The Type of Information the Service Collects:
- Our servers may also automatically collect information about you, your online behavior and your computer, mobile or other device. The information collected may include, without limitation, the make, model, settings, specifications (e.g., CPU speed, connection speed, browser type, operating system, device identifier) and geographic location of you and/or your computer, mobile or other device, as well as date/time stamp, IP address, pages visited, time of visits, content viewed, ads viewed, the site(s), application(s), destination(s), and/or service(s) you arrived from, and other clickstream data.
How the Site or Application Uses and Shares Your Information
- We use PII and/or PHI you supply through the Site or Application to provide you with the merchandise, product, service, and/or Content you have requested. For example, if you subscribe to any of our electronic communications, we may use your e-mail address to send you a confirmation notice and your mailing address to send you the electronic communications. We may also use the information to communicate with you about new features, products or services, and/or to improve the services that we offer by tailoring them to your needs.
- We may also allow access to our database by third parties that provide us with services, such as technical maintenance, market research, community and forums management, and other classified ads functionality, but only for the purpose of and to the extent necessary to provide those services. And if you choose to purchase merchandise, products and/or services, including without limitation Content, on or through features on the Service, we may forward your information to third parties for services such as credit card or other payment processing, order fulfillment, credit pre-authorization, and address verification. There are also times when you provide information about yourself to us in areas of the Site or Application that may be managed or participated in by third parties. In such cases, the information may be used by us and by such third party(ies), each pursuant to its own policies. We may also provide your information to our advertisers, so that they can serve ads to you that meet your needs or match your interests. While we may seek to require such third parties to follow appropriate privacy policies and will not authorize them to use this information except for the express purpose for which it is provided, we do not bear any responsibility for any actions or policies of third parties. Any third parties granted access to PHI for contracted business purposes are required to sign a Business Associate Agreement.
For data of residents of the Commonwealth of Massachusetts, third-parties are required to adhere implement security measures in accordance with standards set forth in Massachusetts 201 CMR 17.
- We reserve the right to access, use, and share with others your personally identifiable information for purposes of health, safety and other matters of public interest.
- We may also provide access to our database in order to cooperate with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, as well as private parties, including, for example, in response to subpoenas, search warrants, court orders, or other legal process.
- In addition, we reserve the right to use the information we collect about your computer, mobile or other device (including its geographic location), which may at times be able to identify you, for any lawful business purpose, including without limitation to help diagnose problems with our servers, to gather broad demographic information, analyze trends, track users’ movements around the Service, and to otherwise administer the Service. Geographic location information about you and/or your computer, mobile or other device may specifically be used to show you content and sponsored messaging based on geographic location.
- We reserve the right to use, transfer, sell, and share aggregated, anonymized data about our users as a group for any lawful business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients and customers.
- In addition, as our business changes, we may buy or sell various assets. In the event all or a portion of the assets owned or controlled by us, our parent or any subsidiary or affiliated entity are sold, assigned, transferred or acquired by another company, the information from and/or about our Site or Application users may be among the transferred assets.
- We reserve the right to identify you from your Registration Information and/or to merge or co-mingle anonymous or non-personally identifiable data about you, your offline and online behavior, and/or your computer, mobile or other device (including its geographic location), with your Registration Information and/or other personally identifiable data for any lawful business purpose.
Your Rights with Respect to Your Data
You have rights regarding the data collected by us. You may access your information in your at any time through the platform. You may also directly request what PHI data is held by ZappRx through a direct request. In addition, you have a right to an accounting of any disclosures of your data performed by ZappRx.
You may also make a Request for Correction of your Personal Information, including your or your patients’ Protected Health Information that was provided by you if you detect or suspect any data is inaccurate. Any written request for correction or access to data that is denied will result in an explanation in writing. Requests will be responded to within 60 days.
Your data is provided to us by prescribers and practices under Business Associate Agreements. In coordination with your applicable health care practices, you have a right to remove your data. We will verify your identity and communicate with the applicable practice(s) in a secure manner before taking any action. When you request us to inactivate/remove your information, your identity is verified and appropriate coordination with the practices(s) is made, we will cease active use of your PII or PHI in our platform. While data will not be actively used or visible, ZappRx is required to retain all PHI for a period of at least 6 years in accordance with laws and regulations for backup retention purposes. This information shall be made available pursuant to a duly executed authenticated authorization to release any records.
ZappRx may apply a reasonable fee equal to the administrative, copying and communication costs for the retrieval, preparation and transmission of data provided as part of an information request. No disclosures of PHI stored in backup media will not be disclosed unless required by law.
This notice is publicly available on the ZappRx website. You also have the right to paper copy of this notice, which can be provided upon request.
Our Responsibilities with Respect to Your Data
ZappRx is required to provide you with our legal duties with respect to your information. We are required by law to keep your PHI private and secure. We will notify in the event of a breach of your PHI in a timely manner.
ZappRx has designated as Privacy Officer to oversee its privacy program including compliance with laws and regulations such as HIPAA.
Local Device Storage and Tracking:
- The Site or Application may at times place and/or store code or other types of information and/or devices (e.g., “cookies”) on your computer, mobile or other device (“Local Device Storage”). We may use Local Device Storage for any lawful business purpose, including without limitation to determine which of our messages have been opened by recipients so we can gauge the effectiveness of marketing campaigns, to control the display of ads, to track usage patterns, the movements of individual users, and your geographic location, to help diagnose problems with our servers, to gather broad demographic information, to analyze trends, to conduct research, to deliver editorial content, to record registration and personalization information, and to otherwise administer the Site or Application. For example, if you register on any part of the Site or Application and are given the option to save your user name and password, we may provide this convenience to you via Local Device Storage. Local Device Storage may also collect and store your personally identifiable information, which may be shared with our parent, subsidiaries, and affiliates and other companies.
- If you do not want Local Device Storage, your computer, mobile or other device may include an option that allows you to not accept it. However, if you disable Local Device Storage, some portions of the Site or Application may not function properly.
- In addition to Local Device Storage, we may use web beacons, web bugs, clear gifs, and similar technologies (collectively, together with Local Device Storage, the “Tracking Technologies”). We would use Tracking Technologies for all or some of the same lawful business purposes we describe above for use of Local Device Storage.
- As discussed below, you may opt out of third party tracking on the Service at any time. However, we do not currently support any browser based Do Not Track (DNT) settings or participate in any DNT frameworks, and we do not assign any meaning to potential DNT track signals you may send or alter any of our data collection or use practices in response to such signals.
How to Opt-Out of Third Party Tracking Technologies:
Information Security and Notification:
Kids and Parents/ California Customers – Your Privacy Rights:
The Site or Application is not intended for use by children, especially those under age 13. No one under age 13 is allowed to register for the Site or Application or provide any personally identifiable information or use our social, community, and public discussion areas, photo and video galleries, bulletin boards, forums, chats, blogs, personal/job search and other classified ads, and elsewhere. Minors between the ages of 13 and 17, inclusive, must get the permission of their parent(s) or legal guardian(s) before making purchases, including subscriptions, on this Service.
Complaints or Inquiries:
ZappRx takes all complaints and inquiries regarding the use and storage of PHI seriously in accordance with laws and regulations.
If you have any other concerns or questions about any aspect of this policy, please feel free to contact our the Privacy Officer at firstname.lastname@example.org or by mail at the following address:
Privacy Officer, ZappRx, Inc.
746 Atlantic Avenue
Boston, MA 02111
Last updated: April 27, 2017