FULFILLRX Privacy Policy

Effective Date: NOVEMBER 11TH, 2022
To enable us to provide you with a delightful pharmacy experience, you may be asked to share personal information with us, including health information. FULFILLRX is committed to safeguarding the privacy and security of the information that you provide to us or that others provide to us on your behalf.
By using or accessing FULFILLRX’s pharmacy services, website, mobile application, products, and other technology platforms (collectively, the “Services”), you understand and agree that your information will be subject to the practices and policies outlined in this Privacy Policy, and you consent to the collection, use, and sharing of your information in the ways outlined in this Privacy Policy. If you don’t agree to this Privacy Policy, you shouldn’t and aren’t permitted to use or access any of the Services. If you have a disability, you may access this Privacy Policy in an alternative format by contacting [email protected].
Use of the Services is also subject to our Terms of Service (our “Terms”), which incorporates this Privacy Policy.
This Privacy Policy is effective with respect to you on or after, depending on when you first use or access the Services, the Effective Date.
1. What does this Privacy Policy cover?
This Privacy Policy covers how we treat identifiable information about you that we collect. When we say, “information about you” or “your information”, we mean any information that identifies you and includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules, and regulations. This Privacy Policy doesn’t cover the practices of third parties that we don’t own, control, or manage including any third-party websites or services. While we try to only work with third parties that share our respect for your privacy, we don’t take responsibility for their policies, so we encourage you to carefully review the privacy policies of the third-party websites or services that you access. Certain health-related information that FULFILLRX collects may be considered “protected health information” or “PHI” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Please make sure to carefully review our HIPAA Notices of Privacy Practices (“HIPAA Notice”) which applies to the protection and use of PHI.
2. How do we collect information about you?
From You or Your Family Members. We collect information about you when you sign up for an account, place an order, communicate with us, or otherwise make use of or interact with any of the Services. This information may include your name, address, contact information, birth date, and health plan information. If a family member is using the Services on your behalf, we may also collect information about you through them.
From Your Use of the Services. We may gather information about your geographic location, either from your IP address or from your use of the Services, or from location-based information that you elect to provide through your use of a mobile device or Internet-enabled vehicle. We may also receive information through Cookies (as defined below).
From Our Service Providers and Business Partners. We may receive information about you from our service providers or business partners who assist us with, for example, marketing or promotional services, advertisements, or communications. We may use analytics providers to collect and analyze information about how you interact and engage with the Services.
From Health Care Providers and Health Plans. When you use certain Services, you may provide us with PHI. We may also receive PHI and other information from third parties, such as your doctor or health plan, who are permitted under applicable law, like HIPAA, to disclose this information to us.
3. How do we use your information?
We may use the information we collect about you in the following ways:
  • To personalize your experience and provide you with the Services you’ve requested;
  • To process your orders including any applicable discounts;
  • To respond to communications that we receive from you, to contact you when necessary or requested, and to send you information about FULFILLRX or the Services;
  • To allow us to better service you in responding to your customer service requests;
  • To improve the Services, including testing, research, internal analytics, and product development;
  • To market the Services to you;
  • To enforce our Terms, and to detect and protect against error, fraud and other unauthorized or illegal activities;
  • To fulfill our legal obligations under applicable law, regulation, court order or other legal process;
  • To protect the rights, property, security or safety of you, FULFILLRX, customers of the Services, or the public;
  • To resolve any disputes and enforce any agreements with you;
  • To provide you with information that we believe will be of value to you in protecting and managing your health, which may be customized based on prescriptions you’ve filled at FULFILLRX or other information you’ve provided us; and
  • To provide any legitimate business service or product.
4. Why and how do we share your information we collect with third parties?
We never share information about you unless you’ve given us permission to share that information or we’ve given you prior notice that the information will be shared and with whom (such as in this Privacy Policy). We may share, without notice or permission, aggregated, de-identified information about you to third parties as permitted by applicable law. Disclosures of your PHI will in all instances be governed by HIPAA, as further described in our HIPAA Notice. We don’t sell your information in personally identifiable form to anyone and we haven’t sold information in personally identifiable form in the past 12 months.
