OneRx Privacy Policy

Effective: February 27, 2020

I. INTRODUCTION

This Privacy Policy describes the types of information we may collect; how we collect; how we use, with whom we share; how we protect your information; your choices and rights regarding the information collected; other information related to the privacy of your information; and how to contact us. We encourage you to freely communicate with us about questions or concerns about this Privacy Policy. References to "OneRx", "our", "us" or "we" refer to Truveris, Inc., including, if applicable, any company that Truveris controls or is controlled by, including without limitation a parent or subsidiary, as applicable ("Related Entity").

This Privacy Policy applies to all existing and future website(s), application(s), domain name(s), linked pages, features, content, products, services, mobile properties and mobile device applications (each, a "Service Offering") owned or operated by OneRx. By visiting or using any of our Service Offerings, you hereby acknowledge and accept the terms and conditions set forth in this Privacy Policy, including without limitation, the use and disclosure of your information as outlined in this Privacy Policy. For other terms and conditions that govern your use of our Service Offerings, please visit www.onerx.com.

II. PERSONAL INFORMATION

a. Information We Collect

We collect personal data you choose to provide while utilizing our Service Offerings, e.g., through registrations, applications, transactions and surveys, and in connection with your inquiries and purchases. In some circumstances, the personal data provided including your name, date of birth, physical address, e-mail address, phone number, billing and shipping information, and information related to your prescription, may include, or may be used and disclosed to generate Protected Health Information ("PHI"). In those instances, our use of the PHI will also be subject to the requirements of the Health Information Portability and Accountability Act (frequently referred to as 'HIPAA'). For the purposes of this Privacy Policy, PHI shall have the same meaning as defined in HIPAA and may be included in the definition of "personally identifiable information" or "PII" (as defined below). To the extent any term(s) in this Privacy Policy conflict with any term(s) in HIPAA, HIPAA will control and supersede the terms in this Privacy Policy.

We collect a variety of personally identifiable information ("PII") about users in order to conduct our Service Offerings. "PII" means information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular user.

You are responsible for ensuring the accuracy of all PII that you submit to OneRx. Inaccurate information may affect your experience when using our Service Offerings and/or our ability to contact you as described in this Privacy Policy.

PII does not include "De-Identified Information" which is information or data we collect from which individual user identities have been removed. De-identified Information may be aggregated to helps us understand trends, user needs and other information to provide improved Service Offerings. We also collect "Non-Personal Information" about your use and interaction with our Service Offerings. "Non-Personal Information" means information that we cannot use to identify you. Non-Personal Information is not treated as PII unless we combine it with or link it to PII that you give to us. We may collect your Non-Personal Information through cookies, web beacons, log files, and similar technologies. "Cookies" are small files that we place on your computer. Your browser can be configured to accept or reject most types of cookies. Please consult your browser's documentation for more information.

b. Information About Others

You may have the opportunity to provide information about other individuals through our Service Offerings. If you submit any PII relating to other people to us, you represent that you have the authority and have obtained consent to do so prior to providing to us and to permit us to use the information in accordance with this Privacy Policy.

III. HOW WE COLLECT INFORMATION, AND CATAGORIES OF INFORMATION

a. Information You Give Us

We collect PII that you give to us when you register or use our Service Offerings. When you register for a user account ("Account") on the website or mobile application, you will be assigned a unique account identifier ("Account ID") which will be saved and be associated with any PII you give to us under your Account ID. In particular, we may collect the following categories of information from users:

You may give us information to allow us to contact you or use certain features available through our Service Offerings without signing up for an Account, such as when you fill out a request form, report a coupon, co-pay card or voucher, provide feedback, email us, or engage in communications with our team. Some of this information may be collected when you use some functionality of the Service Offerings without registering for an Account.

b. Location Information

When you access or use our Service Offerings using a desktop or mobile device, you can enter your location or give us your consent to access your location ("Location Information"). If you use our mobile application, we may, in accordance with your consent, passively collect Location Information when our application is installed on your mobile device. You can change the privacy settings of your mobile device at any time to stop sharing your Location Information with us. Please note that certain features and functionality may be affected or be unavailable if you do not share your Location Information with us.

c. Call Recording and Monitoring

Your calls to and from us may be recorded for various purposes including: monitoring customer service quality or compliance, checking accuracy of information you provide us, preventing fraud or providing training for our staff or customer service representatives. Any PII obtained from you during the call will be treated in accordance with the provisions of this Privacy Policy.

