Effective: June 2020
- Your Choices and Your CA Privacy Rights
You have certain choices regarding information collection and communications options explained here, including:
- California residents have certain privacy rights detailed here;
- Although PatientPoint does not look for or respond to “do not track” signals, you can find information on tracking technologies here and certain choice options regarding Tracking Technologies here;
- Your options regarding accessing and changing certain of your Personal Information are available here;
- Your options regarding promotional communications are explained here;
- Your options regarding our Mobile Ad Services are available here;
- Children’s and minors’ privacy rights, and notice to parents of these rights, are explained here.
- Collection of Information
- PatientPoint may ask you to provide Personal Information (e.g., name, address, e-mail, phone number, etc.), as well as other information (e.g., gender, interests, etc.), which may be required to access certain content, features, and functionality. More
- PatientPoint and third parties may collect information from you automatically as you access the Service (e.g., information about the devices you use to access the Service and your usage activities). More
- The information PatientPoint receives via the Service may be combined with information PatientPoint receives from third parties and sources outside of the Service. More
- PatientPoint’s policies and practices regarding Personal Information collected from children are explained here. More
- Use of Information
- Sharing of Information
- to deliver and improve PatientPoint’s services;
- for PatientPoint’s (defined below) marketing and other purposes;
- in connection with corporate transactions (e.g., merger or sale);
- to display your posts or send your messages (More);
- in connection with your use of third-party services (More); and
- in connection with sweepstakes, contests and promotions (More).
- PatientPoint obtains your consent (e.g., opt-out), however, before knowingly sharing Personal Information with third parties (including our Affiliates) for their own direct marketing purposes.
- PatientPoint may share your non-Personal Information, aggregate and/or de-identified information about you except as prohibited by applicable law.
- Questions and How to Contact PatientPoint
1. INFORMATION WE COLLECT.
A. Information about You that You Provide. PatientPoint, and/or its Service Providers (defined below), may collect information you provide directly to PatientPoint and/or its Service Providers via the Service. For example, PatientPoint collects information when you use or register for the Service, subscribe to notifications, post on the Service, participate in promotional activities, or communicate or transact through the Service. In addition, when you interact with Third-Party Services (defined below), you may be able to provide information to those third parties. For more information on Third-Party Services’ data collection and practices click here. For more information on Service Provider data collection and practices click here.
B. Information Collected Automatically. PatientPoint, its Service Providers, and/or Third-Party Services may also automatically collect certain inforamtion about you when you access or use the Service (“Usage Information”). Usage Information may include IP address, device identifier, browser type, operating system, information about your use of the Service, and data regarding network connected hardware (e.g., computer, tablet or mobile device). Except to the extent required by applicable law, or to the extent Usage Information is combined by or on behalf of PatientPoint with PatientPoint-Collected PI, PatientPoint does not consider Usage Information (including, without limitation, unique device identifiers) to be Personal Information or PatientPoint-Collected PI. For more information on Third-Party Services’ data collection and practices click here. For more information on Service Provider data collection and practices click here. For information on choices some of these third parties may offer you regarding automated data collection click here.
The methods that may be used on the Service to collect Usage Information include:
- Log Information: Log information is data about your use of the Service, such as IP address, browser type, Internet service provider, referring/exit pages, operating system, date/time stamps, and related data, and may be stored in log files.
- Information Collected by Cookies and Other Tracking Technologies: Cookies, web beacons (also known as “tracking pixels”), embedded scripts, location-identifying technologies, in-app tracking methods and other tracking technologies now and hereafter developed (“Tracking Technologies”) may be used to collect information about interactions with the Service or e-mails, including information about your browsing and purchasing behavior.
Some information about your use of the Service and certain Third-Party Services may be collected using Tracking Technologies across time and services, and used by PatientPoint and third parties for purposes such as to associate different devices you use, and deliver relevant ads and/or other content to you on the Service and certain Third-Party Services. See Section 11 regarding certain choices regarding these activities.
PatientPoint is giving you notice of the Tracking Technologies and your choices regarding them explained in Section 11 so that your consent to encountering them is meaningfully informed.
- Web Beacons (“Tracking Pixels”)
Web beacons are small graphic images, also known as “Internet tags” or “clear gifs,” embedded in web pages and e-mail messages. Web beacons may be used, without limitation, to count the number of visitors to the Service, to monitor how users navigate the Service, and to count content views.
