1. Information Collection: The Personally Identifiable Information that Medifi Collects
In the course of using the Services, You may provide Medifi with Your personally identifiable information. "Personally identifiable information" refers to information about You that can be used to contact or identify You and information related to Your use of the Services that may be connected with You and identify You (collectively, "Personal Information"). Personal Information that Medifi collects may include, but is not limited to, Your first and last name, phone number, email address, home and business postal addresses, including street name and number, city or town and state, and any other information that permits the physical or electronic contacting of an individual.
Personal Information will be collected when You fill in forms from or provide information to us, or use the Services, including the exchange of Your health information with Your Health Care Provider(s). For example, You will provide information to Medifi when downloading the Application, registering with Medifi, subscribing or otherwise using the Software and communicating with Medifi. Medifi may also ask You for information in conjunction with the Services. Additionally, Medifi will collect information from You when You report a problem with the Services.
2. Medifi Automatic Information Collection and Tracking
When You use the Services, the Medifi servers will automatically record information that Your browser sends. This information may include, but is not limited to, unique identifiers associated with the computing and/or mobile device, operating system type, Internet Protocol (‘IP’) address, browser type, user session duration, traffic data, location data, search data, transaction data and other communication data.
The Application may access metadata and other information associated with other files stored on Your mobile device, which may include, without limitation, photographs, audio and video clips, personal contacts and address book information. When You use the Application, the Medifi servers, or the servers of Medifi agents or contractors, will receive and transmit the pages that You send and receive, including the traffic data associated with those pages.
3. How Medifi Uses Personal Information
Personal Information is or may be used for the following purposes:
- Enable You to create an account
- Create a profile for You based on information You contribute
- Provide and improve the Services
- Administer Your use of the Services
- Enable You to enjoy and easily use the Services
- Fulfill Your requests
- Enable Medifi to better understand Your needs and interests
- Personalize Your experience with the Services
- Provide or offer Application updates and alterations
- Make product and service announcements
- Provide You with further information and offers from Medifi, which may include newsletters, marketing or promotional materials and other information on services and products offered by Medifi or its advertising partners
- Enforce the Medifi Terms of Service, Business Associate Agreement(s) and other user agreements
- Engage in research activities
- Conduct surveys, questionnaires, contests and other similar promotions, and provide You with results of such activities
- Collect, process and/or transmit non-protected health information data for purposes of statistical analysis in an aggregated format
- Monitor and analyze use of the Services
- Technical administration of the Services
- Enhance the functionality and utility of the Services
- Generate and derive useful data and information concerning the interests, characteristics and behavior of Medifi users, and to verify that users of the Services meet the criteria required to process user requests
Information collected by Medifi in carrying out the Services may be stored and processed in the United States or in any other country in which we or our affiliates or agents maintain facilities. By using our Services, You expressly consent to any such transfer of information outside the United States. Medifi may use and share non-personally identifiable information with third parties. Medifi also may de-identify personally identifiable information (remove information that could be used to identify a person) and share it in aggregated form with third parties, advertisers and business partners to analyze usage, demographics or interests, improve our products or services, improve user experience, or for similar purposes. Medifi will not re-identify such data and will ask our contracting parties to agree to keep the data in its de-identified form.
