Effective: May 18, 2020
II. PERSONAL INFORMATION
a. Information We Collect
We collect a variety of personally identifiable information (“PII”) about users in order to conduct our Service Offerings. “PII” means information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular user.
PII does not include “De-Identified Information” which is information or data we collect from which individual user identities have been removed. De-identified Information may be aggregated to helps us understand trends, user needs and other information to provide improved Service Offerings. We also collect “Non-Personal Information” about your use and interaction with our Service Offerings. “Non-Personal Information” means information that we cannot use to identify you. Non-Personal Information is not treated as PII unless we combine it with or link it to PII that you give to us. We may collect your Non-Personal Information through cookies, web beacons, log files, and similar technologies. “Cookies” are small files that we place on your computer. Your browser can be configured to accept or reject most types of cookies. Please consult your browser’s documentation for more information.
b. Information About Others
III. HOW WE COLLECT INFORMATION, AND CATEGORIES OF INFORMATION
a. Information You Give Us
We collect PII that you give to us when you register or use our Service Offerings. When you register for a user account (“Account”) on the website or mobile application, you will be assigned a unique account identifier (“Account ID”) which will be saved and be associated with any PII you give to us under your Account ID. In particular, we may collect the following categories of information from users:
- Identifiers, which may include, for example, a real name, Internet Protocol address, email address, telephone number, or other similar identifiers.
- Categories of information including driver’s license, insurance policy number, medical information, or health insurance information.
- Classification characteristics, including age, marital status, medical conditions, and sex
You may give us information to allow us to contact you or use certain features available through our Service Offerings without signing up for an Account, such as when you fill out a request form, report a coupon, co-pay card or voucher, provide feedback, email us, or engage in communications with our team. Some of this information may be collected when you use some functionality of the Service Offerings without registering for an Account.
b. Location Information
When you access or use our Service Offerings using a desktop or mobile device, you can enter your location or give us your consent to access your location (“Location Information”). If you use our mobile application, we may, in accordance with your consent, passively collect Location Information when our application is installed on your mobile device. You can change the privacy settings of your mobile device at any time to stop sharing your Location Information with us. Please note that certain features and functionality may be affected or be unavailable if you do not share your Location Information with us.
c. Call Recording and Monitoring
d. Information We Collect Automatically
Even if you do not provide any PII to us, we automatically collect certain information about your use and interaction with our Service Offerings. For example, when you visit our website, our systems automatically maintain web logs to record data about all visitors who use our website and stores this information in our database. These web logs may contain information about you including the following: IP address, type(s) of operating system you use, type of device you use, date and time you visited the website, your activity and/or referring websites. We use your log information to troubleshoot problems, gather demographic information, customize your experience when accessing our Service Offerings and other business purposes.
e. Information Collected from Other Sources
f. Cookies and Web Beacons
A cookie is a small data file that certain websites write to your computer hard drive when you visit the website. These files identify your computer and record your preferences and other data about your visit to our website and/or websites you accessed before visiting our Service Offerings.
A web beacon is a tiny, often invisible graphic image displayed in a webpage, web-based document, or e-mail message. When the user’s web browser reads the code embedded in a web beacon, it can pass along the following information to us: IP address of the user’s computer or mobile device, date and time viewed, length of time viewed and type of browser used. Web beacons can also be linked to a user’s cookies and any personally identifiable information that may be stored in them.
IV. HOW WE USE INFORMATION COLLECTED
We may use, disclose, or store the PII we collect about you to operate our business and deliver our Service Offerings. We utilize PII for the following purposes:
- Process, complete and fulfill your requested transactions, e.g., to administer Service Offerings;
- Provide you with support or access to Service Offerings and other tool or offerings;
- Respond to your inquiries, including to investigate complaints and address various requests;
- Send you administrative communications;
- Obtain your feedback on our site and our Service Offerings;
- Combine your information with other information, including without limitation, demographics, prescription drug pricing, or other aggregated information, for analysis, testing and other purposes;
- Statistically analyze or measure user behavior, activity and industry trends for testing or other purposes that may help us improve our Service Offerings;
- Provide you with related content, marketing and/or advertisements;
- Conduct research on and/or analyze Accounts or website activities; or
- Send you personalized emails, offers, information and secure electronic messages pertaining to your Account, activities or related interests, including news, announcements, marketing, reminders and opportunities.
- Respond to law enforcement requests as required by applicable law, regulation, or court order. Investigate security breaches or otherwise cooperate with authorities.
V. WITH WHOM DO WE SHARE INFORMATION
a. Disclosure to Third Parties
We may disclose your PII or Non-Personal Information to third parties for any of the permitted uses described above. For example, we may disclose your Personally Identifiable Information or Non-Personal Information to:
- Our service providers, clients or agents, who facilitate or provide services related to Services Offerings such as website hosting, data analysis, payment, payment processing, coupon/co-pay card/voucher fullfilment, information technology and related infrastructure provision, customer service, e-mail delivery, auditing, and other services;
- Law enforcement officials, regulatory authorities, or as otherwise required by law.;
- Our Related Entities or business partners;
- Third parties in connection with the sale or transfer of some or all of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings or by way of merger or other change of control) or as security, or to the extent we engage in business negotiations with third parties, to third parties as part of any such transaction or negotiation; or
b. Disclosure Without Your Consent
In general, we may disclose your information without your consent to disclosure when we reasonably believe disclosure is appropriate in order to:
- Comply with the law (e.g., lawful subpoena or court order);
- Cooperate with or report to law enforcement agencies in investigations that involve users who use our Service Offerings for activities that are or seem illegal or illegitimate activities;
- Enforce or apply agreements for our Service Offerings; or
- Protect our rights or property or that of our affiliates, including respective officers, directors, employees, agents, third-party content providers, suppliers, sponsors, or licensors (e.g., to address allegations about fraudulent or unlawful activity related to a Truveris account).