- Embedded Scripts
An embedded script is programming code designed to collect information about your interactions with the Service. It is temporarily downloaded onto your computer from PatientPoint’s web server, or from a third party with which PatientPoint works, and is active only while you are connected to the Service, and deleted or deactivated thereafter.
- Location-identifying Technologies
GPS (global positioning systems) software, geo-filtering and other location-aware technologies locate (sometimes precisely) you, or make assumptions about your location, for purposes such as verifying your location and delivering or restricting content based on your location. If you have enabled GPS or use other location-based features on the Service, your device location may be tracked.
- In-App Tracking Methods
There are a variety of Tracking Technologies that may be included in mobile applications, and these are not browser-based like cookies and cannot be controlled by browser settings. Some use device identifier, or other identifiers such as “Ad IDs” to associate app user activity to a particular app and to track user activity across apps and/or devices.
D. Information PatientPoint Collects Through Our Mobile Ad Service. As part of our Mobile Ad Service, we and our Service Providers may identify your device and device location and collect Usage Information via 1st Party Publisher services through Tracking Technologies, including Location-identifying Technologies and In-App Tracking Methods. For more information on choices we and third parties offer you regarding those practices, click here.
2. HOW WE USE THE INFORMATION WE OBTAIN.
- Allow you to participate in the features we offer on the Service;
- Facilitate, manage, personalize, and improve your online experience;
- Transact with you, provide services or information you request, respond to your comments, questions and requests, serve you content and/or advertising, and send you notices;
- PatientPoint’s marketing and other purposes, including the operation of our Mobile Ad Service;
- Improve the Service and for any other internal business purposes;
- Tailor our content, advertisements, and offers;
- Fulfill other purposes disclosed at the time you provide Personal Information or otherwise where we are legally permitted or are required to do so;
- Determine your location and manage location-aware ad and other content delivery; and
- Prevent and address fraud, breach of policies or terms, and threats or harm.
3. INFORMATION WE SHARE WITH THIRD PARTIES.
PatientPoint may share non-Personal Information, and Personal Information that is not deemed PatientPoint-Collected PI hereunder (provided that PatientPoint is aware of no restrictions on PatientPoint’s use, if any), with our parent and its and our subsidiaries and affiliates (“Affiliates”), and unaffiliated third parties for any purpose permitted by applicable law. Without limiting the generality of the foregoing, we and third parties may convert your Personal Information, including PatientPoint-Collected PI, to non-Personal Information, including without limitation through hashing it or substituting a unique identifier for the Personal Information and we and third parties may use and share that data as permitted by applicable law, including to match data attributes to and from other sources. Any such third party activities are subject to their privacy policies and practices. PatientPoint’s sharing of PatientPoint-Collected PI is, however, subject to the following:
- Marketing: Subject to your communications choices explained in Section11.E, and the rights of California residents explained here, we may use your Personal Information to send you marketing communications. Subject to your right to opt-out as set forth in Section 11.F, PatientPoint may share your PatientPoint-Collected PI with third parties, including our Affiliates, for their own direct marketing purposes, except in connection with Corporate Transactions (defined below).
- Your Disclosure or Consent: As more fully described in Section 5 (Information You Disclose Publicly or to Others) and Section 6 (Third-Party Content, Third-Party Services, Social Features, Advertising and Analytics), your activities on the Service may, by their nature, result in the sharing of your PatientPoint-collected Personal Information (as well as your other Personal Information and your non-Personal Information) with third parties and by engaging in these activities you consent to that and further sharing and disclosure to third parties. Such third party data receipt and collection is subject to the privacy and business practices of that third party, not PatientPoint.
- PatientPoint’s agents, vendors, consultants, and other service providers (collectively “Service Providers”) may receive, or be given access to your information, including, without limitation, Personal Information, Demographic Information, and Usage Information, in connection with their work on PatientPoint’s behalf, provided however, PatientPoint does not authorize its Service Providers to use PatientPoint-Collected PI provided by PatientPoint to the Service Providers to send you direct marketing messages other than related to PatientPoint, its Affiliates, or in connection the operation of our Mobile Ad Service, absent your consent. For more information on choices Service Providers may offer you click here.
