Effective Date: March 4th, 2021
If you are a California resident, please click here to see our Privacy Information for California Residents.
The Information We Collect and the Sources of Such Information
Purposes for How We Use Your Information
Online Analytics and Advertising
How We Share and Disclose Your Information
Your Marketing Choices
Third-Party Services and Notice About Health Information
How we protect Your Information
Privacy Information for California Residents
Privacy Information for Nevada Residents
Retention of Your Information
THE INFORMATION WE COLLECT AND THE SOURCES OF SUCH INFORMATION
We obtain information about you through the means discussed below when you use the Services. Please note that we need certain types of information so that we can provide the Services to you. If you do not provide us with such information or ask us to delete it, you may no longer be able to access or use part or all our Services.
- Information You Provided to Us
We collect a variety of information that you provide directly to us. For example, we collect information from you through:
Account and Product registration and administration of your account
Processing your orders and requests for treatment
Questions, communications, or feedback you submit to us via forms or email.
Your participation in research and surveys
Requests for customer support and technical assistance, including through online chat functionalities.
Uploads or posts to the Services
Employment applications you submit.
The specific types of information we collect will depend upon the Services you use, how you use them, and the information you choose to provide. The types of data we collect directly from you includes:
Name, address, telephone number, date of birth, and email address
Information about your medical conditions, treatment options, physician referrals, prescriptions, and lab results or other related health information, such as your physical and emotional characteristics
Log-in credentials if you create an account.
Billing information, such as shipping address, credit or debit card number, verification number, expiration date, and identity verification information, collected by our payment processors on our behalf.
Information about purchases or other transactions with us
Information about your customer service and maintenance interactions with us
Demographic information such as your gender and age
User-generated content you post in public online forums on our Services.
Any other information you choose to directly provide to us in connection with your use of the Services.
- Information We Collect Through Automated Means
We collect certain information about your use of the Services and the devices you use to access the Services, as described in this Section. As discussed further below, we and our service provider (which are third-party companies that work on our behalf) may use a variety of technologies, including cookies and similar tools, to assist in collecting this information.
We may collect protected health information (“PHI”), as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Any use of PHI will be in accordance with applicable laws, including HIPAA.
Our Websites. When you use our Websites, we collect and analyze information such as your IP address, browser types, browser language, operating system, the state or country from which you accessed the Services, software and hardware attributes (including device IDs) referring and exit pages and URLs, platform type, the number of clicks, files you download, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the terms you use in searches on our sites, the date and time you used the Services, errors logs, and other similar information.
Our Apps. When you use our Apps, we automatically receive certain information about the mobile phone, tablet, or computer used to access the Apps, including a mobile device identifier, IP address, operating system, version, Internet service providers, Browser type, domain name and other similar information, whether and when you update the Apps, date and time of use, and how you use the Apps, including time spent in different portions of the Apps.
Location Information. When you use the Services, we and our service provider’s may automatically collect general location information (e.g., IP address, city/state, and or postal code associated with an IP address) from your computer or mobile device. This information allows us to enable access to content that varies based on a user’s general location (e.g., to provide you with accurate sales tax information and to deliver content customized to your location).
We will ask your permission before collecting your precise GPS location information. In such instances, we will use your precise geo-location information to provide customized services, content, promotional offers, and other information that may be of interest to you. If you no longer wish for us and our service providers to collect and use GPS location information, you may disable the location features on your device. Please see your device manufacturer settings.
A web server log is a file where website activity is stored.
An SDK is a set of tools and/or code that we embed in our Apps and software to allow third parties to collect information about how users interact with the Services.
A cookie is a small text file that is placed on your computer or mobile device when you visit a site, that enables us to: (i) recognize your computer/device; (ii) store your preferences and settings; (iii) understand the parts of the Services you have visited and used; (iv), enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (v) perform searches and analytics; and (vi) assist with security and administrative functions.
Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronics tags with a unique identifier embedded in websites, online ads, and/or email that are designed to (1) collect usage information like ad impressions or clicks and email open rates; (2) measure popularity of the Services and associated advertising; and (3) access user cookies.
As we adopt additional technologies, we may also gather information through other methods.
Please note that you can change your settings to notify you when a cookie is being set or updated or block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari). Please note that by blocking, disabling, or managing any or all cookies, you may not have access to certain features or offerings of the Services.
