Last updated: December 2022
Please read through this Policy in its entirety and understand its terms. We may update the Policy from time to time, so please check it occasionally.
This Policy describes:
- Personal Information We Collect;
- How We Collect Your Personal Information;
- How We Use Your Personal Information;
- How We Share Your Personal Information With Third Parties;
- How We Protect Your Personal Information;
- Other Information;
- Changes to the Policy;
- Questions About This Policy;
- Privacy Information For California Residents;
Personal Information We Collect
We may collect, use, store and transfer different kinds of Personal Information about you, which we have grouped together as follows:
- Identifiers such as your first name, last name, and online identifiers (cookies, mobile advertising IDs, Device IDs).
- Contact Information such as your mailing address, email address, and telephone numbers.
- Financial Information such as account number or medical record number, payment details, or other payment information.
- Profile Data such as date of birth, account number date and location of service.
- Technical Information such as your internet protocol (IP) address, other unique identifiers, browser type and settings, and user name.
- Usage Data such as information about the Services you use, the date and time, the duration of your usage, the files downloaded or viewed, and other information about your interaction with content offered through a Service.
- Communications Information such as your communication preferences.
How We Collect Your Personal Information
Information You Provide To Us
We may collect Personal Information from you that you voluntarily provide to us in various ways, including, but not limited to, when you:
- Use or interact with our Services;
- Submit an inquiry using our online contact form; or
- Call, email or otherwise communicate with us.
Information You Provide To Us
Information You Voluntarily Provide. We may collect Personal Information from you that you voluntarily provide to us in various ways, including when you contact us or otherwise interact with us or our Services.
Automated technologies or interactions. As is true of most websites, we receive and store certain types of Personal Information whenever you interact with us or our Services. This information may include Technical and Usage Data. You may manage how your mobile device and mobile browser share location information with us, as well as how your mobile browser handles cookies and related technologies by adjusting your mobile device privacy and security settings. Please refer to instructions provided by your mobile service provider or the manufacturer of your device to learn how to adjust your settings.
Information We Collect From Third Parties
We may collect Personal Information from various third parties, including those listed below. We do not control third-party websites and are not responsible for any information they may collect. The collection, use, and disclosure of Personal Information received from third parties is governed by the privacy policies listed on the website where the information was collected by the third party and/or submitted by the user. Third parties may send their own cookies and pixel tags to you, and may collect information and use it in a way that is different from this Policy. Please carefully review these third-party privacy policies to understand how your information may be collected, used and disclosed by these third parties.
Third Party Service Providers. We do not collect Personal Information from service providers.
Google Analytics. We use third party cookies provided by Google Analytics to assist us in better understanding our visitors. These cookies collect Technical Information such as IP address and Usage or Clickstream Data, such as the length of time a user spends on a page and the pages a user visits. Based on this information, Google Analytics compiles data about website traffic and interactions, which we use to offer better user experiences and tools in the future. For information on how to opt-out from Google Analytics, click here.
Your ‘Do Not Track’ Browser Setting. Some web browsers incorporate a Do Not Track ("DNT") feature that signals to the websites that you visit that you do not want to have your online activity tracked. At this time, our Services do not respond to DNT signals. Other third party websites may keep track of your browsing activities when they provide you with content, which enables them to customize what they present to you on their websites.
How We Use Your Personal Information
We will use your Personal Information for the following purposes:
- Process, fulfill, and deliver your requests for services; and
- Provide customer support.
Other Business Purposes:
- Resolve disputes and troubleshoot problems and support;
- Enforce our terms and this Policy;
- Customize, measure and improve our services and content;
- To protect our interests, including establishing, exercising and defending legal rights and claims;
- As necessary to comply with legal requirements, to prevent fraud, to cooperate with law enforcement and regulatory authorities, and to stop other prohibited, illegal, or harmful activities; and
- For purposes disclosed at the time you provide/we request your Personal Information or as otherwise set forth in this Policy.
How We Share Your Personal Information
We share your Personal Information with third parties in the ways described below.
Information You Instruct Us to Share. You may be presented with an option on our Services to have us send certain information to third parties or give them access to it. If you choose to do so, your Personal Information and other information may be disclosed to such third parties and all information you disclose will be subject to the third-party privacy policies and practices of such third parties.
