WE AT MED&BEYOND VALUE YOUR PRIVACY AND ARE COMMITTED TO KEEPING YOUR PERSONAL DATA CONFIDENTIAL. WE USE YOUR DATA SOLELY IN THE CONTEXT OF PROVIDING MEMBERSHIP-BASED ACCESS TO OUR MOBILE APPLICATION (THE “APP”) THAT ENABLES YOU TO ACCESS TO CERTAIN THIRD-PARTY SERVICES TO SUPPORT ACCESSIBLE AND AFFORDABLE HEALTH SERVICES. THE SERVICES AVAILABLE ARE OFFERED BY M&B AND ITS THIRD-PARTY VENDORS AND AFFILIATES, WHICH MAY INCLUDE HEALTHCARE PROVIDERS (“PROVIDERS”).
SOME OF THE PERSONAL DATA WE COLLECT AND TRANSMIT MAY BE CONSIDERED “PROTECTED HEALTH INFORMATION” or “PHI” (information that relates to Your past, present, or future physical or mental health or condition(s); the provision of health care to You; or the past, present, or future payment for the provision of health care to You) AND OR MEDICAL RECORDS AS DEFINED BY STATE LAW]. THEREFORE, OUR PRIVACY PRACTICES ARE INTENDED TO COMPLY WITH THE GENERAL DATA PROCESSING REGULATION (“GDPR”) PROVISIONS REGARDING SENSITIVE PERSONAL DATA AND APPLICABLE STATE LAW RELATED TO THE USE AND DISCLOSURE OF MEDICAL RECORDS, WHERE APPLICABLE. FOR ADDITIONAL INFORMATION RELATED TO HOW WE USE AND DISCLOSE YOUR PHI PLEASE CONTACT OUR DATA SECURITY OFFICER AT SUPPORT@MEDANDBEYOND.COM
What Personal Data do we collect?
We collect demographic information, such as Your name, birth year, gender, height, weight, phone number, and email address. Primarily, the collection of Your Personal Data assists us in creating Your User Account, which You can use to securely to receive the Services.
If You make payments via our App, We may require that You provide to Us Your financial and billing information, such as billing name and address, credit card number or bank account information.
Device, Telephone, and ISP Data
We use common information-gathering tools, such as log files, cookies, web beacons, and similar technologies to automatically collect information, which may contain Personal Data, from Your computer or mobile device as you navigate our Services, or interact with emails We have sent You. The information We collect may include your Internet Protocol (IP) address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files You viewed, Your searches, Your operating system and system configuration information, and date/time stamps associated with Your usage. This information is used to analyze overall trends, to help Us provide and improve our Services and to guarantee their security and continued proper functioning.
Health and Device Data
In addition to demographic information, We will collect information regarding Your health conditions, age, gender, weight, height, medical history, symptoms, and communications between You and the Provider providing healthcare services to You via the App. We collect this information to provide You with the Services and to provide Your Provider providing healthcare services through the App with the information required to provide medical treatment.
How will We use Your Personal Data?
We process Your Personal Data based on legitimate business interests, the fulfillment of Our Services to You, compliance with Our legal obligations, and/or Your consent. We only use or disclose Your Personal Data when it is legally mandated or where it is necessary to fulfill those purposes described herein. Where required by law, we will ask for your prior consent before doing so.
Specifically, we process Your Personal Data for the following legitimate business purposes:
- To communicate with You about and manage Your User Account
- To properly store and track Your data within our system
- To respond to lawful requests from public and government authorities, and to comply with applicable state/federal law, including cooperation with judicial proceedings or court orders.
- To protect Our rights, privacy, safety or property, and/or that of You or others by providing proper notices, pursuing available legal remedies, and acting to limit Our damages
- To handle technical support and other requests from You
- To manage and improve Our operations and the App, including the development of additional functionality
- To manage payment processing
- To evaluate the quality of service You receive, identify usage trends, and thereby improve Your user experience
- To evaluate the quality of service You receive, identify usage trends, and thereby improve Your user experience
- To keep Our App safe and secure for You and for Us
- To send You information about changes to our terms, conditions, and policies
- To allow Us to pursue available remedies or limit the damages that We may sustain
- To enable you to connect with (or share Personal Data with) your Provider
We may also de-identify or anonymize your Personal Data, such that it cannot be used to identify You. Once the data is anonymized, we may use such de-identified data for any lawful purpose.