- To comply with the law, law enforcement or other legal process, and in response to a government request; and
In addition, PatientPoint may share your PatientPoint-Collected Personal Information (as well as your other Personal Information and your non-Personal Information), in connection with or during negotiations of any proposed or actual financing of our business, or merger, purchase, sale, joint venture, or any other type of acquisition or business combination of all or any portion of PatientPoint assets, or transfer of all or a portion of PatientPoint’s business to another company, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding (“Corporate Transactions”).
4. SWEEPSTAKES, CONTESTS, AND PROMOTIONS.
5. INFORMATION YOU DISCLOSE PUBLICLY OR TO OTHERS.
Additionally, the Service may offer you the option to send a communication to a friend or other contact. If so, PatientPoint relies on you to only send to people that have given you permission to do so. The recipient’s Personal Information you provide (e.g., name, e-mail address) will be used to facilitate the communication, but not used by PatientPoint for any other marketing purpose unless PatientPoint obtains consent from that person. Your contact information and message may be included in the communication.
6. THIRD-PARTY CONTENT, THIRD-PARTY SERVICES, SOCIAL FEATURES, ADVERTISING AND ANALYTICS.
The Service may include hyperlinks to, or include on or in connection with, the Service (e.g., apps and plug-ins), websites, locations, platforms, applications or services operated by third parties (“Third-Party Service(s)”), including the 1st Party Publishers that participate in our Mobile Ad Service. These Third-Party Services may use their own cookies, web beacons, and other Tracking Technology to independently collect information about you and may solicit Personal Information from you.
Certain functionalities on the Service permit interactions that you initiate between the Service and certain Third-Party Services, such as third party social networks (“Social Features”). Examples of Social Features include: enabling you to send content such as contacts, images and photos between the Service and a Third-Party Service; “liking” or “sharing” PatientPoint’s content; logging in to the Service using your Third-Party Service account (e.g., using Facebook Connect to sign-in to the Service); and to otherwise connect the Service to a Third-Party Service (e.g., to pull or push information to or from the Service). If you use Social Features, and potentially other Third-Party Services, information you post or provide access to may be publicly displayed on the Service (see Section 5) or by the Third-Party Service that you use. Similarly, if you post information on a third-party service that references the Service (e.g., by using a hashtag associated with PatientPoint in a tweet or status update), your post may be used on or in connection with the Service or otherwise by PatientPoint. Also, both PatientPoint and the third party may have access to certain information about you and your use of the Service and any Third-Party Service.
PatientPoint may engage and work with Service Providers and other third parties to serve advertisements on the Service and/or on third-party services. This includes both in the operation of our Online Service and our Mobile Ad Service. Some of these ads may be tailored to your interest based on your browsing of the Service and elsewhere on the internet, sometimes referred to as “interest-based advertising” and “online behavioral advertising” (collectively, “Interest-based Advertising”), which may include sending you an ad on a third party service after you have left the Service (i.e., “retargeting”). We also treat location-aware ads that are sent in part due to your device location as Interest-based Advertising, and our Mobile Ad Service employs such geo targeting. However, we and third parties offer your choices regarding Interest-based Advertising as more fully explained here.
7. DATA SECURITY AND MONITORING
PatientPoint takes reasonable measures to protect PatientPoint-Collected PI (excluding public USER CONTENT) from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. Nevertheless, transmission via the internet and online digital storage are not completely secure and PatientPoint does not guarantee the security of your information collected through the Service.
8. INTERNATIONAL TRANSFER.
9. CHILDREN'S PRIVACY.
The Service is intended for a general audience and not directed to children less than 13 years of age. PatientPoint does not intend to collect personal information as defined by the U.S. Children’s Privacy Protection Act (“COPPA”) (“Children’s Personal Information”) in a manner that is not permitted by COPPA. If we obtain knowledge that we have collected Children’s Personal Information in a manner not permitted by COPPA, we will remove such data to the extent required by COPPA.
Any California residents under the age of eighteen (18) who have registered to use the Service, and who posted content or information on the Service, can request removal by contacting PatientPoint here, detailing where the content or information is posted and attesting that you posted it. PatientPoint will then make reasonable good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third-parties may have republished or archived content by search engines and others that PatientPoint does not control.