We may share your information with third parties for the following reasons:
  • To our service providers and business partners who have been engaged to enable us to provide the Services to you or perform business functions on our behalf;
  • To your other health care providers to enable them or us to provide you with certain Services that you’ve requested, particularly related to your health care;
  • To your health plan to enable us to receive reimbursement of your prescription purchase;
  • To partners whose products or services you’ve requested, in order to deliver those products or services to you;
  • To a law enforcement agency or other government agency in response to a subpoena, court order, or other request from such agency;
  • To a third party if such disclosure is required in order for us to fulfill our legal obligations under applicable law, regulation, court order, or other legal process;
  • To establish or exercise our legal rights, or to defend against claims;
  • To protect the rights, property, security, or safety of you, FULFILLRX, our customers, or the public; and
  • To an acquirer or potential acquirer of FULFILLRX, of one or more of our business units or of some or all of our assets, or in the context of some other business acquisition transaction or other transaction in which a third party assumes control of part or all of our business.
5. How do you correct and update your information?
You can correct or update your personal information by updating your account through the Services or by contacting us at [email protected] or (833) 932-8367. It may take us up to 30 days to process your request. Our HIPAA Notice provides details on how to update your PHI.
6. How do we safeguard your information?
FULFILLRX follows generally accepted industry best practices for protecting your information, including encryption of sensitive data at rest and in transit, anti-malware detection and prevention mechanisms, and real-time monitoring and response for potential security threats to protect sensitive personal information. Although we work to protect the security of your account and information, please be aware that no method of information transfer over the Internet or electronic data storage is completely secure and therefore we can’t guarantee the absolute security of your information during its transmission or its storage in our systems.
7. Will this Privacy Policy change?
We may change this Privacy Policy at any time. However, we’ll give you prior notice of any major changes by placing a notice on the Services, by sending you an email, or by some other manner, and we’ll let you know when the modified Privacy Policy will become effective. Your continued use of the Services after the new effective date will be considered assent to the new Privacy Policy.
8. What else do you need to know?
Local Storage, Cookies, and Opt-Out.FULFILLRX uses browser local storage technology to manage your identity, store your preferences, track how you interact with the Services, and make your experience more consistent. You can control how local storage works on your browser settings, however, disabling the local storage functionality on your browser may prevent you from being able to access and use our website.
Cookies and similar technologies such as tracking pixels (collectively, “Cookies”) are small pieces of data placed on your computer, tablet, phone or similar device when you use that device to access the Services. We may use Cookies to enable our servers to recognize your web browser, tell us how and when you visit and use the Services, analyze trends, learn about our customer base, and operate and improve the Services (local storage may also perform these functions). We may also use Cookies to track and provide advertising and in our relationships with our service providers to assist us in better understanding customers of the Services. Cookies help us in many ways to make your use of the Services more enjoyable and meaningful.
You can decide whether or not to accept Cookies through your browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You can also delete all Cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit our website and other Services and it may impact the overall functionality of some features of the Services. Please note that because of our use of Cookies, the Services don’t support “Do Not Track” requests sent from a browser at this time.
Children’s Privacy. Parents or guardians are permitted to use the Services on behalf of a child under their care and these parents or guardians may provide us with their child’s information. However, FULFILLRX doesn’t knowingly collect information directly from children themselves. If you’re under the age of eighteen, please don’t use or access the Services. If you believe that a child under 18 years of age may have directly provided their information to us, please contact us at [email protected].
Information Retention. We retain information about you for as long as you have an active account with us or as otherwise necessary to provide you with our Services. In some cases, we retain information for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule, or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.
Questions or Concerns. If you’ve any questions or concerns regarding privacy using the Services, please contact us at [email protected] or (833) 932-8367.
9. California Privacy Laws
Privacy Rights Under the California Consumer Privacy Act (“CCPA”) If you’re a California resident, California law requires us to provide you with some additional information about how we collect, use, and share your “personal information” as defined in the CCPA. If there are any conflicts between this section and any other provision of this Privacy Policy and you’re a California resident, the portion that is more protective of your personal information shall control to the extent of such conflict.