Where is your Personal Data processed?
Personal Data We through the App will be stored on secure servers in the United States and Israel. Personal Data may be transmitted to third parties, which parties may store or maintain the data on their secure servers. These third parties are not permitted to transfer your Personal Data outside of the United States or Israel.
We do not store any credit or debit card information. Payments are processed via a third-party payment provider that is fully compliant with Payment Card Industry (PCI) data security standards. Any payment transactions are encrypted using SSL technology.
Will We share your Personal Data with anyone else?
Yes, with the Provider with whom you choose to allow Us to share such Personal Data via the App
We will share information you enter into the App, as well as any reports generated by the Services based on the information you enter, with the Provider with whom you choose to allow Us to share such information. If, at any point, you want to deny access to one or more third parties, you can do so by emailing firstname.lastname@example.org
Yes, with third parties that help us power our Services
We have a limited number of service providers and other third parties (“Business Partners”) that help Us run various aspects of Our business. These Business Partners are contractually bound to protect Your Personal Data and to use it only for the limited purpose(s) for which it is shared with Us. Business Partners’ use of Personal Data may include, but is not limited to, the provision of services such as data hosting, IT services, customer service, payment processing, session recording and remote access services, performance measurement services, pharmacies or other providers of medication or medical lab testing, data optimization and marketing services, content providers, and our legal and financial advisors. Such service providers may have access to Personal Data according to their particular roles and purposes, and may only use the information for such purposes.
Yes, with third parties and the government when legal or enforcement issues arise
We may share Your Personal Data, if reasonable and necessary, to (i) comply with legal processes or enforceable governmental requests, or as otherwise required by law; (ii) cooperate with third parties in
Yes, with third parties that provide advisory services
We may share your Personal Data with third parties that provide use services, including but not limited to, Our lawyers, auditors, accountants, or banks, when We have a legitimate business interest in doing so.
Yes, with third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Med&Beyond’s corporate entity, assets, or stock (including in connection with any bankruptcy or similar proceedings)
If We share Your Personal Data with a third party other than as provided above, You will be notiﬁed at the time of data collection or transfer, and You will have the option of not permitting the transfer.
How long do We retain Personal Data?
NOTE: Once we disclose your Personal Data to third parties, we may not be able to access that Personal Data any longer and cannot force the deletion or modiﬁcation of any such information by the parties to whom we have made those disclosures. Written requests for deletion of Personal Data other than as described should be directed to email@example.com.
We, together with our marketing, analytics and technology partners, use certain monitoring and tracking technologies (such as cookies, beacons, pixels, tags and scripts) on our App, certain partner sites and social networks. These technologies are used in order to maintain, provide and improve our Services on an ongoing basis, and in order to provide You with a better experience. Such technologies enable us to maintain and keep track of Your preferences and authenticated sessions, to better secure our Services, to identify technical issues, user trends and effectiveness of campaigns, and to monitor and improve the overall performance of our Services.
In order for some of these technologies to work properly, a small data file (“cookie”) must be downloaded and stored on your device. By default, We use several persistent cookies for purposes of session and user authentication, security, keeping the user’s preferences (such as regarding default settings), monitoring performance of our services, and generally providing and improving our services.
If You would prefer not to accept cookies, most browsers will allow You to adjust your settings to notify you when you receive them, automatically reject them or disable existing ones. Depending on Your mobile device and operating system, You may not be able to block and delete all cookies.
Deleting cookies does not delete Local Storage Objects (LSOs) such as Flash Objects and HTML5 Local Storage or Session Storage. If you use Google Chrome, You can learn more about locally stored data in your browser, and how to control at: https://www.google.com/chrome/privacy/ .
Please note that deleting our cookies or disabling future cookies or tracking technologies may prevent You from accessing certain areas or features of our Services or may otherwise adversely affect Your user experience.
What is a cookie?
A cookie is a text file that is stored on your computer or mobile device by a website's server and only that server will be able to retrieve or read the contents of that cookie. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier and the site name and some digits and numbers. It allows a website to remember things like your preferences or keeps your sessions open so you don't have to login again.
There are some important concepts related to cookies that you should be aware of:
First and third-party cookies: whether a cookie is 'first' or 'third' party refers to the domain placing the cookie. First-party cookies are those set by a Web site that is being visited by the user at the time (e.g., cookies placed by a Teladoc Health Site).