- Information We Collect from Social Media and Other Content Platforms
When you “like” or “follow” us on Facebook, Instagram, Twitter, or other social media sites, we may collect some information from you, including your name, email address, and any comments or content you post relevant to us. We also collect your information if you sign up for one of our promotion’s or submit information to us through social media sites.
- Information We Receive Frame Other Sources
We work closely with third parties (including, for example, third-party intermediaries, such as the physicians, medical professionals, and pharmacies with whom we partner to provides you with the Services and their health care services, sub-contractors in technical, advertising networks, analytics provider’s, and search information provider’s). Such third parties will sometimes provide us with additional information about you.
PURPOSES FOR HOW WE USE YOUR INFORMATION
In connection with priding, you with the Services, we may use your information for our business purposes to:
Carry out, improved, and manage the Services and, as applicable, facilitate the provisions of health care services to you by physicians or other health care provider’s and ensure that the physicians or health care providers have the services and support necessary for health care operations.
Engage in internal research to understand the effectiveness of our Services, improved our Services, and better understand our user base. If we publish or provide the results of this research to others; In that case such research will be presented in a de-identified and aggregate form such that individual users cannot be identified.
Communicate with you about the Services, your use of the Services, or your inquiries related to the Services and send you communications on behalf of physicians or other health care providers utilizing the Services to meet your needs.
Communicate with you by email, postal mail, or phone about surveys, promotion’s, special events, or our products and services and those of our subsidiaries, affiliates, and parent companies and any of their related businesses and those of our third-party partners.
Provided you with technical support and customer service.
Verify your identity and administer your account, including pressing your payments and fulfilling your orders.
Ensure that content from our Services is presented in the most effective manner for you and for your computer or device, allow you to participate in interactive features of our Services (when you choose to do so), and as part of our efforts to keep our Services safe and secure.
Measure or understand the effectiveness of advertising and content we serve to you and others and deliver and customize relevant advertising and content to you.
Help us better understand your interests and needs, such as engaging in analysis and research regarding the use of the Services.
Comply in good faith with any Procedures, laws, and regulations which apply to us where it is necessary for our legitimate interests or the legitimate interests of others.
Establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others.
Aggregate/De-Identified Data. We may aggregate and/or de-identify any information collected through the Services so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, and sponsors.
ONLINE ANALYTICS, ADVERTISING AND COMMUNICATION
- Online Analytics
We may use third-party web analytics services (such as those of Google Analytics (including Google Signals, Google User-ID, and other Google Analytics features) and MixPanel) on our Services to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; assist with fraud prevention; try to locate the same unique users across multiple browser’s or devices to better tailor services and features, and ;provide certain features to you. If you have a Google account with personalized advertising enabled, through Google Signals, Google will also be able to gather for us analytics and engagement information from across the various devices you use to access the Services. To prevent Google from using your information for analytics (including cross-device tracking for personalization purposes), you may install the Google Analytics Opt-out Browser Add-on by clicking here. And to opt-out of Google Signals, please open your “Settings” app, locate, and tap “Google,” select “Ads,” and turn ON “Opt out of Ads Personalization.” You may also be able to disable cross-device tracking through your Android or Apple device-based settings.
If you receive email from us, we may use certain analytics tools, such as clear GIFs, to capture data, such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns.
- Online Advertising
We sometimes provide our customer information (such as email addresses) to service provider’s, who may “match” this information in de-identified form to cookies (or mobile ad identifiers) and other proprietary IDs in order to provide you with more relevant ads when you visit other websites and mobile applications.
Please note that if you exercise the opt out choices above, you will still see advertising when you use the Services, but it will not be tailored to you based on your online behavior over time.
- Mobile Advertising and SMS Messaging communication Policy
The following terms and conditions apply to our SMS and Messaging that you are agreeing to in our policy. When using mobile applications from us or others, you may also receive tailored in-application advertisements. We may use third-party service providers to deliver advertisements on mobile applications or for mobile application analytics. Each operating system, iOS for Apple phones, android for android devices, and Windows for Microsoft devices, provide its own instructions on how to prevent the delivery of tailored in-application advertisements. We do not control how the applicable platform operator allows you to control receiving personalized in-application advertisements; thus, you should contact the platform providers for further details on opting out of tailored in-application advertisements. You may review the support materials and/or the device settings for the respective operating systems to opt-out of tailored in-app advertisements.