10. ACCESSING AND CHANGING INFORMATION.
PatientPoint may provide web pages or other mechanisms allowing you to delete, correct, or update some of the PatientPoint-Collected PI, and potentially certain other information about you (e.g., profile and account information); or contact us here. PatientPoint will make good faith efforts to make requested changes in PatientPoint’s then-active databases as soon as practicable, but it is not always possible to completely change, remove or delete all of your information or public postings from PatientPoint’s databases (California minors see Section 9) and residual and/or cached data may remain archived thereafter. Further, we reserve the right to retain data (a) as required by applicable law; and (b) for so long as reasonably necessary to fulfill the purposes for which the data is retained except to the extent prohibited by applicable law.
11. CHOICES: TRACKING AND COMMUNICATIONS OPTIONS.
A. Tracking Technologies Generally. Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers, and in some instances blocked in the future by selecting certain settings. Browsers offer different functionalities and options so you may need to set them separately. Also, tools from commercial browsers may not be effective with regard to Flash cookies (also known as locally shared objects), HTML5 cookies, or other Tracking Technologies. For information on disabling Flash cookies, go to Adobe’s website http://helpx.adobe.com/flash-player/kb/disable-third-party-local-shared.html. Please be aware that if you disable or remove these technologies, some parts of the Service may not work and that when you revisit the Service your ability to limit browser-based Tracking Technologies is subject to your browser settings and limitations.
Some App-related Tracking Technologies in connection with non-browser usage (e.g., most functionality of a mobile app) can only be disabled by uninstalling the app. To uninstall an app, follow the instructions from your operating system or handset manufacturer. Some further information regarding opting-out, disabling, or removing App-related Tracking Technologies is set forth below inSections 11.E and 11.F.
Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no consensus among industry participants as to what “Do Not Track” means in this context. Like many online services, PatientPoint currently does not alter PatientPoint’s practices when PatientPoint receives a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” you can visit http://www.allaboutdnt.com, but PatientPoint is not responsible for the completeness or accuracy of this third party information. Some third parties, however, may offer you choices regarding their Tracking Technologies. One way to potentially identify cookies on our web site is to add the free Ghostery plug-in to your browser (www.ghostery.com), which according to Ghostery will display for you traditional, browser-based cookies associated with the web sites (but not mobile apps) you visit and privacy and opt-out policies and options of the parties operating those cookies. PatientPoint is not responsible for the completeness or accuracy of this tool or third party choice notices or mechanisms. For specific information on some of the choice options offered by third party analytics and advertising providers, see the next section.
You may choose whether to receive some Interest-based Advertising by submitting opt-outs. Some of the advertisers and Service Providers that perform advertising-related services for us and third parties may participate in the Digital Advertising Alliance’s (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. To learn more about how you can exercise certain choices regarding Interest-based Advertising, visit http://www.aboutads.info/choices/, and http://www.aboutads.info/appchoices for information on the DAA’s opt-out program for mobile apps. Some of these companies may also be members of the Network Advertising Initiative (“NAI”). To learn more about the NAI and your opt-out options for their members, see http://www.networkadvertising.org/choices/. Please be aware that, even if you are able to opt out of certain kinds of Interest-based Advertising, you may continue to receive other types of ads. Opting out only means that those selected members should no longer deliver certain Interest-based Advertising to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). Also, if your browsers are configured to reject cookies when you visit these opt-out webpages, or you subsequently erase your cookies, use a different device or web browser or use a non-browser-based method of access (e.g., mobile app), your NAI / DAA browser-based opt-out may not, or may no longer, be effective. PatientPoint supports the ad industry’s 2009 Self-regulatory Principles for Online Behavioral Advertising (http://www.iab.net/media/file/ven-principles-07-01-09.pdf) and expects that ad networks PatientPoint directly engages to serve you Interest-based Advertising, and the 1st party Publishers that participate in our Mobile Ad Service, will do so as well, though PatientPoint cannot guaranty their compliance. PatientPoint is not responsible for effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.
