Effective Date: [January 11, 2021] 2020
We are a private company, established in the United States, registered at 600 Park Offices Dr. Ste. 300 Durham, NC 27709 United States (“Physical Notice Address”) with the contact email address support@CancerSymptomTracker.com (“Email Notice Address”) and for the purposes of the General Data Protection Regulation (“GDPR”) we are the data controller.
We encourage you to review any applicable institutional privacy policies, terms and agreements to see how your personal information may be used or disclosed by that institution.
I. PERSONAL INFORMATION WE COLLECT
We will inform you when we need information that personally identifies you (personal information) or allows us to contact you or provide you with the Services. Generally, this information is requested when you register for an account in order to use our Services or when you fill out our contact form on our Public Site, or sign up to receive information from us.
The categories of personal information we collect depend on your relationship with us and the requirements of applicable law.
Information You Provide to Us.
Account Creation: When you create an account, we collect your name, address, email address, date of birth, medical information including your physicians’ names and contact information, username, and password.
Your Communications with Us. We collect personal information from you such as email address, phone number, or mailing address when you request information about our Services, request customer or technical support, apply for a job or otherwise communicate with us.
Surveys, Questionnaires, and Other Questions. We may contact you to participate in surveys and/or respond to questionnaires and other questions. If you decide to participate, you may be asked to provide certain information which may include personal information.
Social Media Content. We may offer forums, blogs, or social media pages. Any content you provide on these channels will be considered “public” and is not subject to privacy protections.
Conferences, Trade Shows, and other Events. We may attend conferences, trade shows, and other events where we collect personal information from individuals who interact with or express an interest in Pharmacy Quality Solutions and/or the Services. If you provide us with any information at one of these events, we will use it for the purposes for which it was collected.
Registration for Sweepstakes or Contests. We may run sweepstakes and contests. Contact information you provide may be used to reach you about the sweepstakes or contest and for other promotional, marketing and business purposes, if permitted by law. In some jurisdictions, we are required to publicly share information of winners.
Information Collected Automatically
Automatic Data Collection. We may collect certain information automatically when you use the Services. This information may include your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, details about your browser, operating system or device, location information, Internet service provider, pages that you visit before, during and after using the Services, information about the links you click, and other information about how you use the Services. Information we collect may be associated with accounts and other devices.
In addition, we may automatically collect data regarding your use of our Services, such as the types of content you interact with and the frequency and duration of your activities. We may combine your information with information that other people provide when they use our Services.
Geolocation Information. When you use the Services, we may use location-based services to determine your location so that we can, for example, help find doctors in your area and provide estimated travel time to your appointments. You may opt out of location-based services at any time by editing the setting at the device level. We may share your geo-location data with advertising partners for the purpose of them serving you ads for places in your area.
- Cookies. Cookies are small text files placed in visitors’ computer browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Services may not work properly.
- Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects information about users’ engagement on that web page. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement.
Analytics. We may also use Google Analytics and other service providers to collect information regarding visitor behavior and visitor demographics on our Services. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and processing of data generated by your use of the Services by going to http://tools.google.com/dlpage/gaoptout.
Biometric information. We will not collect biometric data that uniquely identifies you without your explicit prior consent. If you consent to use our biometric scanning feature, you agree that we may collect your biometric data in order to support your use of the Services or to help us improve the Services, for example, for quality assurance, metrics, and analytics. We do not sell, lease, trade, or otherwise profit from biometric data; provided, however, that we and our vendors may be paid for your use of the Services that utilize such biometric data.
Location-Based Information. In connection with use of our Services we may use location-based services in order to verify your location and, if we deem appropriate, deliver relevant content and ads based on your location. We also share your location with third-parties (as set out below) as part of the location-based services we offer and for other commercial purposes. You, or a person designated by you (e.g. caregiver, family member, etc.), can change the settings on your device to prevent it from providing us with such information. This location data is collected in a form that personally identifies you and will be used by us and our partners and licensees to provide and improve the Services or for other commercial purposes. You should consider the risks involved in disclosing your location information and adjust your mobile and browser settings accordingly.
