Updated: August 29, 2022
California’s “Shine the Light” law, California Civil Code § 1798.83, requires that certain businesses respond to requests from their California customers (those with whom we have an established business relationship) concerning the businesses’ practices related to disclosure of Personally Identifiable Information to third parties for the third parties’ direct marketing purposes. We do not provide Personally Identifiable Information to third parties for their direct marketing purposes without your express consent (opt-in).
1. Information We Collect
1.1 INFORMATION YOU PROVIDE
(a) Personally Identifiable Information. To use the member portal, and thus become a “Member,” you will be required to provide us with certain information as described below (“Personally Identifiable Information”). We may collect some or all of this information through various forms and in various places through your use of the Site and through our delivery of the Services, including use of our account registration forms, contact us forms, and other forms utilized by the Site. If you become a Member, you will be required to create a user profile account with us (“Account”). The current required data fields include, but are not necessarily limited to:
- Address (Billing & Shipping)
- Email address
- Home phone number
- Mobile phone number
- Credit card number, expiration date & security code and/or information regarding your PayPal, Google Wallet or other digital payment accounts
- Contact information for users of the Services for purposes of receiving information about the Services, such as prescription benefit, disease management, and specialty pharmacy services.
- Responses to surveys we send to you or your dependents
- Information we receive from your employer or health plan sponsor
1.2 INFORMATION WE COLLECT AS YOU ACCESS THE SITE
(a) Generally. In addition to any Personally Identifiable Information or other information that you choose to submit to us, we and our third-party service providers may use a variety of technologies that automatically (or passively) collect certain information whenever you visit the Site (“Non-Personally Identifiable Information”). Non-Personally Identifiable Information may include the browser that you are using and how and when you use the Site. We may use Non-Personally Identifiable Information for various reasons, such as providing and enhancing the services for you and other users. In addition, we may collect your IP address or other unique identifier that identifies the device from which you access the Site. This identifier is a number that is automatically assigned to your device, which our computers use to identify you and your device. This information may be non-identifying or may be associated with you. If we associate any Non-Personally Identifiable Information or information that identifies your device with your Personally Identifiable Information, we will treat it as Personally Identifiable Information.
(b) Geo-Location Information. We may collect information as you navigate the Site, which may include geographic location.
(c) Cookies. A cookie is a data file placed on a computer or other device when it is used to access the Site. A Flash cookie is a data file placed on a device via the Adobe Flash plug-in that may be built-in to or downloaded by you to your device. Cookies and Flash cookies may be used for many purposes, including, without limitation, remembering you and your preferences and tracking your visits to the Site. Cookies work by assigning a number to the user that has no meaning outside of the assigning website.
(d) Web Beacons. Small graphic images or other web programming code called web beacons (also known as “1×1 GIFs” or “clear GIFs”) may be included in our web and mobile pages and messages. The web beacons are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored in a user’s computer hard drive, web beacons are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. Web beacons or similar technologies help us better manage content on the Site by informing us what content is effective, monitor how users navigate the Site, and manage the users’ experience on the Site.
(e) Embedded Scripts. An embedded script is programming code that is designed to collect information about your interactions with the Site, such as the links you click on. The code is temporarily downloaded onto your device from our web server or a third-party provider, is active only while you are connected to the Site, and is deactivated or deleted thereafter.
1.3 INFORMATION THIRD PARTIES PROVIDE ABOUT YOU
We may, from time to time, supplement the information we collect about you through our Site with outside records from third parties in order to provide our services to you, enhance our ability to serve you, and tailor our content to you. For example, we may collect information from third-party providers that you visit when using the Site.
1.4 INFORMATION COLLECTED BY OUR MOBILE APP
You may access the Member Portal and use the Services by accessing our mobile applications on a mobile device. By doing so, we may collect and use technical data and related information, including but not limited to, technical information about your device, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other Services to you (if any) related to our mobile applications. In addition, if you use our mobile applications, it may automatically collect and store some or all of the following information from your mobile device, including without limitation:
- Your preferred language and country site (if applicable)
- Your phone number or other unique device identifier assigned to your mobile device, such as the Mobile Equipment ID number
- The IP address of your mobile device
- The manufacturer and model of your mobile device
- Your mobile operating system
- The type of mobile internet browsers you are using
- Your geolocation
- Information about how you interact with the mobile application and our website(s) to which the application links, such as how many times you use a specific part of the mobile application over a given time period, the amount of time you spend using the application, how often you use the application, actions you take in the application and how you engage with the application
We may use information automatically collected by the mobile applications in the following ways:
- To operate and improve Site and Services
- To create aggregated and anonymized information to determine which application features are most popular and useful to users, and for other statistical analyses
- To allow us to personalize the Services and content available through the mobile application
1.5 USER INFORMATION.
Unless otherwise noted elsewhere in this Policy, Personally Identifiable Information and Non-Personally Identifiable Information shall be collectively referred to as “User Information”.
