2. Information We Collect
2.1 Personal Information
Some of the Services require us to know who you are so that we can best meet your needs. When you access these Services, we may ask you to voluntarily provide us certain information that personally identifies (or could be used to personally identify) you (“Personal Information”). Personal Information includes (but is not limited to) the following categories of information: (1) contact data (such as your e-mail address and phone number); (2) demographic data (such as your gender, your date of birth and your zip code); (3) insurance data (such as your insurance carrier, insurance plan, member ID, group ID and payer ID); (4) medical data (such as the doctors, dentists or other health care providers (“Healthcare Providers”) you have visited, your reasons for visit, your dates of visit, your medical history, and other medical and health information you choose to share with us), and (5) other information that you voluntarily choose to provide to us, including without limitation SSN, unique identifiers such as passwords, and Personal Information in emails or letters that you send to us. You may still access and use some of the Services if you choose not to provide us with any Personal Information, but the features of the Services that require your Personal Information will not be accessible to you.
2.2 Traffic Data
We also may automatically collect certain data when you use the Services, such as (1) IP address; (2) domain server; (3) type of device(s) used to access the Services; (4) web browser(s) used to access the Services; (5) referring webpage or other source through which you accessed the Services; (6) geolocation information; and (7) other statistics and information associated with the interaction between your browser or device and the Services (collectively “Traffic Data”). Depending on applicable law, some Traffic Data may be Personal Information.
We may also collect additional information, which may be Personal Information, as otherwise described to you at the point of collection or pursuant to your consent.
2.3 HIPAA and PHI
3. How We Collect Information
We collect information, including Personal Information and Traffic Data, when you use and interact with the Services, such as:
- When you use the Services’ interactive tools and services, such as searching for Healthcare Providers, searching for available appointments with Healthcare Providers and completing medical history forms ("Medical History Forms") prior to Healthcare Provider appointments;
- We also collect information you provide voluntarily in free-form text boxes on the Site and through responses to surveys, questionnaires and the like.
- If you download and install certain applications and software we make available, we may receive and collect information transmitted from your computing device for the purpose of providing you the relevant Services, such as information that lets MEDBOXTM know when you are logged on and available to receive update or alert notices;
- If you download our mobile application, we may receive information about your location and mobile device;
- Through cookies, web beacons, website analytics services and other tracking technology (collectively, “Tracking Tools”), as described below; and
- When you use the “Contact Us” function on the Site, send us an email or otherwise contact us.
We also may collect information about you from third party sources.
4. Tracking Tools and “Do Not Track”
4.1. Tracking Tools.
The Tracking Tools that we may use and how we may use them include:
Web Beacons: “Web Beacons” (a.k.a. clear GIFs or pixel tags) are tiny graphic image files imbedded in a web page or email that may be used to collect anonymous information about your use of our Services, the websites of selected advertisers and the emails, special promotions or newsletters that we send you. The information collected by Web Beacons allows us to monitor how many people are using the Services, using the selected advertisers' websites or opening our emails, and for what purpose, and also allows us to enhance our interest-based advertising.
Website Analytics: We may use third-party website analytics services in connection with the Services, including, for example, to record mouse clicks, mouse movements, scrolling activity and text that you type into the Site. These website analytics services generally do not collect Personal Information unless you voluntarily provide it and generally do not track your browsing habits across websites which do not use their services. We use the information collected from these services to help make the Services easier to use and as otherwise set forth in Section 6 (Use of Information).
Mobile Device Identifiers: Mobile device identifiers are data stored on your mobile device that can be used to track your mobile device and data and activities occurring on and through it, as well as the applications installed on it. Mobile device identifiers enable collection of Personal Information (such as media access control, address and location) and Traffic Data. As with other Tracking Tools, mobile device identifiers help MEDBOXTM learn more about our users’ demographics and internet behaviors.
4.2. How MEDBOXTM Responds to Browser “Do Not Track” Signals.
Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a “Do Not Track” (DNT) or similar feature that signals to websites that a visitor does not want to have his/her online activity and behavior tracked. If a website operator elects to respond to a particular DNT signal, the website operator may refrain from collecting certain Personal Information about the browser’s user. Not all browsers offer a DNT option and there is currently no industry consensus as to what constitutes a DNT signal. For these reasons, many website operators, including MEDBOXTM, do not take action to respond to DNT signals.
5. Information Provided by or on Behalf of Children
The Services are not intended for use by children and children are prohibited from using the Services. MEDBOXTM does not knowingly collect any information from children, nor are the Services directed to children.
By accessing, using and/or submitting information to or through the Services, you represent that you are not younger than age 13. If we learn that we have received any information directly from a child under age 13 without his/her parent’s written consent, we will use that information only to respond directly to that child (or his/her parent or legal guardian) to inform the child that he/she cannot use the Services and subsequently we will delete that information.