4. Information Sharing and Disclosure
- Medifi will display Your Personal Information in Your profile page and elsewhere on the Services
- Any information You choose to provide should reflect how much You want Your Health Care Providers to know about You
- Medifi recommends that You safeguard Your identity and sensitive information, and encourages You to think carefully about what information You disclose in Your profile
- You can review and revise Your profile information at any time
- Medifi may use and disclose Your information, including Personal Information, pursuant to Your authorization
Affiliates, Subsidiaries, Service Providers, Business Partners and Others:
- Medifi may disclose Your Personal Information to its subsidiaries and affiliates
- Medifi may employ third party companies and individuals to facilitate the Services, or any portions of them, to provide the Services on Medifi's behalf, to perform related services (including, but not limited to, data storage, maintenance services, database management, web analytics, payment processing, and improvement of the Services’ features) or to assist in analyzing how the Services are used
- These third parties will have access to Your Personal Information only for purposes of performing these tasks on Medifi's behalf and will be bound by contractual obligation to keep Personal Information confidential
Compliance with Laws and Law Enforcement:
- Medifi cooperates with government and law enforcement officials and private parties to enforce and comply with applicable law
- Medifi will disclose information about You to government or law enforcement officials or private parties to the extent that Medifi has a good faith belief that such disclosure is necessary or appropriate to respond to claims and legal process (including, but not limited to, subpoenas), to protect the property and rights of Medifi or a third party, to protect the safety of the public or any person, or to prevent or stop any activity that Medifi may consider to be, or to pose a risk of being, illegal, unethical, inappropriate or legally actionable
- Medifi may disclose aggregated information about its users and information that does not otherwise identify users or user devices without restriction
- Medifi may sell, transfer or otherwise share some or all of its assets, including Your Personal Information, in connection with a merger, acquisition, divestiture, restructuring, reorganization, dissolution or sale of assets or in the event of bankruptcy
- Medifi may share Your Personal Information in any case where Medifi will reasonably believe that sharing Your information is necessary to prevent imminent physical harm or damage to property
5. Changing or Deleting Your Account Information
You can review and change Your account profile information at any time by logging into Your account and visiting Your account profile. You may also contact Medifi support staff and request a change or deletion by sending an email to Medifi at firstname.lastname@example.org and detailing Your request. Please note, Medifi may not accommodate Your request to the extent that it believes the requested change would violate any law or legal requirement or cause the information to be incorrect.
If You delete information You have provided or contributed to the Services, copies of such information may remain viewable in cached and archived pages.
Certain Personal Information is required to continue providing You the Services. If You delete or request Medifi to delete these details, Your access to Medifi Services may be interrupted. Additionally, deletion of Personal Information in Your Medifi profile may make it impossible for Medifi to contact You when necessary.
Except as required by law, Medifi will not use or disclose Your Personal Information for any purpose for which You withdraw Your consent. Regardless of whether You withdraw such consent, You agree that Medifi may continue to use Your Personal Information previously provided or collected to the extent that such use or disclosure is necessary for Medifi to comply with its contractual and/or legal obligations and to the extent necessary to enforce any contractual obligations You may have to Medifi.
6. Your Choices about Medifi Collection, Use and Disclosure Practices
Medifi recognizes the importance of confidentiality and an individual's authority to make decisions about the privacy of his or her Personal Information. As such, Medifi provides its users with choices regarding the collection, use and disclosure of information they contribute to Medifi, which include:
- Device Location Information. You can choose whether to allow the Services to collect and use real-time information about Your device's location by opting out of such functionality. If You block the use of location information some Services functionality may be inaccessible to You or fail to function properly
- Promotion by Medifi. If You do not want Medifi to use Your e-mail address or other contact information to promote its own or third parties' products or services, You can opt-out of such communications by sending an email to email@example.com.
- Targeted Advertising by the Company. If You do not want Medifi to use Your information to deliver advertisements according to the target-audience preferences of Medifi and third party advertisers, please exclude such information from Your profile
- Disclosure of Your Information for Third-Party Advertising and Marketing. If You do not want Medifi to share Your Personal Information with unaffiliated or non-agent third parties for advertising and marketing purposes, please exclude such information from Your profile; please note, however, that Medifi does not control third party collection or use of Your information to serve interest-based advertising
Medifi implements commercially reasonable administrative, technical and physical controls to secure Your Personal Information, to minimize the risks of theft, damage or loss of Personal Information, or unauthorized access, use, alteration or disclosure of Personal Information. Please note, however, that although Medifi strives to best protect Your Personal Information, the security measures are unable to provide absolute protection. Therefore, Medifi does not guarantee the absence of, and You cannot reasonably expect that the Services will be immune from, any wrongdoings, malfunctions, abuse, misuse, unlawful interceptions or unauthorized access.
The security of Your Personal Information also depends on You. For example, Medifi requires unique user identification and password authentication prior to accessing the Services. As a user, it is also Your duty to protect the confidentiality of Your user identifier and password. Medifi requests that You not share Your user identifier or password with anyone, for any reason.
Any transmission of Your Personal Information by You is made at Your own risk. Medifi is not responsible for circumvention of any privacy settings or security measures it provides.