d. Information We Collect Automatically

Even if you do not provide any PII to us, we automatically collect certain information about your use and interaction with our Service Offerings. For example, when you visit our website, our systems automatically maintain web logs to record data about all visitors who use our website and stores this information in our database. These web logs may contain information about you including the following: IP address, type(s) of operating system you use, type of device you use, date and time you visited the website, your activity and/or referring websites. We use your log information to troubleshoot problems, gather demographic information, customize your experience when accessing our Service Offerings and other business purposes.

e. Information Collected From Other Sources

We may combine the information we collect from you through the Service Offering with information we receive from and about you from other online and offline sources, and may use the combined information in accordance with this Privacy Policy.

f. Cookies and Web Beacons

A cookie is a small data file that certain websites write to your computer hard drive when you visit the website. These files identify your computer and record your preferences and other data about your visit to our website and/or websites you accessed before visiting our Service Offerings.

A web beacon is a tiny, often invisible graphic image displayed in a webpage, web-based document, or e-mail message. When the user's web browser reads the code embedded in a web beacon, it can pass along the following information to us: IP address of the user's computer or mobile device, date and time viewed, length of time viewed and type of browser used. Web beacons can also be linked to a user's cookies and any personally identifiable information that may be stored in them.

IV. HOW WE USE INFORMAITON COLLECTED

We may use, disclose, or store the PII we collect about you to operate our business and deliver our Service Offerings. We utilize PII for the following purposes:

We also use cookies to maintain continuity of navigation when viewing our website during one (1) online session ("Session Cookie"). After closing the browser, a Session Cookie simply terminates and is not stored on your computer hard drive thereafter. Other cookies are saved and stored on your computer hard drive, so we can customize your next visit to our website by saving your settings, preferences, drug information and other information collected in a prior session. As a consequence, cookies are often tied to your PII when used by us. We also use information collected through cookies and/or web beacons as De-identified Information to understand how our users use our Service Offerings, gauge traffic, troubleshoot and make adjustments to continually improve our Service Offerings. We may use remarketing to advertise online. Under these circumstances, we may place cookies and/or web beacons on your mobile devices or computer to allow third parties and their advertisers to feed advertisements to you based on the history of your past visits to our website or other websites. These cookies and/or web beacons do not enable third parties to access any of your personally identifiable information, and we will not provide third parties with information that discloses a user's personal health condition or personal protected health information ("PHI"). We are not responsible for the actions of cookies and/or web beacons from third party websites, which may require you to accept cookies and/or web beacons that collect information.

V. WITH WHOM DO WE SHARE INFORMATION

a. Disclosure To Third Parties

We may disclose your PII or Non-Personal Information to third parties for any of the permitted uses described above. For example, we may disclose your Personally Identifiable Information or Non-Personal Information to:

b. Disclosure Without Your Consent

In general, we may disclose your information without your consent to disclosure when we reasonably believe disclosure is appropriate in order to:

We may share your information amongst Related Entities where it is necessary to support, improve, develop or otherwise provide the Service Offerings to you.

c. Sale of Personal Information

In the preceding twelve (12) months, we have not sold personal information.

d. Disclosure Related to Business Events

Information about our users, including PII, may be disclosed as part of any merger, acquisition, public offering or sale of company assets. It may also be disclosed in the unlikely event of insolvency, bankruptcy, or receivership in which personally identifiable information would be transferred as one of our business assets.

VI. YOUR RIGHTS AND CHOICES

You can request the removal or modification of the PII you have provided to us by sending an e-mail to legal@truveris.com. For your protection, we may only implement requests with respect to the PII associated with the particular e-mail address that you use to send us your request, and we may need to verify your identity and obtain information on the context in which you provided your PII before implementing your request. We will try to accommodate your request as soon as reasonably practicable.

Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.

