Effective Date: April 8, 2018
This Privacy Notice describes how we treat personal information on Medxoom.com and our mobile application service (the “Site”, “Service” or “Services”). It also applies to any interactive emails we may send you. This Privacy Notice will notify you of the following:
- What personally identifiable information is collected from you through the Site, how it is used and with whom it may be shared.
- What choices are available to you regarding the use of your data.
- The security procedures in place to protect the misuse of your information.
- How you can correct any inaccuracies in the information.
INFORMATION COLLECTION, USE, AND SHARING
If you create an account through the Site, you may be asked to provide Personally Identifiable Information (“PII”), including but not limited to, your name, telephone number, mailing address, email address, gender, professional qualifications, health insurance information, and other such information.
Bank Account Information
If you want to link a bank account that you hold with a U.S. financial institution (“Bank Account”) to your Medxoom Account, we will collect certain information from you about your Bank Account, such as your online login credentials, for the purposes of providing the Services to you. If you give us access to your Bank Account, you acknowledge and agree that we will have access to your transaction information, amount of funds, and other information about you and your Bank Account that may be available through the online settings for your Bank Account or otherwise through the relevant financial institution (“Financial Information”) that we require in order to provide the Services to you.
For compliance purposes and in order to provide the Services to you, we may obtain from you or from a third party documentation that helps us to verify your identity and Bank Account details. For example, we may ask you to provide a copy of your government-issued photo ID, a copy of a utility bill or bank statement, or such other documentation that contains PII. We may also obtain information about you from the financial institution providing your Bank Account.
Information Obtained from Third Parties
We may collect PII and/or Financial Information about you from third parties such as consumer credit reporting agencies like TransUnion, Experian or Equifax.
Medxoom may collect non-personal information about your activity at this Site. This information, if collected, may be collected via computer code sent to your computer (commonly referred to as “cookies” or “web beacons”).
“Web Beacons” (also known as Web bugs, pixel tags or clear GIFs) are tiny graphics with a unique identifier that may be included on our Services for several purposes, including to deliver or communicate with Cookies, to track and measure the performance of our Services, to monitor how many visitors view our Services, and to monitor the effectiveness of our advertising. Unlike Cookies, which are stored on the user’s hard drive, Web Beacons are typically embedded invisibly on web pages (or in an e-mail).
The Site may automatically record certain information about how our users (each, a “User”) use our Services (we refer to this information as “Log Data”). Log Data may include information such as a User’s Internet Protocol (IP) address, browser type, operating system, the web page that a User was visiting before accessing our Services, the pages or features of our Services to which a User browsed and the time spent on those pages or features, search terms, the links on our Services that a User clicked on and other statistics. We use Log Data to administer the Services and we analyze (and may engage third parties to analyze) Log Data to improve, customize and enhance our Services by expanding their features and functionality and tailoring them to our Users’ needs and preferences. We may collect your IP address and other information about your online activity to generate aggregate, non-identifying information about how our Services are used and analytics data regarding Users’ interactions with our Services. You may opt-out of this automatic retention of data by sending a notice to email@example.com.
Information Sent by Your Mobile Device
We collect certain information that your mobile device sends when you use our Services. For example, we may collect a device identifier, user settings and the operating system of your device, as well as information about your use of our Services.
When you use our App, we may collect and store information about your location by converting your IP address into a rough geo-location or by accessing your mobile device’s GPS coordinates or coarse location if you enable location services on your device. We may use location information to improve and personalize our Services for you. If you do not want us to collect location information, you may disable that feature on your mobile device.
Medxoom uses non-personal information to manage the Site. Medxoom may analyze the data about visits to the Site to make it more accessible and interesting for visitors. Further, Medxoom may share this data with third party service providers associated with the maintenance of the Site. Additionally, Medxoom may disclose non-personal information about pages you visit on the Site, as well as the frequency with which you visit pages, but not in a manner that that is inconsistent with the applicable law. We will not sell or rent this information to anyone.
If you submit personal information to the Site, the information will be used for the purpose you requested, for which it is collected, or for any purpose you subsequently authorize. That information may be stored and maintained by Medxoom. Medxoom may share this information with third-party service providers that work with us to administer and provide the Services. These third-party service providers have access to your PII and Financial Information only for the purpose of performing services on our behalf.