2. How We Use User Information
2.1 TO PROVIDE OUR SERVICES.
We use your User Information to respond to your requests, such as to fulfill your order, contact you with information about your order, send you email alerts, send you newsletters, and provide you with related Member services. We may also use your User Information to send communications and administrative information to you, as permitted by law and our client agreements, including through the use of push notifications in our apps. We may use User Information to personalize your experience on the Site and improve your use of the Services, including by presenting products and content tailored to you, and for our business purposes, such as data analysis, audits, fraud monitoring and prevention, improving our Services and developing new products and services, determining the effectiveness of our promotional campaigns, and operating and expanding our business activities.
2.2 PROVIDER BUSINESS PARTNERS.
We may disclose User Information to our service providers, including those who provide website hosting, data analysis, payment processing, order fulfilment, information technology, specialty and mail pharmacy services, customer service, email delivery, auditing, and other services.
2.3 IP ADDRESS.
We use your Internet Protocol (IP) address to help diagnose problems with our computer server, and to administer our Site. Your IP address is used to help identify you, but contains no Personally Identifiable Information about you.
2.4 REGULATORY OR LEGAL REQUIREMENTS.
If we are requested by law enforcement officials or judicial authorities to provide User Information, we may do so. In matters involving claims of personal or public safety or in litigation where the information is pertinent (including to allow us to pursue available remedies or limit the damages that we may sustain), we may use or disclose User Information, including without court process. We may also use or disclose User Information to enforce the Terms of Service, to protect our operations or those of any of our affiliates, or to protect our rights, privacy, safety, or property and that of our affiliates, you, or others. We may use and disclose User Information to investigate security breaches or to cooperate with authorities.
2.5 SOCIAL MEDIA
2.6 CHANGE OF OWNERSHIP
In the event that some or all of Company’s business, assets, or stock are sold or transferred (including in connection with any bankruptcy or similar proceedings) or used as security, or to the extent we engage in business negotiations with third-parties, User Information may be transferred to or shared with third parties as part of any such transaction or negotiation; provided, however, that such third parties are required to execute and be bound by a confidentiality and non-disclosure agreement protecting the confidentiality of your User Information.
3. Account Cancellation
We will retain User Information for as long as an Account remains active. Even after an account is terminated, we may retain certain User Information as necessary to comply with our legal and regulatory obligations, resolve disputes, conclude any activities related to cancellation of an Account (such as addressing chargebacks), investigate or prevent fraud and other inappropriate activity, to enforce our agreements, and for other business reasons consistent with applicable law.
4. Intended Members
Our Services are not directed to nor intended for use by minors under the age of 13. We do not intentionally collect User Information from any person we know to be under 13, and instruct users under 13 not to send any information to or through our services. If we discover that we have collected User Information from a person under 13, we will delete that User Information immediately. If you are a parent or guardian of a minor under the age of 13 and believe he or she has disclosed User Information to us, please contact us.
The Services are designed for users from, and are controlled and operated by Company from, the United States. By using the Services, you consent to the transfer of your information to the United States, which may have different data protection rules than those of your country.
5. How We Protect Your Information
User Information is stored within our databases using standard, industry-wide, commercially reasonable security practices and procedures such as encryption, firewalls and SSL (Secure Socket Layers), and we implement all security measures required by law. As effective as such technology and efforts may be, no security system is infallible and impervious from attack or hacking; therefore, we cannot guarantee the security of our databases, nor can we guarantee that User Information will not be intercepted while being transmitted to us over the Internet or wireless communication, or accessed when stored on our or our service providers’ servers, and any information you transmit to us is at your own risk. To help us protect your information, we strongly encourage you to not share your username or password with anyone.
6. Member Settings
You can manage your communications preferences in the Member Portal from your member dashboard. You may control the receipt of push notifications from Company through your mobile device settings. If you choose to receive communications from us via e-mail or other electronic means, you acknowledge that you are electing to receive such information, which may contain your Protected Health Information as defined by HIPAA, through an unencrypted method of communication. You further acknowledge that the information contained in an unencrypted email and/or text message is at risk of being intercepted and read by, or disclosed to, unauthorized third parties. You can request the removal or modification of the personal information you have provided to us by sending an email to the appropriate area under “Contact Information”. For your protection, we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity and obtain information on the context in which you provided your personal information before implementing your request. We will try to accommodate your request as soon as reasonably practicable. There may also be residual information that will remain within our databases and other records, which will not be removed.
7. Member Responsibility
By establishing an account with us, you agree that it is your responsibility to:
- 1. Authorize, monitor, and control access to and use of your account, User ID, and password.
- 2. Promptly inform us of any need to deactivate a password or an account by calling member services at the number on your member benefit card.
8. Contact Information