Information Collected from Other Sources
We may obtain information about you from other sources, including through your employer, pharmacy chains, health plans, and other health providers with whom you interact, or other third parties to supplement information provided by you. For example, if you access our Services through a third-party application, such as an app store, a third-party login service, or a social networking site, we may collect information about you from that third-party application that you have made public via your privacy settings. Information we collect through these services may include your name, your user identification number, your user name, location, gender, birth date, email, profile picture, and your contacts stored in that service. This supplemental information allows us to verify information that you have provided to us and to enhance our ability to provide you with information about our business, products, and Services.
II. HOW WE USE PERSONAL INFORMATION
We use personal information for a variety of business purposes, including to:
Fulfill our contract with you or your employer, health plan, or healthcare provider and provide our Services, such as:
- Managing your information and accounts;
- Providing access to certain areas, functionalities, and features of our Services;
- Communicating with you about your account, activities on our Services and policy changes;
- Undertaking activities to verify or maintain the quality or safety of a service;
- Processing your financial information and other payment methods for products or Services purchased;
- Providing advertising, analytics and marketing services;
- Providing Services on behalf of our customers, such as maintaining or servicing accounts, providing customer service, and verifying customer information;and
- Processing applications and transactions.
Analyze and improve our Services pursuant to our legitimate interest, such as:
- Managing risk, or to detect, prevent, security incidents and/or remediate fraud or other potentially prohibited malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;
- Manage and protect our information technology infrastructure;
- Measuring interest and engagement in our Services and short-term, transient use, such as contextual customization of ads;
- Undertaking research for technological development and demonstration;
- Researching and developing products, services, marketing or security procedures to improve their performance, resilience, reliability or efficiency;
- Improving, upgrading or enhancing our Services;
- Developing new products and Services;
- for internal business purposes;
- Ensuring internal quality control;
- Verifying your identity and preventing fraud;
- Debugging to identify and repair errors that impair existing intended functionality;
- Enforcing our terms and policies;
- Complying with our legal and regulatory obligations, protecting your vital interest, or as may be required for the public good.
Provide you with additional content and Services, such as:
- Emails, engagement via SMS, etc. with opportunities to engage and share information (e.g. reminders to record and share symptoms) or otherwise furnish you with customized materials about offers, products, and Services that may be of interest, including new content or Services, including those on behalf of third-parties we engage with;
- Auditing relating to interactions, transactions and other compliance activities; and
- Other purposes you consent to, are notified of, or are disclosed when you provide personal information.
Use De-identified and Aggregated Information. We may use personal information and other data about you to create de-identified and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access our Services, or other analyses we create.
Share Content with Friends. Our Services may offer various tools and functionalities. For example, we may allow you to provide information about your friends through our referral services. Our referral services may allow you to forward or share certain content with a friend, such as an email inviting your friend to use our Services.
If you have any questions or concerns about how such data is handled or would like to exercise your rights, you should contact the person or entity (i.e., the data controller) who has contracted with us to use the Service to process this data. Our customers control the personal information in these cases and determine the security settings within the account, its access controls and credentials. We will, however, provide assistance to our customers to address any concerns you may have, in accordance with the terms of our contract with them. For a list of our sub-processors, contact us as describedbelow.
- Operationally Necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular site behavior, prevent fraudulent activity and improve security or that allow you to make use of our functionality;
- Performance Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how our visitors use the Services;
- Functionality Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed;
- Advertising or Targeting Related. We may use first party or third-party Technologies to deliver content, including ads relevant to your interests, on our Services or on third party sites.
Cross-Device Tracking. Your browsing activity may be tracked across different websites and different devices or apps. For example, we may attempt to match your activity on your mobile device with your activity on your laptop. To do this our technology partners may share data, such as your browsing patterns, geo-location and device identifiers, and will match the information of the browser and devices that appear to be used by the same person.