If you are between age thirteen (13) and the age of majority in your place of residence, you may use the Services only with the consent of or under the supervision of your parent or legal guardian. If you are a parent or legal guardian of a minor child, you may, in compliance with the Agreement, use the Services on behalf of such minor child. Any information that you provide us while using the Services on behalf of your minor child will be treated as Personal Information as otherwise provided herein.
6. Use of Information
We use your information, including Personal Information, to provide the Services to you and to help improve them, including to:
- provide you with the products, services and information you request and respond to correspondence that we receive from you;
- provide, maintain, administer or expand the Services, perform business analyses, or for other internal purposes to support, improve or enhance our business, the Services, and other products and services we offer;
- notify you about certain resources or Healthcare Providers we think you may be interested in learning more;
- send you information about MEDBOXTM or our products or Services;
- contact you when necessary or requested, including to remind you of an upcoming appointment;
- customize and tailor your experience of the Services;
- send emails and other communications that display content that we think will interest you and according to your preferences;
- use statistical information that we collect in any way permitted by law, including from third parties in connection with their commercial and marketing efforts; and
- prevent, detect and investigate security breaches and potentially illegal or prohibited activities.
We may use information that is neither Personal Information nor PHI (including non-PHI Personal Information that has been de-identified and/or aggregated) for any reason at our sole discretion.
7. Disclosure of Information
We may disclose certain information that we collect from you:
- We may share your Personal Information with Healthcare Providers with which you choose to schedule through the Services. For example, if you elect to complete a Medical History Form using the Services in advance of an appointment, we may share your Medical History Form with your Healthcare Providers. You also may choose to store but not share with MEDBOXTM your Medical History Form.
- We may share your Personal Information with your Healthcare Providers to enable them to refer you to and make appointments with other Healthcare Providers on your behalf or to perform analyses on potential health issues or treatments, provided that you choose to use the applicable Services.
- We may share your Personal Information with Healthcare Providers in the event of an emergency.
- We may also share your Personal Information with organizations that collect, aggregate and organize your information so they can make it more easily accessible to your Healthcare Providers.
- We may share your email address with our business partners to enable them to help MEDBOXTM customize our advertising, e.g., to enable us to contact you on non-MEDBOX websites. We do not sell email addresses to third parties.
- We may share your Personal Information and Traffic Data with our business partners who perform core services (such as hosting, billing, fulfilment, data storage or security) related to our operation of the Services and/or by making certain features available to our users.
- We may share with the insurance provider you identify to us (via our business partners) your insurance-related Personal Information for the purposes of determining eligibility and cost-sharing obligations, and otherwise obtaining benefit plan information.
- We may share your Personal Information and Traffic Data with our business partners who perform the Website.
- We may transfer information about you, including your Personal Information, to another company in connection with a merger, sale, acquisition or other change of ownership or control by or of MEDBOXTM (whether in whole or in part). When one of these events occurs, we will use reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.
We also may need to disclose your Personal Information or any other information we collect about you if we determine in good faith that such disclosure is needed to: (1) comply with applicable law, regulation, court order or other legal process; (2) protect the rights, property or safety of MEDBOXTM or another party; (3) enforce the Agreement or other agreements with you; or (4) respond to claims that any posting or other content violates third-party rights.
We may disclose information that is neither Personal Information nor PHI (including non-PHI Personal Information that has been de-identified and/or aggregated) for any reason at our sole discretion.
We store and process your information on our servers in the United States and in other countries. We may store all information indefinitely.
8. Public Information
Any information that you may reveal in a review posting or online discussion or forum is intentionally open to the public and is not in any way private. We recommend that you carefully consider whether to disclose any Personal Information in any public posting or forum. What you have written may be seen and/or collected by third parties and may be used by others in ways we are unable to control or predict.
9. Storage and Security of Information
The security of your Personal Information is important to us. We endeavor to follow generally accepted industry standards to protect the Personal Information submitted to us, both during transmission and in storage. For example, when you enter sensitive information on our Site, we encrypt that information using secure socket layer technology.
10. Controlling Your Personal Information
If you are a registered user of the Services, you can modify some of the Personal Information you have included in your profile. If you wish to close your account, please email us at firstname.lastname@example.org. MEDBOXTM will delete your account and the information in your account as soon as reasonably possible. Please note, however, that MEDBOXTM reserves the right to retain information from closed accounts, including to comply with law, prevent fraud, resolve disputes, enforce the Agreement and take other actions permitted by law.
You must promptly notify us if any of your account data is lost, stolen or used without permission.
11. Links to Other Websites