1. Information We Collect
1.1 INFORMATION YOU PROVIDE
(a) Personally Identifiable Information. To use the RxSense Member Portal, and thus become a “Member,” you will be required to provide us with certain Personally Identifiable Information as described below. We may collect some or all of this information through various forms and in various places through the Member Portal, the delivery of the services, or our mobile applications, including account registration forms, contact us forms, or when you otherwise interact with us. If you become a Member, you will be required to create a user profile account with us (“Account”). The current required data fields include, but are not necessarily limited to:
Address (Billing & Shipping)
Home phone number
Mobile phone number
Credit card number, expiration date & security code and or information regarding your PayPal, Google Wallet or other digital payment accounts
Contact information for users of the Services for purposes of receiving information about our products and services, such as prescription benefit, disease management, and specialty pharmacy services.
Responses to surveys we send to you or your dependents and responses to those surveys
Information we receive from your employer or health plan sponsor
1.2 INFORMATION WE COLLECT AS YOU ACCESS THE MEMBER PORTAL & MOBILE APPLICATIONS
(a) Generally. In addition to any Personally Identifiable Information or other information that you choose to submit to us, we and our third-party service providers may use a variety of technologies that automatically (or passively) collect certain information whenever you visit the Member Portal or access or use our mobile applications (“Non-Personally Identifiable Information”). Non-Personally Identifiable Information may include the browser that you are using and how and when you use the Member Portal. We may use Non-Personally Identifiable Information for various reasons, such as providing and enhancing the services for you and other users. In addition, we may collect your IP address or other unique identifier that identifies the device from which you access the Member Portal or our mobile applications. This identifier is a number that is automatically assigned to your device and which our computers use to identify you and your device. This information may be non-identifying or may be associated with you. If we associate any Non-Personally Identifiable Information or information that identifies your device with your Personally Identifiable Information, we will treat it as Personally Identifiable Information.
(b) Geo-Location Information. We may collect information as you navigate the Member Portal or use our mobile applications, which may include geographic location.
(c) Cookies. A cookie is a data file placed on a computer or other device when it is used to access the Member Portal or our mobile applications. A Flash cookie is a data file placed on a device via the Adobe Flash plug-in that may be built-in to or downloaded by you to your device. Cookies and Flash cookies may be used for many purposes, including, without limitation, remembering you and your preferences and tracking your visits to our web pages. Cookies work by assigning a number to the user that has no meaning outside of the assigning website.
(d) Web Beacons. Small graphic images or other web programming code called web beacons (also known as “1×1 GIFs” or “clear GIFs”) may be included in our web and mobile pages and messages. The web beacons are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored in a user’s computer hard drive, web beacons are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. Web beacons or similar technologies help us better manage content on the Member Portal or our mobile applications by informing us what content is effective, monitor how users navigate the Member Portal, and manage the users’ experience on the Member Portal.
(e) Embedded Scripts. An embedded script is programming code that is designed to collect information about your interactions with the Member Portal, such as the links you click on. The code is temporarily downloaded onto your device from our web server or a third party provider, is active only while you are connected to the Member Portal or our mobile applications, and is deactivated or deleted thereafter.
1.3 INFORMATION THIRD PARTIES PROVIDE ABOUT YOU
We may, from time to time, supplement the information we collect about you through our Site or App with outside records from third parties in order to provide our RxSense services to you, enhance our ability to serve you, and to tailor our content to you and to offer. For example, we may collect information from third party Providers that you visit when using the Member Portal and mobile applications.
1.4 INFORMATION COLLECTED BY OUR MOBILE APP
You may access the Member Portal and use the Services by accessing our mobile applications on a mobile device. By doing so, we may collect and use technical data and related information, including but not limited to, technical information about your device, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other Services to you (if any) related to our mobile applications. In addition, if you use our mobile applications, it may automatically collect and store some or all of the following information from your mobile device, including without limitation:
Your preferred language and country site (if applicable)
Your phone number or other unique device identifier assigned to your mobile device -such as the Mobile Equipment ID number
The IP address of your mobile device
The manufacturer and model of your mobile device
Your mobile operating system
The type of mobile Internet browsers you are using
Information about how you interact with the Mobile Application and any of our web sites to which the application links, such as how many times you use a specific part of the mobile application over a given time period, the amount of time you spend using the application, how often you use the application, actions you take in the application and how you engage with the application
Information to allow us to personalize the Services and content available through the mobile application
We may use information automatically collected by the mobile applications in the following ways:
To operate and improve our Member Portal, mobile applications and RxSense Service
To create aggregated and anonymized information to determine which application features are most popular and useful to users, and for other statistical analyses
1.5 USER INFORMATION
Unless otherwise noted elsewhere in this Policy, Personally Identifiable Information and Non-Personally Identifiable Information shall be collectively referred to as “User Information”.
2. How We Use the Information Described in This Policy
2.1 TO PROVIDE OUR SERVICE
We use your personal information to respond to your requests, such as to fulfill your order, contact you with information about your order, send you email alerts, send you newsletters, and provide you with related Member services. We may also use your information to send communications and administrative information to you, as permitted by law and our client agreements, including through the use of push notifications in our apps. We may use personal information to personalize your experience on the Services, including by presenting products and content tailored to you, and for our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing our Services and new products and services, determining the effectiveness of our promotional campaigns, and operating and expanding our business activities.