In addition, we may serve ads on third-party services that are targeted to reach people on those services that are also identified on one of more of our data bases (“Matched List Ads”). This is done by using Tracking Technologies or by matching common factors between our data bases and the data bases of the third-party services. For instance, we may use such ad services offered by Facebook or Twitter and other Third-Party Services. We are not responsible for these Third-Party Services, including without limitation their security of the data. If we use Facebook to serve Matched List Ads on Facebook services, you should be able to hover over the box in the right corner of such a Facebook ad, or go to your account settings, and find out what options Facebook offers you to control such ads. If we use Twitter Matched List Ads, you should be able to review your ad options in account settings on Twitter. We are not responsible for such third parties’ failure to comply with your or our opt-out instructions, they may not give us notice of opt-outs to our ads that you give to them, and they may change their options without notice to us or you.
C. Mobile Apps. With respect to PatientPoint’s mobile apps (“apps”), you can stop all collection of data generated by use of the app by uninstalling the app. Also, you may be able to exercise specific privacy choices, such as enabling or disabling certain features (e.g., location-based services, push notifications, accessing calendar/contacts/photos, etc.), by adjusting the permissions in your mobile device and/or the app’s settings. Beware that if GPS precise location services are disabled, other means of establishing or estimating location (e.g., connecting to or proximity to wi-fi, Bluetooth, beacons, or our networks) may persist. See also the prior section regarding the DAA’s mobile Interest-based Advertising choices.
D. Mobile Ad Service. You can opt-out of our Interest-based Advertising serving, including our location-targeted ads, via our Mobile Ad Service with regard to a specific mobile device, using the DAA’s mobile Interest-based Advertising choices described above. However, we also offer you other ways to stop location-targeted ads and other Interest-based Ads we serve via our Mobile Ad Service. You stop location-targeted ads by turning off location services on each app you use, or on your mobile devices. Also, if you set your Android or Apple device settings to enable ad targeting restrictions, we will not serve you location-targeted ads and other Interest-based Ads to that device. In addition, if you visit our medical condition content offerings in response to a location-targeted ad we have served you, we will not subsequently send you ads on other sites or services based on your interest in that content unless you have opted-in to receiving such later Interest-based Ads. You can later withdraw that consent, and you can opt-out of all of our location-targeted ads and other Interest-based Ads, by contacting us here. However, you must opt-out separately for each of your devices, and if you later opt-in to Interest-based Ads using one of your devices that will override your prior opt-out on that device.
E. Communications. You can opt out of receiving certain promotional and/or informational communications (emails or text messaging) from PatientPoint and/or its Service Providers at any time by (i) for promotional or informational e-mails, following the instructions provided in emails to click on the unsubscribe link, or if available by changing your communication preferences by logging onto your account; and (ii) for text messages, following the instructions provided in text messages from PatientPoint’s Service Providers to text the word, “STOP”. Please note that your opt-out is limited to the e-mail address or phone number used and will not affect subsequent subscriptions. If you opt-out of only certain communications, other subscription communications may continue. Even if you opt out of receiving promotional communications, PatientPoint may, subject to applicable law, continue to send you non-promotional communications, such as those about your account, transactions, servicing, or PatientPoint’s ongoing business relations. To prospectively opt-out of our sharing of your Company-Collected PI, including with our Affiliates, for their own direct marketing purposes, contact us here.
F. Opt-Out. You may opt-out of PatientPoint sharing your PatientPoint-Collected Personal Information with third parties, including our Affiliates, for such third parties’ own direct marketing purposes. You may exercise that opt-out by contacting PatientPoint here or by sending a letter to PatientPoint at PatientPoint Network Solutions, LLC, 5901 E Galbraith Rd R1000, Cincinnati, OH 45236, Attention: Legal Department.
12. YOUR CALIFORNIA PRIVACY RIGHTS.
PatientPoint provides California residents with the option to opt-out to sharing of “personal information” as defined by California’s “Shine the Light” law with third parties, including our Affiliates, for such third parties’ own direct marketing purposes. California residents may exercise that opt-out, and/or request information about PatientPoint’s compliance with the Shine the Light law, by contacting PatientPoint here or by sending a letter to PatientPoint at PatientPoint Network Solutions, LLC, 5901 E Galbraith Rd R1000, Cincinnati, OH 45236, Attention: Legal Department. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that PatientPoint is only required to respond to one request per customer each year.
California minors should see “Children’s Privacy” at Section 9 regarding removal of certain content they have posted.
14. CONTACT PATIENTPOINT.