Effective Date: NOVEMBER 11TH, 2022
To enable us to provide you with a delightful pharmacy experience, you may be asked to share personal information with us, including health information. FULFILLRX is committed to safeguarding the privacy and security of the information that you provide to us or that others provide to us on your behalf.
Use of the Services is also subject to our Terms of Service (our “Terms”), which incorporates this Privacy Policy.
This Privacy Policy is effective with respect to you on or after, depending on when you first use or access the Services, the Effective Date.
1. What does this Privacy Policy cover?
This Privacy Policy covers how we treat identifiable information about you that we collect. When we say, “information about you” or “your information”, we mean any information that identifies you and includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules, and regulations.
This Privacy Policy doesn’t cover the practices of third parties that we don’t own, control, or manage including any third-party websites or services. While we try to only work with third parties that share our respect for your privacy, we don’t take responsibility for their policies, so we encourage you to carefully review the privacy policies of the third-party websites or services that you access.
Certain health-related information that FULFILLRX collects may be considered “protected health information” or “PHI” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Please make sure to carefully review our HIPAA Notices of Privacy Practices (“HIPAA Notice”) which applies to the protection and use of PHI.
2. How do we collect information about you?
From You or Your Family Members. We collect information about you when you sign up for an account, place an order, communicate with us, or otherwise make use of or interact with any of the Services. This information may include your name, address, contact information, birth date, and health plan information. If a family member is using the Services on your behalf, we may also collect information about you through them.
From Your Use of the Services. We may gather information about your geographic location, either from your IP address or from your use of the Services, or from location-based information that you elect to provide through your use of a mobile device or Internet-enabled vehicle. We may also receive information through Cookies (as defined below).
From Our Service Providers and Business Partners. We may receive information about you from our service providers or business partners who assist us with, for example, marketing or promotional services, advertisements, or communications. We may use analytics providers to collect and analyze information about how you interact and engage with the Services.
From Health Care Providers and Health Plans. When you use certain Services, you may provide us with PHI. We may also receive PHI and other information from third parties, such as your doctor or health plan, who are permitted under applicable law, like HIPAA, to disclose this information to us.
3. How do we use your information?
4. Why and how do we share your information we collect with third parties?
We never share information about you unless you’ve given us permission to share that information or we’ve given you prior notice that the information will be shared and with whom (such as in this Privacy Policy). We may share, without notice or permission, aggregated, de-identified information about you to third parties as permitted by applicable law. Disclosures of your PHI will in all instances be governed by HIPAA, as further described in our HIPAA Notice.
We don’t sell your information in personally identifiable form to anyone and we haven’t sold information in personally identifiable form in the past 12 months.
5. How do you correct and update your information?
6. How do we safeguard your information?
FULFILLRX follows generally accepted industry best practices for protecting your information, including encryption of sensitive data at rest and in transit, anti-malware detection and prevention mechanisms, and real-time monitoring and response for potential security threats to protect sensitive personal information. Although we work to protect the security of your account and information, please be aware that no method of information transfer over the Internet or electronic data storage is completely secure and therefore we can’t guarantee the absolute security of your information during its transmission or its storage in our systems.
7. Will this Privacy Policy change?
We may change this Privacy Policy at any time. However, we’ll give you prior notice of any major changes by placing a notice on the Services, by sending you an email, or by some other manner, and we’ll let you know when the modified Privacy Policy will become effective. Your continued use of the Services after the new effective date will be considered assent to the new Privacy Policy.
8. What else do you need to know?
Local Storage, Cookies, and Opt-Out.FULFILLRX uses browser local storage technology to manage your identity, store your preferences, track how you interact with the Services, and make your experience more consistent. You can control how local storage works on your browser settings, however, disabling the local storage functionality on your browser may prevent you from being able to access and use our website.
