Effective: February 27, 2020
a. Information We Collect
We collect a variety of personally identifiable information ("PII") about users in order to conduct our Service Offerings. "PII" means information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular user.
PII does not include "De-Identified Information" which is information or data we collect from which individual user identities have been removed. De-identified Information may be aggregated to helps us understand trends, user needs and other information to provide improved Service Offerings. We also collect "Non-Personal Information" about your use and interaction with our Service Offerings. "Non-Personal Information" means information that we cannot use to identify you. Non-Personal Information is not treated as PII unless we combine it with or link it to PII that you give to us. We may collect your Non-Personal Information through cookies, web beacons, log files, and similar technologies. "Cookies" are small files that we place on your computer. Your browser can be configured to accept or reject most types of cookies. Please consult your browser's documentation for more information.
b. Information About Others
a. Information You Give Us
We collect PII that you give to us when you register or use our Service Offerings. When you register for a user account ("Account") on the website or mobile application, you will be assigned a unique account identifier ("Account ID") which will be saved and be associated with any PII you give to us under your Account ID. In particular, we may collect the following categories of information from users:
You may give us information to allow us to contact you or use certain features available through our Service Offerings without signing up for an Account, such as when you fill out a request form, report a coupon, co-pay card or voucher, provide feedback, email us, or engage in communications with our team. Some of this information may be collected when you use some functionality of the Service Offerings without registering for an Account.
b. Location Information
When you access or use our Service Offerings using a desktop or mobile device, you can enter your location or give us your consent to access your location ("Location Information"). If you use our mobile application, we may, in accordance with your consent, passively collect Location Information when our application is installed on your mobile device. You can change the privacy settings of your mobile device at any time to stop sharing your Location Information with us. Please note that certain features and functionality may be affected or be unavailable if you do not share your Location Information with us.
c. Call Recording and Monitoring
d. Information We Collect Automatically
Even if you do not provide any PII to us, we automatically collect certain information about your use and interaction with our Service Offerings. For example, when you visit our website, our systems automatically maintain web logs to record data about all visitors who use our website and stores this information in our database. These web logs may contain information about you including the following: IP address, type(s) of operating system you use, type of device you use, date and time you visited the website, your activity and/or referring websites. We use your log information to troubleshoot problems, gather demographic information, customize your experience when accessing our Service Offerings and other business purposes.
e. Information Collected From Other Sources
f. Cookies and Web Beacons
A cookie is a small data file that certain websites write to your computer hard drive when you visit the website. These files identify your computer and record your preferences and other data about your visit to our website and/or websites you accessed before visiting our Service Offerings.
A web beacon is a tiny, often invisible graphic image displayed in a webpage, web-based document, or e-mail message. When the user's web browser reads the code embedded in a web beacon, it can pass along the following information to us: IP address of the user's computer or mobile device, date and time viewed, length of time viewed and type of browser used. Web beacons can also be linked to a user's cookies and any personally identifiable information that may be stored in them.
We may use, disclose, or store the PII we collect about you to operate our business and deliver our Service Offerings. We utilize PII for the following purposes:
a. Disclosure To Third Parties
We may disclose your PII or Non-Personal Information to third parties for any of the permitted uses described above. For example, we may disclose your Personally Identifiable Information or Non-Personal Information to:
b. Disclosure Without Your Consent
In general, we may disclose your information without your consent to disclosure when we reasonably believe disclosure is appropriate in order to:
We may share your information amongst Related Entities where it is necessary to support, improve, develop or otherwise provide the Service Offerings to you.
c. Sale of Personal Information
In the preceding twelve (12) months, we have not sold personal information.
d. Disclosure Related to Business Events
Information about our users, including PII, may be disclosed as part of any merger, acquisition, public offering or sale of company assets. It may also be disclosed in the unlikely event of insolvency, bankruptcy, or receivership in which personally identifiable information would be transferred as one of our business assets.
You can request the removal or modification of the PII you have provided to us by sending an e-mail to firstname.lastname@example.org. For your protection, we may only implement requests with respect to the PII associated with the particular e-mail address that you use to send us your request, and we may need to verify your identity and obtain information on the context in which you provided your PII before implementing your request. We will try to accommodate your request as soon as reasonably practicable.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.
You may click the unsubscribe link at the bottom of emails you receive from us to stop receiving emails and reply STOP to our text messages to stop receiving SMS messages. You may control the receipt of push notifications from our mobile applications through your mobile device settings. Do-Not-Track Signals your browser may allow you to send us a "do-not-track signal" to communicate your privacy preferences to us. The Service Offerings do not respond to browser do-not-track signals.
a. Your California Privacy Rights
California Civil Code Section § 1798.83 permits users of the Services that are California residents to request certain information regarding our disclosure of PII to third parties for their direct marketing purposes. To make such a request, please contact us as described in the "Contact Us" section below.
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
You have the right to request that we delete any of your PII that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by sending us a message as described in the "Contact Us" section below. Only you, or a person that you authorize to act on your behalf (consistent with applicable law), may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
b. Response Timing and Format
We aim to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
c. Updating/Removing Your Personal Information through User Account
You can also customize how we collect and uses your information as set forth below. However, you should note that your decisions on how to customize the collection of your information may impact the functionality or availability of the Service Offerings. Here are some examples of how to customize the collection of information for the Service Offerings:
We will not discriminate against you for exercising any of the rights above. Unless permitted by the law, we will not:
We also urge you to take additional steps on your own to safeguard and maintain the integrity of your PII. For example, you should never share your account or login information with other people and be sure to sign off when finished using a shared or public computer. We urge you to be aware that if you use or access our Service Offerings through a third-party computer network (e.g., employer, internet café, library) or other potentially non-secure internet connection, such use is not recommended and solely at your own risk. It is your responsibility to check beforehand on the privacy and/or security policy of your network prior to accessing the Service Offerings.
We are committed to protecting the privacy of children and are committed to preventing the unintentional collection of Personal Information and Protected Health Information from children under the age of 13 in accordance with the Children's Online Privacy Protection Act ("COPPA"). Our Service Offerings are not designed or intended to attract children under the age of 18, and we do not knowingly allow individuals under the age of 18 to create Accounts. A parent or legal guardian, however, may use our Service Offerings on behalf of a minor in their custody. The parent or legal guardian is solely responsible for any information provided on behalf of the minor and for ensuring that registration and information submitted is accurate and remains safe. The parent or legal guardian also assumes full responsibility for the interpretation and use of any information provided through our Service Offerings for the minor.
If you are the parent or legal guardian of a child under the age of 13, and you have reason to believe that your child has provided his or her own PII to us, you have the right to request the removal of that child's PII from our database. In order to request such removal, please Contact Us. You will be required to verify your identity and status as the child's parent or legal guardian in order to have their PII removed.
b. External links
We do not control and are not responsible or liable for the security, authenticity, updates, accuracy of information, privacy policies, practices or otherwise of other websites or applications you might visit, interact with, or from which you might obtain services or products, even if you visit them using links from our Service Offerings. The purpose of the external sites is to provide users with further outside resources, which may or may not be related to OneRx, such as Prescription Assistance Programs, organizations, and further information to potentially help users.
c. Using our Service Offerings from outside the United States
OneRx services are intended for use only by residents of the United States. As of May 25, 2018, OneRx redirects website visitors from the European Union to a message notifying such visitors that they cannot use OneRx and does not permit them to register or to use our services. We do not collect any personally identifying information from such visitors to our Site, although we do archive their IP addresses.
BY POSTAL MAIL
Attn: Privacy Officer
2 Park Avenue, Suite 1500
New York, NY 10016