Notice Regarding Third Party Websites, Social Media Platforms and Application Programming Interfaces (APIs). The Services may contain links to other websites, and other websites may reference or link to our website or other Services. These other websites are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.
We may use third party APIs as part of the functionality of our Services. APIs may allow third parties including analytics and advertising partners to collect personal information for various purposes including to provide analytics services and content that is more relevant to you. For more information about our use of APIs, please contact us as set forth below.
III. DISCLOSING PERSONAL INFORMATION TO THIRD PARTIES
Except as provided below, we do not sell your personal information.
Other than in response to a specific request from a consumer that we share personal information, we have not sold or disclosed consumers’ personal information in the preceding 12 months.
Service Providers. We may share any personal information we collect about you with our third-party service providers. The categories of service providers (processors) to whom we entrust personal information may include: IT and related services; hosting; payment processors; customer service providers; and vendors to support the provision of the Services. These companies are authorized to use your information only as necessary to provide these Services and to assist with supporting our users.
Business Partners. We may provide personal information to business partners with whom we jointly offer products or services.
Affiliates. We may share personal information with our affiliated companies.
Advertising Partners. Through our Services, we may allow third party advertising partners to set Technologies and other tracking tools to collect information regarding your activities and your device (e.g., your IP address, mobile identifiers, page(s) visited, location, time of day). We may also combine and share such information and other information (such as demographic information and past purchase history) with third party advertising partners. These advertising partners may use this information (and similar information collected from other websites) for purposes of delivering targeted advertisements to you when you visit third party websites within their networks. This practice is commonly referred to as “interest-based advertising” or “online behavioral advertising. We may allow access to other data collected by the Services to share information that may be useful, relevant, valuable or otherwise of interest to you. If you prefer not to share your personal information with third party advertising partners, you may follow the instructions below.
Disclosures to Protect Us or Others. We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.
Disclosure in the Event of Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, change of control, financing due diligence, purchase or sale of assets, or transition of service to another provider, then your information may be sold, transferred, or otherwise assigned as part of such a transaction, as permitted by law and/or contract. In the unlikely event of Company’s bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, Company may not be able to control how personal information is treated, transferred, or used.
IV. YOUR CHOICES
You have certain choices about your personal information. Where you have consented to the processing of your personal information, you may withdraw that consent at any time and prevent further processing by contacting us as described below. Even if you opt out, we may still collect and use non- personal information regarding your activities on our Services and for other legal purposes as described above.
If you receive an unwanted email from us, you can use the unsubscribe link we generally include atat the bottom of one of our emails to opt out of receiving future emails or you may contact us at our Email Notice Address with the “Opt-Out” as the subject line or mail us a letter to us at our Physical Notice Address. You must include your full name, email address, and postal address in your request.
We may send you push notifications through our mobile application. You may at any time opt- out from receiving these types of communications by changing the settings on your mobile device. We may also collect location-based information if you use our mobile applications. You may opt-out of this collection by changing the settings on your mobile device.
“Do Not Track”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
California Do Not Track Disclosures. Various third-parties are developing or have developed signals or other mechanisms for the expression of consumer choice regarding the collection of information about an individual consumer’s online activities over time and across third-party websites or online services (e.g., browser do not track signals). Currently, we do not monitor or take any action with respect to these signals or other mechanisms.
Cookies and Interest-Based Advertising
You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy, at www.networkadvertising.org/managing/opt_out.asp, http://www.youronlinechoices.eu/, https://youradchoices.ca/choices/, and www.aboutads.info/choices/. To separately make choices for mobile apps on a mobile device, you can download DAA’s AppChoices application from your device’s app store. Alternatively, for some devices you may use your device’s platform controls in your settings to exercise choice.
Please note you must separately opt out in each browser and on each device. Advertisements on third party websites that contain the AdChoices link may have been directed to you based on information collected by advertising partners over time and across websites. These advertisements provide a mechanism to opt out of the advertising partners’ use of this information for interest-based advertising purposes.
Your Privacy Rights
In accordance with applicable law, you may have the right to request:
- Access to/Portability of Personal Data about you consistent with legal requirements. In addition, you may have the right in some cases to receive or have your electronic Personal Data transferred to another party.
- Correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you, or a person designated by you (e.g. caregiver, family member, etc.), to update your personal information or we may refer you to the controller of your personal information who is able to make the correction.
- Deletion of your personal information, subject to certain exceptions prescribed by law.
- Restriction of or object to processing of your personal information, including the right to opt in or opt out of the sale of your Personal Data to third parties, if applicable, where such requests are permitted by law.
California Specific Privacy Rights. This section applies with respect to any users located in the State of California. For California residents, pursuant to the California Consumer Privacy Act of 2018, as amended (“Consumer Privacy Act”), you may (i) elect to opt out of the sale of your “personal information” (as defined by the Consumer Privacy Act) by PQS, (ii) request that PQS and its service providers delete any of your personal information collected, (iii) request that PQS deliver to you, free of charge, any of your personal information collected over the past 12 months preceding the request, and (iv) request certain information regarding any collection, sale, and disclosure of your personal information over the past 12 months preceding the request (including the categories of personal information collected, sold, and/or disclosed for a business purpose, the categories of sources from which the information was collected, the business or commercial purpose for collecting or selling the information, the categories of third parties with whom the information was shared, and the specific pieces of the information collected).
PQS will honor these rights to the extent required by the Consumer Privacy Act. Any requests submitted must be verified by us before we will respond, and to enable this verification we may require you to provide us information confirming your identity, which may include any username or password information, and the personal information matching that which we have in our records. You may submit requests through an authorized agent given authority through a power of attorney form or other authorization acceptable to and verified by us. PQS will not discriminate against users based on their exercise of any of the rights under the Consumer Privacy Act, provided that PQS may charge different prices to users based on the value of the data they provide.
In addition, kf you are a California resident, you have the right not to receive discriminatory treatment by Pharmacy Quality Solutions for the exercise of your rights conferred by the CCPA.
Nevada Privacy Rights – “Do Not Sell My Personal Information”. We may elect to share information about you with third-parties for those third-parties’ direct marketing purposes. Nevada Revised Statutes §§ 603A.300-.360 permits Nevada residents who have supplied personal information (as defined in the law) to us to, under certain circumstances, request and opt out of the sale of your personal information to third-parties for their direct marketing purposes. If this law applies to you, and you wish to make such a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a Nevada resident and provide a current Nevada address for our response. To make such a request, please contact us at our Email Notice Address with “Nevada Privacy Rights” as the subject line or mail us a letter at our Physical Notice Address. You must include your full name, email address, and postal address in your request.
General. You can exercise some of these rights by logging into your account. You can also us at our Email Notice Address or as otherwise set forth below to exercise any of your rights. We will process such requests in accordance with applicable laws. Please note that we may carry out deletion requests by de-identifying personal information. Additionally, we may retain information that is otherwise in de-identified and/or aggregated form, in archived or backup copies as required pursuant to records retention obligations, or as otherwise required by law. To protect your privacy, we may take steps to verify your identity before fulfilling your request.
V. DATA RETENTION
VI. STANDARD CONTRACTUAL CLAUSES
To the extent PQS has agreements in place with any affiliates or subprocessors, each who may have access to the personal data, such agreements shall incorporate the EU Commission approved Standard Contractual Clauses (“Standard Contractual Clauses”).
VII. DATA TRANSFERS
Onward Transfer. PQS will not disclose any personally identifiable information to a third party who is not a Company contractor or agent (“Agent”) except as outlined above. For third parties acting as an Agent, Company will ascertain that the third party follows the Standard Contractual Clauses, is subject to the EU Data Protection Directive, or has entered into an agreement with Company that is consistent with the applicable or required principles.
In the context of an onward transfer, Company has responsibility for the processing of personal information it receives under the Standard Contractual Clauses and subsequently transfers to an Agent on its behalf. Company shall remain liable under the Standard Contractual Clauses if its Agent processes such personal information in a manner inconsistent with such principles, unless Company proves that it is not responsible for the event giving rise to the damage.