8. Children's Privacy
The Services are not intended for children under 18 years of age. Medifi does not knowingly collect personally identifiable information from minors, including children under 13 years of age. If a parent or guardian becomes aware that his or her child has provided Medifi with personally identifiable information without their consent, he or she should contact Medifi at firstname.lastname@example.org. If Medifi becomes aware that it has collected or received personally identifiable information from a minor without verification of parental consent, Medifi will delete such information from its files and terminate the account.
9. Links to other Services
The Services may contain links to other websites or applications that are not owned or controlled by Medifi. Medifi is not responsible for the privacy practices of such other websites or applications and encourages You to read the corresponding privacy statements and policies.
10. Data Retention
Medifi will retain Your information for as long as Your account is active or as needed to provide You with the services and as required to comply with any legal obligation, to resolve disputes and to enforce Medifi's agreements. If You wish to cancel Your account or request that Medifi no longer use Your information to provide You the services, please contact Medifi at email@example.com.
11. California (USA) Privacy Rights - Notice to Residents of Compliance
California law requires that Medifi provide You with a summary of Your privacy rights under the California Online Privacy Protection Act ("California Privacy Act") and the California Business and Professions Code.
California Civil Code Section 1798.83 permits users of the Services who are residents of California to request certain information regarding the disclosure of personal information by Medifi to third parties for direct marketing purposes and a description of the categories of personal information shared. To make such a request, please send an-mail to Medifi at firstname.lastname@example.org and include the phrase "California Privacy Request" in the subject line. The body of the California Privacy Request should include the domain name of the website You are inquiring about as well as Your personal contact information (e.g., Your name, address and email address). Medifi support staff will respond to Your request within thirty (30) days of its receipt of such a request.
Continuing to use the Services after such changes take effect indicates Your acceptance of the amended policy. If You do not agree with any of the amended terms, You must avoid any further use of the Services.
13. MEDICAL DISCLAIMER
Medifi does not offer medical advice or diagnoses or engage in the practice of medicine. The Services are not intended to be a substitute for professional medical advice, diagnosis or treatment and are offered for informational and communication purposes only. Your interaction with Health Care Provider(s) using the Services is not intended to replace Your relationship with Your existing primary care physician or other treating physicians. The Services are designed to enable You to interface with Your Health Care Provider(s) who has (have) agreed to use the Services. For the purpose of clarity, Medifi enables You to remotely interface with Health Care Provider(s); Medifi does not provide medical care. Additionally, Medifi does not represent that the remote interface constitutes a live face-to-face encounter under applicable laws and regulations nor that the remote interface will satisfy any applicable legal and/or regulatory standards requiring an established doctor-patient relationship.
YOU ARE SOLELY RESPONSIBLE FOR ANY DECISIONS YOU MAKE OR ACTIONS THAT YOU TAKE BASED ON THE INFORMATION OR MATERIALS TRANSMITTED OR AVAILABLE THROUGH THE SITE, APPLICATION, SOFTWARE, AND/OR SERVICES. RELIANCE ON ANY SUCH INFORMATION, DOCUMENTATION OR MATERIALS IS SOLELY AT YOUR OWN RISK.
IF THIS IS A MEDICAL EMERGENCY IN THE UNITED STATES, PLEASE IMMEDIATELY CALL EMERGENCY PERSONNEL (911) TO GET PROMPT MEDICAL ATTENTION. IF YOUR EMERGENCY OCCURS OUTSIDE OF THE UNITED STATES, PLEASE IMMEDIATELY CALL THE APPLICABLE EMERGENCY PERSONNEL NUMBER TO GET PROMPT MEDICAL ATTENTION. DO NOT RELY ON ELECTRONIC COMMUNICATIONS FOR ASSISTANCE IN REGARD TO YOUR IMMEDIATE, URGENT MEDICAL NEEDS. MEDIFI’S EMAIL ADDRESS IS NOT DESIGNED TO FACILITATE MEDICAL EMERGENCIES. MEDIFI CANNOT GUARANTEE RESPONSE TIMES IF YOU CHOOSE TO EMAIL MEDIFI IN THE EVENT OF A MEDICAL EMERGENCY.
14. Contacting Medifi
This privacy notice is intended to comply with the requirements of the General Data Protection regulation, and was prepared exclusively for Medifi Medtech Solutions, Inc.
Last updated June 6, 2018.
Medifi Privacy Notice
What kind of personal data is collected?
