INTRODUCTION
myDrugCosts, Inc. recognizes your concerns about your privacy. The information in this Privacy Policy explains what information we collect at the myDrugCosts website (mydrugcosts.com) or through our application and how it is used. The website, Services and application shall be referred to as the “Services”. We will ensure that all personal information disclosed by you and that is held by us will be: (i) processed lawfully, fairly, and in a transparent manner; (ii) collected for specified, explicit, and legitimate business purposes and not further processed in a manner that is incompatible with those legitimate business purposes; (iii) adequate, relevant and limited to what is necessary; (iv) kept in a form which permits identification of data subjects for no longer than is necessary; and (v) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
COLLECTION OF INFORMATION
We collect information you voluntarily provide, such as when you email or when you register to use myDrugCosts to browse savings opportunities for various prescriptions. We may collect personal information, including your name, zip code, birthdate, phone number, and your email address. We use this information to manage your account and to communicate with you.
We collect information about you when you use our Services, including, but not limited to the following:
- Device Information. We may automatically collect certain information about the computer or devices (including mobile devices) you use to access the Services.For example, we may collect and analyze information such as (a) IP addresses, geolocation information (as described in the next section below), unique device identifiers and other information about your mobile phone or other mobiled evice(s), browser types, browser language, operating system, the state or country from which you accessed the Services; and (b) information related to the ways in which you interact with the Services, such as: referring and exit pages and URLs, platform type, the number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Services, the frequency of your use of the Services, error logs, and other similar information. As described further below, we may use third-party analytics providers and technologies, including cookies and similar tools, to assist in collecting this information.
- Location Information. We may collect different types of information about your location, including general information (e.g., IP address, zip code) and more specific information (e.g., GPS-based functionality on mobile devices used to access theServices), and may use that information to customize the Services with location-based information, advertising, and features
- Cookies and Other Electronic Technologies. We may use the tools outlined below in order to better understand users. As we adopt additional technologies, we may also gather additional information through other methods. In some jurisdictions, companies and organizations are not permitted to send cookies to the browser without the prior consent of the affected user. In this case, we will seek such consent. This section and the following section assume that either the use of cookies is not restricted by applicable law, or if it is restricted that you have expressly consented to the use of cookies and related technologies.
- Cookies and Web Tokens: “Cookies” and web tokens are small computer files transferred to your computing device that contain information such as user ID, user preferences, lists of pages visited and activities conducted while using the Services. We use these to help us improve or tailor the Services by tracking your navigation habits, storing your authentication status so you do not have to re-enter your credentials each time you use the Services, customizing your experience with the Services, and for analytics and fraud prevention.
USE OF INFORMATION
We use the information that we collect for the following legitimate business purposes:
- For the purposes for which you provided the information (e.g., to process your transaction, to provide you with information about products and services, and to respond to your inquiries);
- Location Information. We may collect different types of information about your location, including general information (e.g., IP address, zip code) and more specific information (e.g., GPS-based functionality on mobile devices used to access theServices), and may use that information to customize the Services with location-based information, advertising, and features
- Cookies and Other Electronic Technologies. We may use the tools outlined below in order to better understand users. As we adopt additional technologies, we may also gather additional information through other methods. In some jurisdictions, companies and organizations are not permitted to send cookies to the browser without the prior consent of the affected user. In this case, we will seek such consent. This section and the following section assume that either the use of cookies is not restricted by applicable law, or if it is restricted that you have expressly consented to the use of cookies and related technologies.
- To contact you when necessary or requested;
- To track and analyze trends and usage in connection with our Services;
- To better understand who uses the Services and how we can deliver a better user experience;
- To use statistical information that we collect in any way permitted by law, including from third parties in connection with their commercial and marketing efforts;
- To prevent, detect, and investigate security breaches, fraud, and other potentially illegal or prohibited activities;
- To enforce the legal terms that govern your use of the Services;
- To protect our rights or property;
- To administer and troubleshoot the Services; and
- For any other purpose disclosed to you in connection with our Services.
We may use third-party service providers to process and store personal information in the United States.
We may use the information you provide. Combined with information provided by other users, in an aggregate, non-identifiable format, such that the aggregate data does not contain any information that could be used to contact or identify you. For example, we may use information gathered to create a composite profile of all the users for a particular geographic location, from a particular business entity or of a particular prescription drug. We might also use such aggregate data to inform third parties of the number of users of the site and the types of results provided to them. We may use this aggregate data for any purpose and may provide such aggregate information to third parties without your prior permission. Depending on the circumstances, we may or may not charge third parties for this Aggregate Information. We require parties with whom we share aggregate data to agree that they will not attempt to make this information personally identifiable, such as by combining it with other databases. Upon your written request we will delete the information about your prescriptions and health insurance from our databases. You should be aware that it may remain on backup servers.
SHARING OF INFORMATION
In general, we will not sell, share, or rent information about you in ways different from what is disclosed in this Privacy Policy without your expressed consent.
We may share information when we enter into agreements with other companies or individuals to perform functions on our behalf. These functions may include operating, maintaining, and improving the site, and analyzing data. The companies and individuals with which we work have access only to information necessary to perform their functions. They are not allowed to use the information for any other purpose and are contractually obligated to maintain the confidentiality and security of the information.
