation in a clinical trial or research study; Conduct audits, security and fraud monitoring and prevention; Protect our legitimate business interests and legal rights; and Assist us with legal claims, compliance, regulatory and investigative purposes as necessary (including in connection with law enforcement investigations, legal process, or litigation).
We may also use personal information we have collected and aggregated or anonymized personal information for any purpose permitted by law. For example, we may use this information to understand more about our users, such as by analyzing aggregated information to calculate the percentage of our users who have a particular telephone area code. This includes demographic data, inferred commercial interests, and other information we may collect from you or from third parties.
3. HOW WE SHARE PERSONAL INFORMATION
We have strict data sharing policies. We share data when these two things happen:
1) upon express written consent from patient to monetize their personal health information AND
2) the receiver who has been previously verified as a commercial pharmaceutical company, healthcare provider or governmental body that complies with all requisite U.S. laws and regulations (federal, state, local etc.)
Sharing with Third Parties. We may share your personal information with third parties when you request that we do so or when it is necessary that we do so as described herein.
Service Providers. We may share your personal information with third parties who work on behalf of, or with, us such as vendors, processors, suppliers, agents, attorneys, management companies, consultants, staffing companies, and representatives (collectively, "Service Providers”). Service Providers assist us with a variety of functions including, but not limited to, sending communications, assisting with analytics, conducting research or surveys, sending regular mail and e-mail, maintaining databases, providing software applications, or processing credit card or debit card payments.
Clinical Trial Sponsors and Investigators. If you participate in a clinical trial or research study, we may share your personal information with the sponsor of the clinical trial or research study and the investigators involved in that trial or study or in related trials or studies.
Government Agencies. We may share your personal information with government agencies, law enforcement, or authorized third parties in response to a request relating to a civil or criminal investigation or other alleged illegal activity. We may also share your personal information with government agencies such as the Department of Defense and the Secretary of the U.S. Department of Health and Human Services.
Corporate Transactions. We may transfer your personal information in the event we: (i) sell or transfer, or are considering selling or transferring, all or a portion of our business or assets; or (ii) are considering or engaging in any reorganization, conversion, merger, sale, joint venture, assignment, transfer or disposition of all or any portion of our ownership interest, business or operations.
4. USE AND DISCLOSURE OF PROTECTED HEALTH INFORMATION
We share a commitment with third parties to protect the privacy and confidentiality of Protected Health Information (“PHI”) that we obtain subject to the terms of a Business Associate Agreement. A Business Associate Agreement is a formal written contract between us and a third party that requires us to comply with specific requirements related to PHI. We may use PHI for our management, administration, data aggregation and legal obligations to the extent such use of PHI is permitted or required by the Business Associate Agreement and not prohibited by law. We may use or disclose PHI on behalf of, or to provide services to, third parties for purposes of fulfilling our service obligations to third parties, if such use or disclosure of PHI is permitted or required by the Business Associate Agreement and would not violate the Privacy Rule. In the event that PHI must be disclosed to a subcontractor or agent, we will ensure that the subcontractor or agent agrees to abide by the same restrictions and conditions that apply to us under the Business Associate Agreement with respect to PHI, including the implementation of reasonable and appropriate safeguards. We may also use PHI to report violations of law to appropriate federal and state authorities.
5. PERSONAL INFORMATION OF CHILDREN
6. “DO NOT TRACK” DISCLOSURE
We do not collect or respond to Do Not Track signals and our websites do not function differently based on any Do Not Track preferences that may be received. For more information on Do Not Track signals, please visit https://allaboutdnt.com/.
7. ANALYTICS SERVICES
8. LINKING TO OTHER SITES
Our website may contain links to other sites that we do not own or operate. We do not control, recommend or endorse and are not responsible for these sites or their content, products, services or privacy policies or practices. These other sites may send their own cookies to your device, they may independently collect information about you or from you, and they may or may not have their own published privacy policies.