Trusted Partners. We may share your Personal Information with medical organizations in connection with your payments. Trusted Partners are obligated to maintain your personal information as confidential and have access to your personal information only as necessary to perform their requested function on your behalf.
Service Providers. We may use third-party service providers to perform certain business services and may disclose Personal Information to such service providers as needed for them to perform these business services. Business services provided include, but are not limited to, payment processing services and billing/coding vendors.
Business Transactions. We may do business with third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal Information in the same way as set out in this Policy.
Legal Process. Subject to applicable law, we may disclose information about you: (i) if we are required to do so by law, regulation or legal process, such as a subpoena; (ii) in response to requests by government entities, such as law enforcement authorities; (iii) when we believe disclosure is necessary or appropriate to prevent physical, financial or other harm, injury or loss; or (iv) in connection with an investigation of suspected or actual unlawful activity.
How We Protect Your Personal Information
We have reasonable security measures in place to prevent your Personal Information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Information on our instructions, and they are subject to a duty of confidentiality.
We endeavor to keep your Personal Information confidential and protected against unauthorized access, misuse or alteration with commercially reasonable physical, technical, and administrative measures. However, as effective as these measures are, no security system is impenetrable. We cannot guarantee the security of electronic data, nor can we guarantee that the information you supply will not be intercepted.
Our Website and Services are intended for adult use only and are not directed towards children, minors, or anyone under the age of 18. If you are under the age of 13, you are not authorized to provide us with any Personal Information. If the parent or guardian of a child under 13 believes that the child has provided us with any Personal Information, the parent or guardian of that child should contact us at the email address below and to have this Personal Information deleted from our files.
Changes to This Policy
Questions About This Policy
c/o Chief Privacy Officer
8 Oak Park Drive
Bedford MA, 10005
Privacy Information For California Users
If you are a resident of California, the California Consumer Privacy Act ("CCPA") and California Privacy Rights Act (“CPRA”) provide you with specific rights regarding your Personal Information. These include:
Right to Know: You have the right to know the categories of Personal Information that we collect about you over the past 12 months, the categories of sources from which the Personal Information was collected, the business or commercial purposes for which the Personal Information was collected, sold, shared, and the categories of third parties with whom we share the Personal Information, and the specific pieces of personal information we collected about you.
Right to Correct: You have the right to correct inaccurate personal information that we maintain about you.
Right to Delete: You have the right to request that we delete Personal Information that we collected from you and retained, subject to certain exceptions.
Right to Opt-Out of the Sale/Sharing: We do not sell or share your Personal Information.
Right to Limit the Use or Disclosure of Sensitive Personal Information: We do not use or disclosure your sensitive Personal Information.
Non-Discrimination: Unless permitted by applicable law, we will not discriminate against you for exercising any of your privacy rights under CCPA or applicable law, including by, but not limited to:
- Denying you goods or services;
- Charging you different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
- Providing you a different level of quality of goods or services; or
- Suggesting that you will receive a different price or rate for goods or services or a different level of quality of goods or services.
Exercising Your Rights: Only you or an authorized agent may make a verifiable consumer request related to your Personal Information. Each of these rights may be exercised through our online privacy request form or by sending an email to firstname.lastname@example.org.
Designating a Third-Party to Act on Your Behalf: In order to designate a third party to act on your behalf, that person must be registered with the California Secretary of State and must have valid written evidence of authority from you to act on your behalf, e.g., a validly executed Power of Attorney or some other written, notarized documentation that they can provide to us. Absent such documentation, we reserve the right to refuse to comply with third-party requests for information.
Verifying Your Requests: During the verification process, depending on the nature of your request, e.g. whether you are seeking access to information versus deleting information, we will first seek to verify your identity against known information in our environment, such as your name, e-mail address, and telephone. Upon receiving your request, we may also contact you via email and/or other secured communication channel to verify your identity. In certain instances, e.g. a mismatch against known information or where you are seeking information on behalf of another person with authorization, we may seek additional verification from you, which may be in the form of you providing a copy of a valid, government issued identification or a notarized attestation.
Response Timing and Format: We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Exceptions: We may deny certain requests, in whole or in part, based on our legal rights and obligations. For example, we may retain personal information as permitted by law, such as for tax or recordkeeping or to comply with legal obligations, to process transactions, perform continuing obligations, and facilitate requests.