In order to use the services offered by medifi.com, we need to collect your name, email address, and password in order to create an account for you. We also need to know what type of medical treatment you are seeking, in order to connect you with the right kind of doctor. We collect – but do not store – your credit card information for payment. Medifi.com will keep your textual conversations for your convenience, but you can delete those at any time. Medifi.com never tracks or records your audio/visual conversations with your doctor.
Is my personal data shared with anyone?
Medifi.com will provide your personal information to Google.com (anonymized for analytics); Amazon.com (stores our data in its cloud); MedGrocer (for prescription deliveries); Stripe (for payment); EHD for Pokitdok.com (Healthcare solutions provider); and the doctors that are working with medifi.com. Internally, your personal information will not be reviewed or seen on a regular basis, only upon your request. Even then, it will be seen only by medifi.com employees who have been trained to protect personal information.
How do you use this information?
Medifi.com is requesting this information from you so that we can connect you electronically with a doctor. We also use Google Analytics to see how our website is being used. When sorted by Google Analytics, your personal data is anonymized, so it can not be traced back to you.
Is my data shared overseas?
When storing your personal information electronically, medifi.com may disclose your personal information to overseas recipients by virtue of its cloud computing arrangements. Medifi.com’s cloud servers are located in US West (N. California) & Asia Pacific (Singapore) and medifi.com is reasonably satisfied that these countries have similar privacy protections to those afforded under United States law and the General Data Protection Regulation. Medifi.com will not disclose your personal information to anybody else unless we are required to do so by law – for example if the information is needed in a medical emergency or for law enforcement purposes.
How do I access my personal information?
You may request access to your information at any time. To access or update your personal information, or for more information on our privacy obligations, ask to speak to email@example.com.
How can I manage or delete information about me?
You can delete your textual conversations with your doctor yourself using the website. Log into your account, there is an option located at Past Consultations/Archives to delete either some conversations, or all. Once deleted, the information that was there is removed from medifi.com's servers and cloud. Medifi.com never tracks or records your audio/visual conversations with your doctor.
Other information, such as your name, email and password, will be deleted upon your request or upon deleting your account.
How is my data stored?
Your data is stored in a cloud using the services of Amazon.com. In addition, we have technical and organizational security measures in place to protect data. For example, we use encryption, our IT system is regularly updated and reviewed and we train employees to protect your personal data.
How long is my data stored?
Your personal data stored for six (6) months after you have accepted this privacy notice. If you are still using the website after six (6) months, you will likely be prompted to agree to a privacy notice again.
Is data collection required by law?
Providing us with the requested information is not required by law. However, if you choose not to provide us with the requested information, you will not be able to use the services offered by medifi.com.
What are the consequences if I do not provide the information to medifi.com?
Medifi.com will be unable to electronically connect you with a doctor. You will be unable to communicate directly with a doctor using the medifi.com website.
Does medifi.com sell data?
What are my privacy rights?
- The right to be informed – this Privacy Notice tells you what you need to know.
- The right of access – you can access your personal data at any time, upon request.
- The right to rectification – if any data is incorrect, we will correct it, upon your request.
- The right to erasure – if you want us to delete or erase your data, we will, upon your request.
- The right to restrict processing.
- The right to data portability – you have the right to demand a copy of your personal data, and we will give it to you upon request. It can take as long as 30 days, and we will give it to you in a commonly used format. If you so request, we will also transfer your data to another "controller": i.e. your doctor or pharmacy.
- The right to object - you can file a complaint with a Supervisory Authority located in the European Union – they enforce the General Data Privacy Regulation. You can find their contact information at: www.eugdpr.org. You can also email us at firstname.lastname@example.org.
Rights in relation to automated decision making and profiling- you have the right to know if and how we your personal information is used in automated decision making and profiling. We do neither or those things.
What if you change how you collect, use, store, etc. my data?
For any change that could potentially impact you via your personal information, medifi.com will do an impact assessment. If medifi.com decides to make changes, it will contact your directly via email and ask for your consent.
Who do I contact for more information?
To submit questions or requests regarding this Privacy Notice or Marsh’s privacy practices, please write to the Data Protection Officer at the following:
The Data Protection Officer
Medifi Medtech Solutions, Inc.
Last Revised: January 1, 2016