We reserve the right to disclose your personally identifiable information as required by law and when we believe disclosure is necessary to comply with a judicial proceeding, court order, and/or legal process served on us; and/or to protect our rights and the rights of our customers; or to enforce or apply our Terms of Use or other policies or user agreements.
PERSONAL HEALTH INFORMATION (PHI)
In certain situations, we may be considered a BusinessAssociate as defined by HIPAA (the federal Health Insurance Portability and Accountability Act) of certain Covered Entities (as also defined in HIPAA), and as such we may have certain federal, state and contractual restrictions on how we can use your Protected Health Information (“PHI”). When acting as a Business Associate, we may only use or disclose your PHI or Personal Information as required by law or as permitted by the Business Associate Agreement (“BAA”) that we have in place with a specific Covered Entity. Please be aware that when you give other individuals access to your PHI or Personal Information, they may be able to use, reproduce, distribute, display, transmit, and/or communicate the data to others and the public. We shall not have any responsibility for access, use, or disclosure of your PHI or Personal Information by people you authorized to have access to your user account.
SECURITY, STORAGE, AND TRANSFER OF INFORMATION
We take reasonable measures, including administrative, technical, and physical safeguards, to help protect personal information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot ensure or warrant the security of any information you transmit to us or from our online products or services, and you do so at your own risk.
We are a United States based company and our servers are located in the United States. By providing your information and using the Services, you explicitly consent to the transfer, processing, and storage of your information in the United States. If you do not wish for us to transfer your personal information to the United States, please contact us using the information in the “How to Contact Us” section below.
PRIVACY RIGHTS
- Children. We do not knowingly collect or maintain personally identifiable information from persons under 13 years of age without verifiable parental consent, and no part of the Services or services are directed at persons under 13. If you are under 13 years of age, then please do not use the Services. If we learn that personally identifiable information of persons less than 13 years of age has been collected without verifiable parental consent, then we will the appropriate steps to delete this information. To make such a requires, please contact us at [email protected].
- EU/EEA Citizens. The EU General Data Protection Regulation (GDPR) grants individuals who are in the European Union and European Economic Area (EU/EEA) the certain rights, with some limitations.
We will establish a system to enable and facilitate the exercise of data subject rights related to:
• Information access;
• Objection to processing;
• Objection to automated decision-making and profiling;
• Restriction of processing;
• Data portability;
• Data rectification; and
• Data Erasure
If you would like to exercise above EU General Data Protection Regulation (GDPR) rights about your personal information we hold about you, please submit a written request to: [email protected] or contact us using the information provided in the “How to Contact Us” section below. Our privacy team will examine your request and respond to you as quickly as possible. - California Residents. The California Consumer Privacy Act (CCPA) provides California consumers with the right to request access to their personal data, additional details about our information practices and deletion of their personal information (subject to certain exceptions). California consumers also have the right to opt out of sales of personal information, if applicable. We describe how California consumers can exercise their rights under the CCPA below. Please note that you may designate an authorized agent to exercise these rights on your behalf by providing written materials demonstrating that you have granted the authorized agent power of attorney. Please note that if an authorized agent submits a request on your behalf, we may need to contact you to verify your identity and protect the security of your personal information. We will not fulfill your CCPA request unless you have provided sufficient information for us to reasonably verify you are the consumer about whom we collected personal information. We will not discriminate against you if you choose to exercise your rights under the CCPA.
• You may request, no more than twice in a twelve (12) month period, access to the specific pieces of personal data we have collected about you in the last twelve (12) months. You may also request additional details about our information practices, including the categories of personal information we have collected about you, the sources of such collection, the categories of personal information we share for a legitimate business or commercial purposes, and the categories of third parties with whom we share your personal information. You may make these requests by contacting using the contact information provided below in the “How to Contact Us” Section below. After submitting your request, please monitor your email for a verification email. We are required by law to verify your identity prior to granting access to your data in order to protect your privacy and security.
• You may request, no more than twice in a twelve(12) month period, transportable copies of your personal information that we have collected about you in the last twelve (12) months. You may make these requests by contacting using the contact information provided below in the “How to Contact Us” Section. After submitting your request, please monitor your email for a verification email. We are required by law to verify your identity prior to granting access to your data in order to protect your privacy and security.
• You may request that we delete the personal information we have collected about you. Please note that we may retain certain information as required or permitted by applicable law. You may make these requests by contacting us using the contact information provided below in the “How toContact Us” Section below. After submitting your request, please monitor your email for a verification email. We are required by law to verify your identity prior to granting access to your data in order to protect your privacy and security.
• California residents are entitled to ask us fora notice identifying the categories of personal information which we share with our affiliates and/or third parties for marketing purposes and providing contact information for such affiliates and/or third parties.
CHANGES TO THIS POLICY
We may change this Privacy Policy from time to time. If we make changes, we will notify you by posting the updated policy on our Services and revising the “Date of Last Update” date above. We encourage you to review the Privacy Policy whenever you use our Services or otherwise interact with us to stay informed about our information practices and about ways you can help protect your privacy. We will use commercially reasonable endeavors to notify you of any material changes to this Privacy Policy. Such commercially reasonable endeavors may include email reminders, by notice on this site, or by other reasonable means.
HOW TO CONTACT US
Please contact us with any questions or concerns regarding this Privacy Policy at:
Via mail:
myDrugCosts, Inc.
201 West Main St.
Durham, NC 27701
Via phone:
919-525-3100
Via email:
[email protected]