Cookies and similar technologies such as tracking pixels (collectively, “Cookies”) are small pieces of data placed on your computer, tablet, phone or similar device when you use that device to access the Services. We may use Cookies to enable our servers to recognize your web browser, tell us how and when you visit and use the Services, analyze trends, learn about our customer base, and operate and improve the Services (local storage may also perform these functions). We may also use Cookies to track and provide advertising and in our relationships with our service providers to assist us in better understanding customers of the Services. Cookies help us in many ways to make your use of the Services more enjoyable and meaningful.
You can decide whether or not to accept Cookies through your browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You can also delete all Cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit our website and other Services and it may impact the overall functionality of some features of the Services. Please note that because of our use of Cookies, the Services don’t support “Do Not Track” requests sent from a browser at this time.
Information Retention. We retain information about you for as long as you have an active account with us or as otherwise necessary to provide you with our Services. In some cases, we retain information for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule, or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.
9. California Privacy Laws
Privacy Rights Under the California Consumer Privacy Act (“CCPA”)
If you’re a California resident, California law requires us to provide you with some additional information about how we collect, use, and share your “personal information” as defined in the CCPA. If there are any conflicts between this section and any other provision of this Privacy Policy and you’re a California resident, the portion that is more protective of your personal information shall control to the extent of such conflict.
Summary of Personal Information We Collect. Throughout this Privacy Policy, we describe the personal information we collect, the sources of that information, and how we use and share it. Under the CCPA, we also have to provide you with the “categories” of personal information we collect and disclose for “business purposes” (as those terms are defined by applicable law). Those categories are identifiers (such as name and email address); commercial information (such as transaction history); financial data (such as financial account information); internet or other network or device activity (such as IP address or usage data); geolocation information (such as general location); health data; inference data about you; legally protected classifications (such as gender); professional or employment information (such as job title); sensory data; (such as voice recordings made during calls with our customer support team); or other information that identifies or can be reasonably associated with you.
Use and Sharing of Personal Information. We use these categories of personal information consistent with the various business and commercial purposes we describe in this Privacy Policy. Check out “How do we use your information?” above to learn more. We may share this information with third parties as described above in “Why and how do we share your information we collect with third parties?”.
Your Privacy Rights. You have the following rights under the CCPA with respect to your personal information.
Right to Know. You’ve the right to request details of the personal information about you that we’ve collected and used subject to our receipt and confirmation of your verifiable consumer request. Specifically, we’ll disclose to you:
Right to Delete. You’ve the right to request the deletion of your personal information that is collected or maintained by us subject to our receipt and confirmation of your verifiable consumer request. Under the CCPA, this right is subject to certain exceptions: for example, we may need to retain your information to provide you with the Services or complete a transaction or other action you’ve requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.
Right to Opt Out of Sale. FULFILLRX doesn’t sell personal information and will not sell personal information without providing a future right to opt-out of such a sale.
Right to Non-Discrimination. We may not discriminate against you because you’ve exercised any of the privacy rights described above.
10.Exercising Your Rights. To exercise the rights described above, you (or your authorized agent) must send us a request that (1) provides sufficient information to allow us to verify that you’re the person about whom we’ve collected personal information, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Satisfaction of both criteria means your request is a “verifiable consumer request” and we’re not required to respond to requests that don’t meet these criteria. We’ll only use personal information provided in a request to verify your identity and complete your request. You don’t need an account to submit a request.
We’ll work to respond to your request within 45 days of receipt. We’ll not charge you a fee for making a request unless your request(s) is excessive, repetitive, or manifestly unfounded. If we determine that your request warrants a fee, we’ll notify you of the fee and explain that decision before completing your request.
You may submit a request using the following methods:
11. You may authorize an agent to exercise your rights on your behalf. To do this, you must provide your authorized agent with written permission to exercise your You may submit a request using the following methods:
rights on your behalf, and we may request a copy of this written permission from your authorized agent when they make a request on your behalf. If we’ve collected information on your minor child, you may exercise the above rights on behalf of your minor child.
Other California Privacy Rights
10. Other State Law Privacy Rights