Summary of Personal Information We Collect. Throughout this Privacy Policy, we describe the personal information we collect, the sources of that information, and how we use and share it. Under the CCPA, we also have to provide you with the “categories” of personal information we collect and disclose for “business purposes” (as those terms are defined by applicable law). Those categories are identifiers (such as name and email address); commercial information (such as transaction history); financial data (such as financial account information); internet or other network or device activity (such as IP address or usage data); geolocation information (such as general location); health data; inference data about you; legally protected classifications (such as gender); professional or employment information (such as job title); sensory data; (such as voice recordings made during calls with our customer support team); or other information that identifies or can be reasonably associated with you.
Use and Sharing of Personal Information. We use these categories of personal information consistent with the various business and commercial purposes we describe in this Privacy Policy. Check out “How do we use your information?” above to learn more. We may share this information with third parties as described above in “Why and how do we share your information we collect with third parties?”.
Your Privacy Rights. You have the following rights under the CCPA with respect to your personal information.
Right to Know. You’ve the right to request details of the personal information about you that we’ve collected and used subject to our receipt and confirmation of your verifiable consumer request. Specifically, we’ll disclose to you:
    ■ The categories of personal information we collected about you;
    ■ The categories of sources for personal information we collected about you;
    ■ Our business or commercial purpose for collecting your personal information;
    ■ The categories of third parties with whom we shared your personal information;
    ■ The specific pieces of your personal information; and
    ■ If we disclosed your personal information for a business purpose over the past 12 months, a list identifying the personal information categories that each category of recipient obtained.
Right to Delete. You’ve the right to request the deletion of your personal information that is collected or maintained by us subject to our receipt and confirmation of your verifiable consumer request. Under the CCPA, this right is subject to certain exceptions: for example, we may need to retain your information to provide you with the Services or complete a transaction or other action you’ve requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.
Right to Opt Out of Sale. FULFILLRX doesn’t sell personal information and will not sell personal information without providing a future right to opt-out of such a sale.
Right to Non-Discrimination. We may not discriminate against you because you’ve exercised any of the privacy rights described above.
10.Exercising Your Rights. To exercise the rights described above, you (or your authorized agent) must send us a request that (1) provides sufficient information to allow us to verify that you’re the person about whom we’ve collected personal information, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Satisfaction of both criteria means your request is a “verifiable consumer request” and we’re not required to respond to requests that don’t meet these criteria. We’ll only use personal information provided in a request to verify your identity and complete your request. You don’t need an account to submit a request.
We’ll work to respond to your request within 45 days of receipt. We’ll not charge you a fee for making a request unless your request(s) is excessive, repetitive, or manifestly unfounded. If we determine that your request warrants a fee, we’ll notify you of the fee and explain that decision before completing your request. You may submit a request using the following methods:
  • Email us at [email protected];
  • Call us toll-free at (833) 932-8367; or
  • In writing to FULFILLRX’s Privacy Officer at 151 N 8th Street, Lincoln, Nebraska, 68508 (Attention: Privacy Officer and Legal Department).
11. You may authorize an agent to exercise your rights on your behalf. To do this, you must provide your authorized agent with written permission to exercise your You may submit a request using the following methods:
rights on your behalf, and we may request a copy of this written permission from your authorized agent when they make a request on your behalf. If we’ve collected information on your minor child, you may exercise the above rights on behalf of your minor child.
Other California Privacy Rights
If you’re a California resident, you may request that we provide you with certain information about the entities with which we’ve shared your personal information for the entities’ own direct marketing purposes during the preceding calendar year. To do so, please contact us at [email protected].
10. Other State Law Privacy Rights
Nevada Resident Rights. If you’re a resident of Nevada, you’ve the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. You can exercise this right by contacting us at [email protected] with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we don’t currently sell your Personal Data as sales are defined in Nevada Revised Statutes Chapter 603A.