Last Updated: 12-5-2022
This Policy does not apply to workforce-related personal information collected as part of our employee recruiting activities. For information about our privacy practices relating to job applicants who are California residents, please contact us at firstname.lastname@example.org.
Information we collect and use
Information that we may collect about you through various technologies
As part of our Services, we use various technologies to collect and analyze information about you. We do link this data to individuals.
- Session Cookies
We use session cookies to keep you logged in while you use our Services, to better understand how you interact with our Services, and to monitor web traffic information on our Services.
- Persistent Cookies. We use persistent cookies to recognize you each time you return to our websites or Services. For example, we create a persistent cookie that includes some basic information about you, like your most recent search. We use this persistent cookie to remember your preferences and, if you create an account, to enhance your user experience.
- Pixels (also known as web beacons) are codes embedded in a website, video, email, or advertisement that send information about your use to a server. When you access a website, video, email, or advertisement that contains a pixel, the pixel may permit us or a separate entity to drop or read cookies on your browser. We may use pixels, along with cookies, to track activity by a particular browser on a particular device for marketing purposes. Pixels allow us, for example, to count users who have opened an email, identify your IP address, and to better understand how our website is being used.
- Log Data. Our servers automatically record information created by your use of the Services. This log data includes information such as your IP address, browser type, operating system, the referring web page, web pages visited, location, your mobile carrier, your computer or mobile device type, search terms and cookie information. We receive Log Data when you interact with our Services, for example, when you visit our websites, sign into our Services, or interact with our email notifications.
- Linking third parties. If you arrived at our website via a link on another party’s website or application (“linking third party”), we may collect a unique code related to that linking third party. This will help us identify how you arrived at our website. Once on our website, if you become a customer or submit personal information to us for another reason (for example, for marketing purposes or to sign up for a product trial or demo), we may inform the Linking Third Party that a visitor from their website or application has become a MedRx lead (customer or potential customer).
- Your Online Posts. Some parts of our Websites and Services may allow visitors to post content on public online forums that we operate (for example, posting a question, comment or review). When you post content on these online forums, other visitors will be able to see certain information about you, such as your username or handle. You should be aware that any personal information you post can be read, collected, distributed or used by other visitors and could be used by third parties to send you unsolicited messages. We are not responsible for the personal information you choose to post on public online forums.
- We may collect personal information about you from third parties (e.g., Facebook, Twitter, Google) and use it to improve or market our Services, or to provide a tailored experience with our Services.
You may delete or disable certain of these technologies at any time via your browser settings [or you can disable cookies by clicking the link in the lower left corner of our website and selecting “Show Details.” To opt out of analysis by Google Analytics on our website and other websites, please visit https://tools.google.com/dlpage/gaoptout. Please be aware that if you disable or remove tracking technologies some parts of the Services may not function correctly.
Mobile Apps: We may collect location data through our mobile app(s). You can stop all collection of information via an app by uninstalling the app. You can also reset your device at any time through your device settings, which allow you to limit the use of information collected about you.
Information We May Collect from You or Other Sources About You
In the last 12 months, we collected the following categories of personal information from consumers:
|Category||Purpose of Collection|
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address
Create your account with us
Process transactions and provide requested services
Provide product and service recommendations
Personalize your browsing experience on our websites and online applications
Personal information categories listed in the California Customer Records statute
A name, signature, telephone number, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
*Some personal information included in this category may overlap with other categories.
To create an account
To process payment transactions and provide requested products and services
To coordinate payment of services with your insurer
Protected classification characteristics under California or federal law.
Age (40 years or older), race, color, marital status, medical condition, physical or mental disability, sex
|To provide products or services|
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
To process transactions and provide requested services
To provide product and service recommendations
To provide warranty information
For quality assurance and product development purposes
Internet or other similar network activity
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
Provide product and service recommendations
To understand how you use our products and services
Analyze website traffic and usage
General physical location
|To provide product and service recommendations|
Inferences drawn from other personal information
Profile reflecting a person’s preferences and characteristics
Provide product and service recommendations
To understand how consumers use our products and services
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, from forms you complete or products and services you purchase.
- Indirectly from you. For example, from observing your actions on our websites or applications.
- From third parties, including LeadPages, Gravity Forms, HotJar, Google Analytics, your employer when we are providing Services to you though your relationship with your employer and your insurance carrier when you authorize us to bill your insurer.
Our website and online services are intended for a general audience and not directed at children under (13) years of age. We do not knowingly gather personal information (as defined by the U.S. Children’s Online Privacy Protection Act, or “COPPA”) in a manner not permitted by COPPA. If a person under 13 submits information through any part of our Service, and we learn the person submitting the information is a child, we will attempt to delete this information as soon as possible unless we have received consent from the child’s parent or guardian. If you are a parent or guardian and you believe we have collected information from your child in a manner not permitted by law, contact us as set out in the “Contact Us” Section below. We will remove the data to the extent required by applicable laws.
How We Share Your Personal Information
In the last 12 months, MedRx has shared the following categories of personal information for a business purpose:
- Personal Information Categories listed in the California Customer Records Statute
- Protected Classification Characteristics under California or federal law
- Commercial Information
- Internet or other similar network activity
- Geolocation data
- Inferences drawn from other personal information
In the last 12 months, we disclosed these categories of personal information for a business purpose to the following categories of third parties:
- Service providers (companies operating on our behalf) who help us administer, provide, improve and market the Services;
- Third party marketing partners;
- Your insurance provider when we are providing Services that you authorize us to bill your insurance carrier for
- Your employer when we are providing Services to you through your relationship with your employer
- Other parent and affiliate organizations within the Demant family of companies;
- Legal and/or health and safety entities as required by law; and
- Any other parties which you have authorized us to share your personal information.