Third-party cookies are cookies that are set by a domain other than that of the Web site being visited by the user. If a user visits a Web site and another entity sets a cookie through that Web site, this would be a third-party cookie.
Persistent cookies: these cookies remain on a user's device for the period of time specified in the cookie. They are activated each time that the user visits the Web site that created that particular cookie.
Session cookies: these cookies allow Web site operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.
We, together with our marketing, analytics and technology partners, use certain monitoring and tracking technologies (such as cookies, beacons, pixels, tags and scripts) on our website, certain partner sites and social networks. These technologies are used in order to maintain, provide and improve our services on an ongoing basis, and in order to provide our users with a better experience. Such technologies enable us to maintain and keep track of our users preferences and authenticated sessions, to better secure our services, to identify technical issues, user trends and effectiveness of campaigns, and to monitor and improve the overall performance of our services.
In order for some of these technologies to work properly, a small data file (“cookie”) must be downloaded and stored on your device. By default, we use several persistent cookies for purposes of session and user authentication, security, keeping the user’s preferences (such as regarding default settings), monitoring performance of our services, and generally providing and improving our services.
If you would prefer not to accept cookies, most browsers will allow you to adjust your settings to notify you when you receive them, automatically reject them or disable existing ones. Depending on your mobile device and operating system, you may not be able to block and delete all cookies.
Deleting cookies does not delete Local Storage Objects (LSOs) such as Flash Objects and HTML5 Local Storage or Session Storage. If you use Google Chrome, You can learn more about locally stored data in your browser, and how to control at: https://www.google.com/chrome/privacy/.
Please note that deleting our cookies or disabling future cookies or tracking technologies may prevent you from accessing certain areas or features of our services, or may otherwise adversely affect your user experience.
How do I manage cookies?
Most web browsers let you choose whether to accept cookies. Most also let you delete cookies already set. The choices available, and the mechanism used, will vary from browser to browser. Such browser settings are typically found in the “options”, “tools” or “preferences” menu. You may also consult the browser’s “help” menu. For example:
- Cookie settings in Internet Explorer
- Cookie settings in Firefox
- Cookie settings in Chrome
- Cookie settings in Safari
There are online tools available for clearing all cookies left behind by the websites you have visited, such as www.allaboutcookies.org. Usually, deletion of cookies will anonymize the information associated with the pixel and a website will not receive any further associated information.
Third Party Websites and Their Cookies
If you go (via our websites) to our pages on (external) third party social media websites, like facebook, twitter, youtube, or linkedin, cookies are used by those websites and your data is controlled by those websites, not M&B. Therefore M&B is not responsible for the cookies placed by such websites. Please read carefully the privacy policies of those social media websites before accessing those pages:
- Facebook: https://www.facebook.com/help/cookies
- Twitter: https://twitter.com/privacy
- Linkedin: http://www.linkedin.com/legal/cookie_policy
- Google+&Youtube: http://www.google.com/intl/en-GB/policies/technologies/cookies
- Pinterest: http://about.pinterest.com/privacy
Information about Cookies
Useful information about cookies can be found at: http://www.allaboutcookies.org
How do We protect Your Personal Data?
We are committed to protecting the security and conﬁdentiality of Your Personal Data. We use a combination of reasonable physical, technical, and administrative security controls to maintain the security and integrity of Your Personal Data, to protect against any anticipated threats or hazards to the security or integrity of such information, and to protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm or inconvenience to You. However, internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100% secure. As a result, We cannot ensure the security of information You transmit to Us. By using the Services, You are assuming this risk.
We store Your Personal Data on secure servers, and protect this data using a combination of technical, administrative, and physical security safeguards, such as authentication, encryption, backups, and access controls. If We learn of a security concern, We may attempt to notify You and provide information on protective steps to mitigate any potential harm, if available, through the email address that You have provided to Us. Depending on where You live, You may have a legal right to receive such notices in writing.
You are solely responsible for protecting information entered or generated via the App that is stored on Your device and/or removable device storage. We have no access to or control over Your device’s security settings, and it is up to You to implement any devicelevel security features and protections You feel are appropriate (e.g., password protection, encryption, remote wipe capability, etc.). We recommend that You take any and all appropriate steps to secure any device that You use to access Our Services.