We may share your information amongst Related Entities where it is necessary to support, improve, develop or otherwise provide the Service Offerings to you.
c. Sale of Personal Information
In the preceding twelve (12) months, we have not sold personal information.
d. Disclosure Related to Business Events
Information about our users, including PII, may be disclosed as part of any merger, acquisition, public offering or sale of company assets. It may also be disclosed in the unlikely event of insolvency, bankruptcy, or receivership in which personally identifiable information would be transferred as one of our business assets.
VI. YOUR RIGHTS AND CHOICES
You can request the removal or modification of the PII you have provided to us by sending an e-mail to firstname.lastname@example.org. For your protection, we may only implement requests with respect to the PII associated with the particular e-mail address that you use to send us your request, and we may need to verify your identity and obtain information on the context in which you provided your PII before implementing your request. We will try to accommodate your request as soon as reasonably practicable.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.
You may click the unsubscribe link at the bottom of emails you receive from us to stop receiving emails and reply STOP to our text messages to stop receiving SMS messages. You may control the receipt of push notifications from our mobile applications through your mobile device settings. Do-Not-Track Signals your browser may allow you to send us a “do-not-track signal” to communicate your privacy preferences to us. The Service Offerings do not respond to browser do-not-track signals.
a. Your California Privacy Rights
California Civil Code Section § 1798.83 permits users of the Services that are California residents to request certain information regarding our disclosure of PII to third parties for their direct marketing purposes. To make such a request, please contact us as described in the “Contact Us” section below.
- Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we disclosed your personal information for a business purpose, identifying the personal information categories that each category of recipient obtained.
- Deletion Request Rights
You have the right to request that we delete any of your PII that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Comply with other existing law, regulation, court order, or other legal or contractual requirement.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by sending us a message as described in the “Contact Us” section below. Only you, or a person that you authorize to act on your behalf (consistent with applicable law), may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
b. Response Timing and Format
We aim to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
c. Updating/Removing Your Personal Information through User Account
You can also customize how we collect and uses your information as set forth below. However, you should note that your decisions on how to customize the collection of your information may impact the functionality or availability of the Service Offerings. Here are some examples of how to customize the collection of information for the Service Offerings:
- Search History: You can choose to clear recent searches at any time by selecting Settings and clicking Clear Recent Searches in the app or browser. Doing so removes all saved content such as the name and dosage of a recent prescription drug so that any future user of the Service Offerings will see no trace of your history.
- Health Insurance Information: When you enter your insurance information on certain Service Offerings, we save this data to process and identify your pharmacy related benefits, including without limitation, to determine if a prescription drug is covered, your out-of-pocket obligations and other benefit related restrictions and requirements. You may clear this information at any time by going to Settings, Account Info, Insurance Settings, and then clearing data and tapping Save in the app or browser.
- Coupon Eligibility Information: By providing your date of birth, gender and zip, you activate the ability to verify your eligibility for particular coupons. In some cases, you may elect to share your information with third parties including pharmaceutical manufacturers for benchmarking purposes and/or to receive third party communications relating to specific drugs and conditions.
We will not discriminate against you for exercising any of the rights above. Unless permitted by the law, we will not:
- Deny you goods or services.
- Provide you a different level or quality of goods or services.
VII. HOW WE SECURE AND PROTECT INFORMATION
We also urge you to take additional steps on your own to safeguard and maintain the integrity of your PII. For example, you should never share your account or login information with other people and be sure to sign off when finished using a shared or public computer. We urge you to be aware that if you use or access our Service Offerings through a third-party computer network (e.g., employer, internet café, library) or other potentially non-secure internet connection, such use is not recommended and solely at your own risk. It is your responsibility to check beforehand on the privacy and/or security policy of your network prior to accessing the Service Offerings.
We are committed to protecting the privacy of children and are committed to preventing the unintentional collection of Personal Information and Protected Health Information from children under the age of 13 in accordance with the Children’s Online Privacy Protection Act (“COPPA”). Our Service Offerings are not designed or intended to attract children under the age of 18, and we do not knowingly allow individuals under the age of 18 to create Accounts. A parent or legal guardian, however, may use our Service Offerings on behalf of a minor in their custody. The parent or legal guardian is solely responsible for any information provided on behalf of the minor and for ensuring that registration and information submitted is accurate and remains safe. The parent or legal guardian also assumes full responsibility for the interpretation and use of any information provided through our Service Offerings for the minor.
If you are the parent or legal guardian of a child under the age of 13, and you have reason to believe that your child has provided his or her own PII to us, you have the right to request the removal of that child’s PII from our database. In order to request such removal, please Contact Us. You will be required to verify your identity and status as the child’s parent or legal guardian in order to have their PII removed.
b. External links
We do not control and are not responsible or liable for the security, authenticity, updates, accuracy of information, privacy policies, practices or otherwise of other websites or applications you might visit, interact with, or from which you might obtain services or products, even if you visit them using links from our Service Offerings. The purpose of the external sites is to provide users with further outside resources, which may or may not be related to Truveris, such as Prescription Assistance Programs, organizations, and further information to potentially help users.
c. Using our Service Offerings from outside the United States
Truveris services are intended for use only by residents of the United States. As of May 25, 2018, Truveris redirects website visitors from the European Union to a message notifying such visitors that they cannot use Truveris and does not permit them to register or to use our services. We do not collect any personally identifying information from such visitors to our Site, although we do archive their IP addresses.
BY POSTAL MAIL
Attn: Privacy Officer
2 Park Avenue, Suite 1500
New York, NY 10016