9. PROTECTION OF PERSONAL INFORMATION
We store your information using reasonable physical, technical and administrative safeguards. We identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to a covered entity or business associate; and document security incidents and their outcomes. All security incidents are identified and reported to our security team. The team takes the necessary precautions to mitigate the incident and notifies the parties involved in the incident. These incidents are documented internally and available upon request. Please be aware that the Sites and data storage are run on software, hardware and networks, any component of which may, from time to time, require maintenance or experience problems or breaches of security beyond our control. In addition, no transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under our control to intercept or access transmissions or private communications unlawfully. We cannot ensure or warrant the security of any information you transmit to us over the internet.
We retain your personal information for as long as necessary to provide our services and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements. If you access the Sites or utilize our services on behalf of an organization, we retain your organizational contact details after the termination of your organization’s transaction to continue to communicate with you. We will retain your data in accordance with all applicable laws and regulations unless you provide express written consent to revoke our access.
If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt out by contacting us by email at email@example.com or by following the instructions in any such email you receive from us. We will try to comply with your request as soon as reasonably practicable. If you opt out of receiving marketing emails from us, we may still send you important administrative messages, from which you cannot opt out.
12.LOCATION OF PROCESSING
Subject to applicable law, we will transfer personal information collected in connection with the use of our Sites or services to the United States for processing. By providing personal information to us or using the Sites, you acknowledge and consent to the transfer and processing of such information in the United States.
14. JURISDICTION-SPECIFIC PROVISIONS
The California Consumer Privacy Act. Terms used in this section and not otherwise defined have the meaning given to them under the California Consumer Privacy Act of 2018 (“CCPA”). We do not sell personal information collected about you.
In the preceding 12 months, we collected and disclosed for a business purpose the following categories of personal information about California consumers to
service providers who process data on our behalf, research partners, and other third parties:
Identifiers: Name, e-mail address, IP address, telephone number
Personal information categories listed in the California Customer Records statute: Name, social security number, physical characteristics or description, telephone number, driver’s license or state identification card number, etc.
Protected classification characteristics under California or federal law: Race, gender
Commercial information: Records of products or Services purchased, obtained, or considered, including prescriptions
Internet or other similar network activity: Information on a user’s interaction with the website
Geolocation data: IP address data
Professional or employment-related information: Title of profession, employer, etc.
Inferences drawn from other personal information: Profile reflecting a person’s preferences
In addition, to the extent they are contained within your Health Records:
Biometric information: Imagery of retinas, fingerprints, hands, face, and behavioral characteristics
Sensory data: Audio, electronic, visual, thermal, olfactory information
Professional or employment-related information: Title of profession, employer, etc.
· Auditing related to our interactions with you;
· Legal compliance;
· Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and necessary prosecution;
· Performing Services (for us or our service provider);
· Internal research for technological improvement;
· Internal operations;
· Activities to maintain and improve our Services; and
· Other one-time or short-term uses.
Your Rights. Where applicable, if you are a California resident you may have the following rights under CCPA in relation to “personal information” we have collected about you as defined in the CCPA; these rights are, to the extent required by the CCPA and subject to verification and any applicable exceptions:
· Right to Know/Access: You have the right to request that we disclose certain information to you about our collection and use of certain personal information about you as described below:
· The specific pieces of personal information collected;
· The categories of personal information collected;
· The categories of sources from whom the personal information is collected;
· The purpose for collecting the personal information; and
· The categories of third parties with whom we have shared the personal information.
· Right to Delete: You have the right to request that we delete the personal information.
· Freedom from Discrimination: You have the right to be free from unlawful discrimination for exercising any of the rights above.
To make a request in relation to the above rights, please contact us using the information below. To fulfill your request, we will need to verify your identity and ask additional information and documents, which may include information previously provided.
Only you, or someone legally authorized to act on your behalf, may make a request related to personal information collected about you. To designate an authorized agent, the authorized agent must provide sufficient information that allows us to reasonably verify that they have been authorized by you to act on their behalf.
If you would like to exercise your rights discussed in this section, please contact us at the information below.
In certain circumstances, you may be able to review and request changes to your personal information.