We will not share your information with any third party outside of our organization, other than with trusted partners to help us fulfill your request, perform statistical analysis, send you email or postal mail, provide customer support, or to provide other services to Medxoom or Site users. Medxoom has taken and will continue to take measures to ensure the secure and safe handling of your personal information.
De-Identification of Protected Health Information
Where Medxoom shares your personal information with third party providers for the purposes of performing services related to analytics, reporting, marketing, research, or any other product that may be monetized, your personal information will be de-identified in accordance with sections 164.514(b) and(c) of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. De-identification requires the elimination of primary or obvious identifiers and secondary identifiers through which a user could determine an individual’s identity. For information to be de-identified the following identifiers of the individual (and/or of relatives, employers, or household members of the individual) will be removed:
- Address information smaller than a state, including street address, city, county and zip code, except for the initial three digits of a zip code if, according to the current publicly available data from the Bureau of the Census:
- The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and
- The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000.
- Names of relatives and employers;
- All elements of dates (except year), including DOB, admission date, discharge date, date of death; and all ages over 89 and all elements of dates including year indicative of such age except that such ages and elements may be aggregated into a single category of age 90 or older;
- Telephone numbers;
- Fax numbers;
- Email addresses;
- Social Security Number;
- Medical record number;
- Health beneficiary plan number;
- Account numbers;
- Certificate/License Number;
- Vehicle identifiers, including license plate numbers;
- Device ID and serial number;
- Universal Resource Locator (URL);
- Identifier Protocol (IP) addresses;
- Biometric identifiers, including finger and voice prints;
- Full face photographic images and comparable images; and
- Any other unique identifying number characteristic or code.
Personal information used for research, including public health research, should be de-identified at the point of data collection for research protocols approved by the Internal Review Board (IRB), unless the individual voluntarily and expressly consents to the use of his/her personally identifiable information or an IRB waiver of authorization is obtained. If de-identified information cannot be used for any of the above purposes, a limited data set should be used whenever possible. Whenever a limited data set is used, a Data Use Agreement will be entered into between Medxoom, the individual and the recipient of the limited data set, which will establish the permitted uses and disclosures of the information by the recipient and provide that the recipient of the limited data set will:
- Not use or further disclose the information other than as permitted by the data use agreement or as otherwise required by law;
- Use appropriate safeguards to prevent use or disclosure of the information other than as provided for by the data use agreement;
- Report to Medxoom any use or disclosure of the information not provided for by its data use agreement of which it becomes aware;
- Ensure that any agents, including a subcontractor, to whom it provides the limited data set agrees to the same restrictions and conditions that apply to the limited data set recipient with respect to such information; and
- Not identify the information or contact the individuals.
Information Shared with our Marketing Partners
Medxoom will not sell your data to our marketing partners. We will never share your data with our marketing partners without your express consent, but we may use your de-identified data to generate offers for products and services from our marketing partners that may be of interest to you. It is always your choice whether or not to apply for an offered product or service and we will never submit an application for a product or service on your behalf without your express consent. If you choose to pursue any of the offers that the Services present to you, you will be asked if you would like the Services to pass on your PII and relevant Financial Information to the third party marketing partner as a convenience. For example, if the Services generate an offer from a third party loan provider for you, the Services will give you the option of moving forward with that offer within the App, and if you agree to do so, the Services will pass your PII and relevant Financial Information to that third party loan provider to speed up the process of your application.
Information Disclosed in Connection with Legal Requirements
Medxoom may disclose any personal or non-personal information collected to the extent it reasonably believes that such disclosure is necessary to comply with the law, such as in response to any subpoena, to the extent reasonably necessary to establish or defend a legal claim and for other purposes permitted by applicable law.
Information Disclosed in Connection with Business Transactions
Information that we collect from our users, including PII, is considered to be a business asset. Thus, if we are acquired by a third party as a result of a transaction such as a merger, acquisition or asset sale or if our assets are acquired by a third party in the event we go out of business or enter bankruptcy, some or all of our assets, including your PII, may be disclosed or transferred to a third party acquirer in connection with the transaction.
If you do not wish Medxoom to use your information in accordance with this notice, please do not submit any personal information to Medxoom. Please note that if you decide not to provide us with the PII that we request, you may not be able to access all of the features of Medxoom. If you believe special circumstances warrant special treatment of your PII, please do not hesitate to contact us.