Standard carrier message and data rates may apply. Please check your mobile service carrier’s pricing plan to determine the charges associated with sending and receiving text messages. All charges are billed by, and payable to, your mobile service provider. We do not charge you for sending or receiving text (SMS) messages.
You can opt out from future messages at any time by texting STOP from your mobile phone. You may also opt out by texting END, CANCEL, UNSUBSCRIBE or QUIT to us at any time. You agree that if you request to opt out from future messages, we may send you a one-time opt-out text message to confirm. If you would like to join again after opting out, please sign up as you did the first time, and we will resume sending automated SMS messages to you again. We reserve the right to remove subscribers from our messaging database at our discretion.
- Notice Concerning Do Not Track
Do Not Track (“DNT”) is a privacy preference that users can set in a certain web browser. We are committed to priding you with meaningful choices about the information collected on our website for third- party purposes. That is why we provide the variety of opt-out mechanisms listed above. However, we do not currently recognize or respond to browser-initiated DNT signals. To learn more about Do Not Track, you can do so here.
HOW WE SHARE AND DISCLOSE YOUR INFORMATION
We may share your information for our business purposes in the following ways:
Affiliates and Subsidiaries. We may share information we collect within any RX member or group (i.e., our subsidiaries and affiliates, including our ultimate holding company and its subsidiaries) to deliver products and services to you, ensure a consistent level of service across our products and services, and enhance our products, services, and your customer experience.
Health Care Providers and Services. We share your information with health care Providers: (i) to schedule and fulfill appointments and provide health care services as part of the Services, (ii) to whom you send messages through our Services, and (iii) for other treatment, payment, or health care operations purposes, including pharmacy services, upon your request.
Service providers. We provide access to or share your information with select third-parties who use the information to perform services on our behalf. They provide a variety of services to us, including billing, sales, marketing, advertising, analytics, research, customer service, shipping and fulfillment, data storage, IT and security, fraud prevention, payment processing, and auditing and legal services. These entities may also include health care organizations, pharmacies, and other third parties we use to support our business or in connection with the administration and support of the Services.
Business Transfers. As we continue to develop our business, we may buy, merge, or partner with other companies. In such transactions (including in contemplation of such transactions), user information may be among the transferred assets. If a portion or all our assets are sold or transferred to a third-party, customer information (including your email address) would likely be one of the transferred business assets. If such transfer is subject to additional mandatory restrictions under applicable laws, we will comply with such restrictions.
Public Forums. Certain features of our Services make it possible for you to share comments publicly with other users. Any information you submit through such features is not confidential, and we may use it for any purpose (including in testimonials or other marketing materials). For example, if you submit a product review on one of our sites, we may display your review (along with the name provided, if any) on other RX websites and third-party websites. Any information you post openly in these ways will be available to the public at large and potentially accessible through third-party search engines. Accordingly, please take care when using these features.
Consent. We may also disclose your information in other ways you direct us to and when we have your consent.
Aggregate/De-Identified Information. We reserve the right to create Aggregate/De-Identified Data from the information we collect through the Services. Our sharing of such Aggregate/De-Identified Data is at our discretion.
YOUR MARKETING CHOICES
THIRD-PARTY SERVICES AND NOTICE ABOUT HEALTH INFORMATION
HOW WE PROTECT YOUR INFORMATION
RX takes a variety of technical and organizational security measures to protect your information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, or access. However, no method of transmission over the Internet, and no means of electronics or physical storage, is secure. As such, you acknowledge and accept that we cannot guarantee the security of your information transmitted to, through, or on our Services or via the Internet and that any such transmission is at your own risk.
Where we have given you (or where you have chosen) a password that enables you to access the Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. The information you share in public areas may be viewed by any user of the Services.
PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS
If you are a California resident, California law requires us to provides you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).
Categories of personal information we collect and disclose. Throughout this Policy, we discuss in detail the specific pieces of personal information we collect from and about our users. Under the CCPA, we are also required to provide you with the “categories” of personal information we collect and the categories of third parties to which we disclose personal information. Please note that some of the information we collect through the Services (e.g., medical information) is subject to various health data privacy laws and is therefore not subject to the CCPA. See the following chart to understand more about the categories of personal information we collect that are subject to the CCPA and the third parties to which we disclose it:
Category of Personal Information Categories of Third Parties to Which We Disclose.