We may also share your personal information under the following circumstances:
- In the event of a merger, acquisition or any other form of sale of transfer of all or some of our assets (including in the event of a reorganization, dissolution or liquidation), in which personal information held by us about you will be among the assets transferred to the buyer or acquirer;
- In order to protect and defend the rights or property;
- In response to a subpoena or other legal process or as otherwise required by law; and
- To act in emergency circumstances to protect the personal safety of our users and customers.
We may sell non-personally identifiable information that has been derived from aggregated and deidentified personal information, provided such information cannot be used to re-identify you.
Deidentified Patient Information
We do not sell and/or disclose deidentified patient information exempt from the CCPA to third parties. To deidentify the patient information, we followed the HIPAA expert determination method and the HIPAA safe harbor method.
How long we keep your data and how we secure it
We will keep your personal information for as long as we need to for legitimate legal or business reasons, including to comply with any legal obligations. We will delete your personal information when it is no longer needed in relation to the purpose for our collection, processing and storage of your personal information.
The security of your data is important to us. We use administrative, technical and organizational measures to protect your personal information against unintended loss or amendment, unauthorized disclosure and unauthorized persons accessing your personal information.
Your privacy rights
Residents of certain states have specific rights regarding personal information. This section describes those rights and explains how to exercise them.
- Right to Know about the Collection, Sharing and Sale of Personal Information (For California residents; also applies to Virginia residents as of January 1, 2023)
You have the right to ask us about what personal information we have collected about you and whether or not we have shared with, or sold the personal information to, third parties.
MedRx does not sell personal information within the meaning of applicable laws.
- Right to Access, Correct or Transfer Your Personal Information (For California residents; also applies to Virginia residents as of January 1, 2023)
You have the right to a copy of your personal data in a readily usable format. You can also request that we correct any data that is incorrect.
- Right to Delete Your Personal Information (For California residents; also applies to Virginia residents as of January 1, 2023)
You have the right to request that we delete any of your personal information that we collected from you and retained, but this right may be subject to certain exceptions. If an exception applies, we will delete or deidentify personal information not subject to one of these exceptions from our records.
- Right to Limit the Use and Disclosure of Sensitive Personal Information (For California residents)
You have the right, with certain exceptions, to limit our use and disclosure of your sensitive personal information to those uses which are necessary to perform our Services.
- Right to Opt Out Sharing Your Personal Information (For California residents)
You have the right to opt out of the sharing of your personal information.
Exercising Your Rights
To exercise your rights as described above, please submit a request by either:
- Calling us at 888-392-1234
- Emailing us at email@example.com
To verify and process your request, we may request certain information from you, which may include, but may not be limited to, your name, email address, physical address and telephone number.
ADDITIONAL DISCLOSURES FOR CALIFORNIA RESIDENTS
Please review the “Your Privacy Rights” section above for information about the privacy rights of California residents. This section outlines additional information for California residents about exercising their rights.
If you request that we delete your personal information, we will delete or anonymize your personal information, subject to any exemptions, and will direct our service providers to take similar action.
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information.
Generally, when an authorized agent makes a request to know or a request to delete on behalf of the consumer, the following is required: (i) signed permission by the consumer that the consumer has authorized the agent to act on behalf of the consumer; (ii) the consumer must verify the consumer’s identify directly with MedRx; and (iii) the consumer must directly confirm with MedRx that the consumer has provided the authorized agent permission to submit the request. However, if the consumer has provided the authorized agent with power of attorney pursuant to Cal. Probate Code sections 4121 to 4130, the verification process is as follows: the authorized agent must provide written verification of such power of attorney and the agent must confirm the agent’s identity in order to verify the request.
We will not discriminate against you for exercising any of your data privacy rights.
Other California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org or call us at 888-392-1234.
ADDITIONAL DISCLOSURES FOR VIRGINIA RESIDENTS (Effective January 1, 2023)
Please review the “Your Privacy Rights” section above for information about the privacy rights of Virginia residents. In addition, if you are a resident of Virginia, you also have the right to opt out of processing of personal information for targeted advertising, to opt out of the sale of your personal information and to opt out of processing personal information for certain types of data collection that Virginia law defines as profiling.
De-Identified Information. Information is de-identified when all identifying information has been removed such that the information can no longer be linked to an individual. If we are in possession of de-identified information, we will not attempt to re-identify de-identified data.
MedRx does not sell personal information as the term is defined under the Virginia Consumer Data Protection Act to third parties. We do not process personal information for profiling to make decisions that have significant impact on you. We do use your personal information so that we can provide advertisements that we think you may be interested in. You can opt out of (i) the use of your personal information for targeted advertising, by submitting a request by either:
- Emailing us at email@example.com
- Calling us at 888-392-1234
Appeals. If you would like to appeal our response to your data request, please email us at firstname.lastname@example.org, include “Appeal” in the subject line of your request and provide the basis for your appeal in the body of the email. You can expect a response to your appeal within 45 days of submitting your request. If we are unable to respond within this time, we will contact you within that 45-day time period to provide an update on the status of your appeal.
ADDITIONAL DISCLOSURES FOR NEVADA RESIDENTS
Nevada law (NRS 603A) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. MedRx does not engage in sales as defined under Nevada law.