Data transfer to other controllers. Principally, your any personally identifiable information is forwarded to other controllers only if required for the fulfillment of a contractual obligation, or if we ourselves, or a third party, have a legitimate interest in the data transfer, or if you have given your consent. Additionally, data may be transferred to other controllers when we are obliged to do so due to statutory regulations or enforceable administrative or judicial orders
Service providers (general). We involve external service providers with tasks such as sales and marketing services, contract management, payment handling, programming, data hosting, and hotline services. We have chosen those service providers carefully and monitor them on a regular basis, especially regarding their diligent handling of and protection of the data that they store. All service providers are obliged to maintain confidentiality and to comply with the statutory provisions. Service providers may also be our affiliates.
VIII. SECURITY OF YOUR INFORMATION
By using the Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Services, by mail or by sending an e-mail to you.
You also have a significant role in protecting your information. Only you, or a person designated by you (e.g. caregiver, family member, etc.) should edit your personal information. As such, except as otherwise described herein, do not share your user name and password with others.
IX. CHILDREN’S INFORMATION
The Services are not directed to children under 17 or other age as required by local law (“Approved Age”), and we do not knowingly collect or maintain information acquired through our Website from children under the Approved Age. Any user under the Approved Age should not use or access our Website at any time or in any manner. If you learn that your child has provided us with personal information without your consent, you may contact us as set forth below. If PQS learns that personally identifiable information of persons less than the Approved Age has been collected from our site without verified parental consent, then PQS will take the appropriate steps to delete such information and terminate the child’s account.
X. USERS OUTSIDE THE UNITED STATES
(a) Transfer of Your Information. Our Services are operated in the United States and intended for users located in the United States. While we do not expect to directly market our Services to users outside the United States in any material manner if you are located outside of the United States, please be aware that information we collect, including personal information, will be transferred to, and processed, stored and used in the United States in order to provide the Services to you. Where GDPR applies and our processors of your personal information are located outside the European Economic Area, such transfer will only be to a recipient country that ensures an adequate level of data protection, or with your explicit consent.
(b) Additional Rights Provided to EU Individuals.
- Access and Portability: You have the right to ask us to access the information we hold about you, including personal information, and be provided with certain information about how we use your such information and who we share it with. Where you have provided your personal information to us with your consent, you have the right to ask us for a copy of this data in a structured, machine readable format, and to ask us to share (port) this data to another data controller.
- Right to deletion: In certain circumstances, you have the right to ask us to delete personal information we hold about you:
- where you believe that it is no longer necessary for us to hold your data including personal information;
- where we are processing your personal information on the basis of legitimate interests and you object to such processing and we cannot demonstrate an overriding legitimate ground for the processing;
- where you have provided your personal information to us with your consent and you wish to withdraw your consent and there is no other ground under which we can process your personal information; or
- where you believe the personal information we hold about you is being unlawfully processed by us.
- Restriction: In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your personal information:
- where you believe the personal information we hold about you is inaccurate and while we verify accuracy;
- where we want to erase your personal information as the processing is unlawful, but you want us to continue to store it;
- where we no longer need your personal information for the purposes of our processing, but you require us to retain the data for the establishment, exercise or defense of legal claims; or
- where you have objected to us processing your personal information based on our legitimate interests and we are considering your objection.
In addition, you can object to our processing of your Personal Information based on our legitimate interests and we will no longer process your Personal Information unless we can demonstrate an overriding legitimate ground.
To exercise any of these rights above, please contact us at our Email Notice Address.
Please note that these rights are limited, for example, where fulfilling your request would adversely affect other individuals, where there are overriding public interest reasons, or where we are required by law to retain your personal information.
You can withdraw your consent at any time by contacting us at our Email Notice Address.
- Complaints: In the event that you wish to make a complaint about how we process your Personal Information, please contact us in the first instance at our Email Notice Address and we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to raise a complaint with a relevant supervisory authority.
XI. Governing Law and Jurisdiction.
XIII. CONTACT US