NOTWITHSTANDING ANY OF THE STEPS TAKEN BY US, IT IS NOT POSSIBLE TO GUARANTEE THE SECURITY OR INTEGRITY OF DATA TRANSMITTED OVER THE INTERNET. THERE IS NO GUARANTEE THAT YOUR PERSONAL DATA WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED DESPITE THE IMPLEMENTATION OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. THEREFORE, WE DO NOT AND CANNOT ENSURE OR WARRANT THE SECURITY OR INTEGRITY OF ANY PERSONAL DATA YOU TRANSMIT TO US AND YOU TRANSMIT SUCH PERSONAL DATA AT YOUR OWN RISK.
In instances where you have authorized the Company to use and disclose your Personal Data for certain purposes, you may withdraw your consent in the future. You may withdraw your consent by sending your request in writing to: firstname.lastname@example.org or Medandbeyond at 1460 Broadway St. New York, NY 10036. Please note that your withdrawal will not be effective until We receive your request, and will not apply to uses and disclosures that We have already made in reliance on your consent.
How can You Protect Your Personal Data?
In addition to securing Your device, as discussed above, We will NEVER send You an email requesting conﬁdential information such as account numbers, usernames, passwords, or social security numbers, and You should NEVER respond to any email requesting such information. If You receive such an email that looks like it is from Us, DO NOT RESPOND to the email and DO NOT click on any links and/or open any attachments in the email, and notify Med&Beyond support at email@example.com
You are responsible for taking reasonable precautions to protect Your user ID, password, and other User Account information from disclosure to third parties, and You are not permitted to circumvent the use of required encryption technologies. You should immediately notify Us at firstname.lastname@example.org if You know of or suspect any unauthorized use or disclosure of Your user ID, password, and/or other User Account information, or any other security concern.
You have certain rights relating to your Personal Data, subject to local data protection laws. These rights may include:
- to access Your Personal Data held by Us
- to erase/delete Your Personal Data, to the extent permitted by applicable data protection laws
- to receive communications related to the processing of Your personal data that are concise, transparent, intelligible and easily accessible;
- to restrict the processing of Your Personal Data to the extent permitted by law (while we verify or investigate Your concerns with this information, for example);
- to object to the further processing of Your Personal Data, including the right to object to marketing;
- to request that Your Personal Data be transferred to a third party, if possible;
- to receive Your Personal Data in a structured, commonly used and machine-readable format
- to lodge a complaint with a supervisory authority
- to rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete
- to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making"); and
Where the processing of Your Personal Data by Med&Beyond is based on consent, You have the right to withdraw that consent without detriment at any time or to exercise any of the rights listed above by emailing Med&Beyond at email@example.com .
How can You update, correct, or delete Personal Data?
You can change your email address and other contact information by updating it in the Account section of the App. Please note that in order to comply with certain requests to limit use of Your Personal Data, We may need to terminate Your account and Your ability to access and use the Services, and You agree that We will not be liable to You for such termination or for any refunds of prepaid fees paid by You. You can cancel your membership to the Services by emailing us at firstname.lastname@example.org .
Although We will use reasonable efforts to do so, You understand that it may not be technologically possible to remove from Our systems every record of Your Personal Data. The need to back up Our systems to protect information from inadvertent loss means a copy of Your Personal Data may exist in a nonerasable form that will be diﬃcult or impossible for Us to locate or remove.
Can You “OPTOUT” of receiving communications from Us?
We pledge not to market third party services to You without Your consent. We only send emails or SMS text messages to You regarding Your account unless We have Your express consent to do so. You can choose to ﬁlter these emails using Your email client settings, but We do not provide an option for You to opt out of these emails. If you consent to Our sending you marketing or other commercial emails or SMS text messages not related to your account and services, we will provide you with the option to opt out of such marketing emails and SMS text messages within the applicable message.
Information submission by minors
The Children’s Online Privacy Protection Act (COPPA) protects the collection of identifiable information from children under the age of 13. If Your child is under the age of 13, You must give parental consent prior to allowing Your child to use the App.
The App does NOT allow children or any user to make their information publicly available. Parents/legal guardians have the right to review or ask Us to delete their child’s personal information, as well as to refuse to permit Us to further collect or use Your child’s personal information. To do any of these, please contact Us at email@example.com with Your request.
If You are a resident of California under the age of 18 and have registered for an account with Us, You may ask Us to remove content or information that You have posted to Our App.