2.2 RXSENSE BUSINESS PARTNERS
We may disclose personal information to our service providers, who provide services such as website hosting, data analysis, payment processing, order fulfilment, information technology, specialty & mail pharmacy services, customer service, email delivery, auditing, and other services.
2.3 IP ADDRESS
We use your Internet Protocol (IP) address to help diagnose problems with our computer server, and to administer our Site. Your IP address is used to help identify you, but contains no Personally Identifiable Information about you.
2.4 REGULATORY OR LEGAL REQUIREMENTS
If we are requested by law enforcement officials or judicial authorities to provide personal information, we may do so. In matters involving claims of personal or public safety or in litigation where the information is pertinent (including to allow us to pursue available remedies or limit the damages that we may sustain), we may use or disclose personal information, including without court process. We may also use or disclose personal information to enforce our terms and conditions, to protect our operations or those of any of our affiliates, or to protect our rights, privacy, safety, or property and/or that of our affiliates, you, or others. We may use and disclose personal information to investigate security breaches or to cooperate with authorities.
2.5 SOCIAL MEDIA
We may use and disclose your personal information to facilitate social sharing functionality that you initiate. If you choose to connect your social media account with your Services account or otherwise engage in social sharing on the Services, your personal information may be shared with your friends, contacts, or others associated
2.6 CHANGE OF OWNERSHIP
In the event that RxSense or some or all of our business, assets, or stock are sold or transferred (including in connection with any bankruptcy or similar proceedings) or used as security, or to the extent we engage in business negotiations with third parties, personal information may be transferred to or shared with third parties as part of any such transaction or negotiation.
3. Account Cancellation
We will retain User Information for as long as an Account remains active. Even after an account is terminated, we may retain certain User Information as necessary to comply with our legal and regulatory obligations, resolve disputes, conclude any activities related to cancellation of an account (such as addressing chargebacks), investigate or prevent fraud and other inappropriate activity, to enforce our agreements, and for other business reasons consistent with applicable law.
4. Intended Members
Our Services are not directed to nor intended for use by minors under the age of 13. We do not intentionally collect Personally Identifiable Information from any person we know to be under 13, and instruct users under 13 not to send any information to or through our services. If we discover that we have collected Personally Identifiable Information from a person under 13, we will delete that information immediately. If you are a parent or guardian of a minor under the age of 13 and believe he or she has disclosed Personally Identifiable Information to us, please contact us.
The Services are designed for users from, and are controlled and operated by RxSense from, the United States. By using the Services, you consent to the transfer of your information to the United States, which may have different data protection rules than those of your country.
5. Protected Health Information
To the extent that information collected through the Services is patient information provided to obtain or administer pharmacy services, such information is governed by the RxSense Notice of Health Information Privacy located at https://rxsense.com/hipaa. If you have questions about which policy applies to specific information, please contact us at the member services number on the back of your member benefit card.
6. How We Protect Your Information
User Identifiable Information is stored within our databases using standard, industry-wide, commercially reasonable security practices and procedures such as encryption, firewalls and SSL (Secure Socket Layers). We also implement security measures required by law. However, as effective as such technology and efforts may be, no security system is infallible and impervious from attack or hacking. Therefore, we cannot guarantee the security of our databases, nor can we guarantee that User Information won’t be intercepted while being transmitted to us over the Internet or wireless communication, or accessed when stored on our or our service providers’ servers and any information you transmit to us, you do at your own risk. To help us protect your information, we strongly encourage you to not share your username or password with anyone.
7. Changes to This Policy
8. Your California Privacy Rights
California’s “Shine the Light” law, California Civil Code § 1798.83, requires that certain businesses respond to requests from their California customers (those with whom we have an established business relationship) asking about the business’ practices related to disclosing Personally Identifiable Information to third parties for the third parties’ direct marketing purposes. We do not provide Personally Identifiable Information to third parties for their direct marketing purposes without your express consent (opt-in).
9. Member Settings
You can manage your communications preferences in the Member Portal from your member dashboard. You may control the receipt of push notifications from RxSense through your mobile device settings. If you choose to receive communications from us via e-mail or other electronic means, you acknowledge that you are electing to receive such information, which may contain your Protected Health Information as defined by HIPAA, through an unencrypted method of communication. You further acknowledge that the information contained in an unencrypted email and/or text message is at risk of being intercepted and read by, or disclosed to, unauthorized third parties. You can request the removal or modification of the personal information you have provided to us by sending an email to the appropriate area under “Contact Information”. For your protection, we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity and obtain information on the context in which you provided your personal information before implementing your request. We will try to accommodate your request as soon as reasonably practicable. There may also be residual information that will remain within our databases and other records, which will not be removed.
10. Member Responsibility
By establishing an account with us, you agree that it is your responsibility to:
Authorize, monitor, and control access to and use of your account, User ID, and password.
Promptly inform us of any need to deactivate a password or an account by calling member services at the number on your member benefit card.
11. Contact Information
You may also contact the RxSense at the following address:
99 High Street, Suite 2800
Boston, Massachusetts 02110
Fax Number: (888) 817-3641