YOUR ACCESS TO AND CONTROL OVER INFORMATION
You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our Site.
Medxoom will take reasonable efforts to honor any request you make to forgo contacts with you in the future or delete your information. Please note that if you make an opt-out request, Medxoom will retain your contact information to make efforts to ensure that you are not contacted in the future. Additionally, if you request Medxoom to refrain from sharing your information with third parties, Medxoom may be unable to fulfill various requests you may make.
By sharing with us your fax and email information, you consent to our delivery of faxes and emails to you from time to time.
To the extent required by the CAN-SPAM Act, or other similar domestic and international regulation, commercial e-mail messages will also provide you with an opportunity to opt-out of receiving this information. Please note that changes to your preferences may not be effective immediately.
Modifying Your Information
You can access and modify the PII associated with your Medxoom Account, including your name, address and Bank Account details, through your Medxoom Account settings. If you want us to delete your PII and your Medxoom Account, please contact us via the “Contact Support” link in the help center or via email at firstname.lastname@example.org with your request. We’ll take steps to delete your information as soon we can from our servers, but some information may remain in archived/backup copies for our records, with third parties to whom it has been passed as permitted by this Privacy Notice, or as otherwise required by law.
We take administrative, physical and electronic measures designed to protect the information that we collect from or about you (including your PII) from unauthorized access, use or disclosure. When you enter sensitive information on our forms, we encrypt this data using SSL or other technologies. You can verify this by looking for a lock icon in the address bar and looking for “https” at the beginning of the address of the web page. Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information.
While we endeavor to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.
Our computer systems are currently based in the United States, where data protection and privacy regulations may or may not be to the same level of protection as in other parts of the world. BY VISITING THE WEBSITE, YOU UNEQUIVOCALLY AND UNAMBIGUOUSLY CONSENT TO THE COLLECTION AND PROCESSING IN THE UNITED STATES OF ANY PERSONAL AND NON-PERSONAL INFORMATION COLLECTED OR OBTAINED BY MEDXOOM THROUGH VOLUNTARY SUBMISSIONS, AND THAT UNITED STATES LAW GOVERNS ANY SUCH COLLECTION AND PROCESSING.
CALIFORNIA PRIVACY RIGHTS
Beginning on January 1, 2005, California Civil Code Section 1798.83, also known as S.B. 27, or the Shine the Light law, allows California residents to request certain information regarding our disclosures in the prior calendar year, if any, of their personally identifiable information to third parties for their own direct marketing purposes. To make such a request, please contact us at email@example.com with “Request for California Privacy” in the letter subject line. You must include sufficient detail for us to locate your file; at a minimum, your name and postal address.
We will attempt to provide you with the requested information within thirty (30) days of receipt. We reserve our right not to respond to requests sent more than once in a calendar year, or requests submitted to an address other than the one posted in this notice. Please note that the California Shine the Light law does not cover all information sharing. Our disclosure only includes information covered by the law.
MOBILE DATA CONSENT
You authorize your wireless operator to disclose your mobile number, name, address, email, network status, customer type, customer role, billing type, mobile device identifiers (IMSI and IMEI) and other subscriber and device details, if available, to Medxoom, Inc. and service providers for the duration of the business relationship, solely for identity verification and fraud avoidance.
Our Services are not directed to children under 13 and we do not knowingly collect PII from children under 13. If we learn that we have collected PII of a child under 13 we will take steps to delete such information from our files as soon as possible.
REVISIONS TO THE PRIVACY NOTICE
Medxoom reserves the right to update and revise this Privacy Notice at any time and for any reason. If we make material changes to this Privacy Notice, we will notify registered users by e-mail, post a notice on our home page or alert you to such changes by other similar means. You acknowledge that while we make an effort to keep you updated on important changes to this Privacy Notice, we may change, modify or update this Privacy Notice at any time and for any reason. Please refer to the “Effective Date of Current Notice” date at the top of this page to determine if this Privacy Notice has been revised since your last visit.
Your use of our Site after a modification constitutes your acceptance of the terms of the Privacy Notice as amended or revised by us, and you should therefore review this Privacy Notice regularly to ensure that you are aware of its terms.
Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy notice.
If you feel that we are not abiding by this privacy notice, you should contact us immediately via telephone at 561 404-4800 or via email at firstname.lastname@example.org.