Identifiers and contact information (e.g., name, address, email address, account names) Service provider’s; our affiliates; health care provider’s and services; entities for legal and fraud prevention.
Commercial and transactional information (e.g., information about your purchases) Service provider’s; our affiliates; health care provider’s and services; entities for legal and fraud prevention
Financial information (e.g., credit card info collected by our payment processor) Payment processors; service provider’s; our affiliates; entities for legal and fraud prevention.
Internet or other network or device activity (e.g., IP address, browsing history, app usage) Service provider’s; our affiliates; entities for legal and fraud prevention.
Geolocation information (e.g., general location and precise location, with your permission) Service provider’s; our affiliates; entities for legal and fraud prevention
Demographic and statistical data (e.g., your gender, interests based on products and services you use) Service provider’s; our affiliates; entities for legal and fraud prevention.
Physical characteristics (e.g., photos of you) Service provider’s; our affiliates
User-generated content (e.g., information you choose to post in our online forums) Service provider’s; our affiliates; entities for legal and fraud prevention.
Customer service data (e.g., information you provide through a chat or call with RX’s Care Team) Service provider’s; our affiliates; health care provider’s and services; entities for legal and fraud prevention.
The business purposes for which we use the personal information we collect are manage, facilitate, and improved the Services; research, marketing, and analytics; communicate with users; technical support and customer service; security and fraud prevention; and legal compliance and defense. For more detailed information about how we use and share your personal information, please see the “Purposes for How We Use Your Information” and “How We Share and Disclose Your Information” sections of this Policy above.
Your California Privacy Rights
CCPA Rights Disclosure. If you are a California resident, the CCPA allows you to make certain requests about your personal information. Specifically, the CCPA allows you to request us to:
Inform you about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your personal information; and third parties with whom we share/disclose personal information.
Provides access to and/or a copy of certain information we hold about you.
Delete certain information we have about you.
The CCPA further provides you with the right to not be discriminated against (as provided for in applicable law) for exercising your rights.
Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide the Services to you. We also will take reasonable steps to verify your identity before responding to a request.
If you are a California resident and you would like to exercise any of your data rights under California law, please click here to submit your request through our web form. Alternatively, you can email us at california-privacy@RX.co. Please include your full name, email address, and residential address associated with your use of our Services, along with the rights you would like to exercise, so that we can process your request in an efficient manner. If you would like to receive a copy of your medical history in connection with your request, please indicate that in your email message. By requesting your medical history in this way, you are agreeing to receive your medical record in an unencrypted email message.
Sale of Personal Information. RX does not, and will not, sell information that identifies you, such as your name, email address, phone number, or postal address. Like many companies with an internet presence, we do work with third parties that provide marketing and advertising services to us, including interest-based advertising services, and these third parties may place tags, pixels, cookies, beacons, and other similar tracking mechanisms on our Website and App and collect your online identifiers. Because of the CCPA’s broad definitions of “sale” and “personal information,” making certain online identifiers available to these companies so that they can provide marketing and advertising services to RX may be considered a “sale” under the CCPA. To opt-out of sharing your information with participating third parties for interest-based advertising, please visit the Network Advertising Initiative’s Consumer Opt-Out Link, the Digital Advertising Alliance’s Consumer Opt-Out Link, and Your Online Choices. Please note that these opt-outs are device and Browser-based, so you will need to opt-out on each of your devices and Browsers. For more information, see the Online Analytics and Advertising Section above.
Shine the Light Disclosure. The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.
PRIVACY INFORMATION FOR NEVADA RESIDENTS
Under Nevada law, certain Nevada consumers may opt-out of the sale of “personally identifiable information” for monetary consideration (as such terms are defined under Nevada law) to a person for that person to license or sell such information to additional persons. We do not engage in such activity; however, if you are a Nevada resident who has purchased services from us, you may submit a request to opt-out of any potential future sales under Nevada law by nevada-privacy@RX.co. Please note we will take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change.
RETENTION OF YOUR INFORMATION
We keep your information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.