You may click the unsubscribe link at the bottom of emails you receive from us to stop receiving emails and reply STOP to our text messages to stop receiving SMS messages. You may control the receipt of push notifications from our mobile applications through your mobile device settings. Do-Not-Track Signals your browser may allow you to send us a "do-not-track signal" to communicate your privacy preferences to us. The Service Offerings do not respond to browser do-not-track signals.

a. Your California Privacy Rights

California Civil Code Section § 1798.83 permits users of the Services that are California residents to request certain information regarding our disclosure of PII to third parties for their direct marketing purposes. To make such a request, please contact us as described in the "Contact Us" section below.

b. Response Timing and Format

We aim to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

c. Updating/Removing Your Personal Information through User Account

You can also customize how we collect and uses your information as set forth below. However, you should note that your decisions on how to customize the collection of your information may impact the functionality or availability of the Service Offerings. Here are some examples of how to customize the collection of information for the Service Offerings:

d. Non-Discrimination

We will not discriminate against you for exercising any of the rights above. Unless permitted by the law, we will not:

VII. HOW WE SECURE AND PROTECT INFORMATION

We use a variety of physical, administrative, electronic, technical and procedural safeguards to maintain a high-level of security to guard your PII, including without limitation, password protection, data backup, audit controls, access controls, and some data encryption. Specifically, we use commercially accepted procedures and systems to protect against unauthorized access to our systems. We restrict access to your PII to those employees, advisors and contractors who are covered by this Privacy Policy and need to know such information to provide services or otherwise assist you in connection with our Service Offerings. We protect the security of your PII during transmission via our website by using industry standard Secure Sockets Layer ("SSL") software, which encrypts information you input, so that no one else can read it as it is transmitted over the Internet.

We also urge you to take additional steps on your own to safeguard and maintain the integrity of your PII. For example, you should never share your account or login information with other people and be sure to sign off when finished using a shared or public computer. We urge you to be aware that if you use or access our Service Offerings through a third-party computer network (e.g., employer, internet café, library) or other potentially non-secure internet connection, such use is not recommended and solely at your own risk. It is your responsibility to check beforehand on the privacy and/or security policy of your network prior to accessing the Service Offerings.

We are not responsible for your handling, sharing, re-sharing and/or distribution of your information except as set forth in the Privacy Policy. Moreover, if you forward or submit any information electronically to another person or entity on or off the Service Offerings, even if you are linked via our Service Offerings, we are not responsible for any harm or other consequences from third party use or re-sharing of your information.

VIII. MISCELLANEOUS

a. Children

We are committed to protecting the privacy of children and are committed to preventing the unintentional collection of Personal Information and Protected Health Information from children under the age of 13 in accordance with the Children's Online Privacy Protection Act ("COPPA"). Our Service Offerings are not designed or intended to attract children under the age of 18, and we do not knowingly allow individuals under the age of 18 to create Accounts. A parent or legal guardian, however, may use our Service Offerings on behalf of a minor in their custody. The parent or legal guardian is solely responsible for any information provided on behalf of the minor and for ensuring that registration and information submitted is accurate and remains safe. The parent or legal guardian also assumes full responsibility for the interpretation and use of any information provided through our Service Offerings for the minor.

If you are the parent or legal guardian of a child under the age of 13, and you have reason to believe that your child has provided his or her own PII to us, you have the right to request the removal of that child's PII from our database. In order to request such removal, please Contact Us. You will be required to verify your identity and status as the child's parent or legal guardian in order to have their PII removed.

b. External links

We do not control and are not responsible or liable for the security, authenticity, updates, accuracy of information, privacy policies, practices or otherwise of other websites or applications you might visit, interact with, or from which you might obtain services or products, even if you visit them using links from our Service Offerings. The purpose of the external sites is to provide users with further outside resources, which may or may not be related to OneRx, such as Prescription Assistance Programs, organizations, and further information to potentially help users.

c. Using our Service Offerings from outside the United States

OneRx services are intended for use only by residents of the United States. As of May 25, 2018, OneRx redirects website visitors from the European Union to a message notifying such visitors that they cannot use OneRx and does not permit them to register or to use our services. We do not collect any personally identifying information from such visitors to our Site, although we do archive their IP addresses.

IX. CHANGES TO THIS PRIVACY POLICY

We may amend this Privacy Policy at any time as we deem appropriate with or without notice to you. In the event changes are made to this Privacy Policy, we will post the current version of our Privacy Policy on our website and at other places we deem appropriate. You understand and agree that your continued use of the Service Offerings shall be deemed as acceptance to any and all changes to this Privacy Policy, and you further agree that you will periodically check our website, www.onerx.com, for any such changes. You may also Contact Us to request a copy of our current Privacy Policy.

CONTACT US

If you have questions or concerns about this Privacy Policy, please contact us. Please provide your name and contact information in your correspondence.

BY POSTAL MAIL
OneRx,
Attn: Privacy Officer
2 Park Avenue, Suite 1500
New York, NY 10016

BY PHONE
(800) 430-1430

BY EMAIL
legal@truveris.com