Updated: March 25, 2023

AffirmedRx PBC (“Company”, “we”, or “us”) provides this Privacy Policy (“this Policy”) to explain how we collect, use, share, and protect the information you provide and that we collect by administering your pharmacy benefits through our member portal or otherwise through our website or mobile applications (the “Site”), and through our member support representatives.  BY USING THE SITE OR OTHERWISE GIVING US YOUR INFORMATION, YOU AGREE TO THE TERMS OF THIS PRIVACY POLICY. Please review this Policy carefully to ensure your understanding of our privacy practices. If you do not agree to this Privacy Policy, do not access the Site or give us any of your information. This Privacy Policy is incorporated by reference into our Terms and Conditions (“Terms”), which you can review at Terms and Conditions.  All capitalized but undefined terms in this Policy shall have the meaning ascribed to such terms in the Terms.

To the extent that User Information (as defined in Section 1.5 below) is patient information provided to obtain or administer pharmacy services, such information is governed by our HIPPA Privacy Practices as set forth in our Provider Notice located at Provider Notice of HIPAA Privacy Practices. If you have questions about whether this Privacy Policy or the HIPPA Privacy Practices applies to specific information, please contact us at the member services number on the back of your member benefit card.

California’s “Shine the Light” law, California Civil Code § 1798.83, requires that certain businesses respond to requests from their California customers (those with whom we have an established business relationship) concerning the businesses’ practices related to disclosure of Personally Identifiable Information to third parties for the third parties’ direct marketing purposes.  We do not provide Personally Identifiable Information to third parties for their direct marketing purposes without your express consent (opt-in).

From time to time, we may update this Privacy Policy to reflect changes to our information practices.  Any changes will be effective immediately upon the posting of the revised Privacy Policy to the Site, and by using the Services following such changes you accept the revised Privacy Policy.  If we make any changes we deem material, we will notify you either by email (sent to the e-mail address specified in your account) or by means of a notice on the Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.  The “Updated” date at the top of this page indicates when this Policy was last revised.

1. Information We Collect

1.1 INFORMATION YOU PROVIDE

(a) Personally Identifiable Information.  To use the member portal, and thus become a “Member,” you will be required to provide us with certain information as described below (“Personally Identifiable Information”). We may collect some or all of this information through various forms and in various places through your use of the Site and through our delivery of the Services, including use of our account registration forms, contact us forms, and other forms utilized by the Site.  If you become a Member, you will be required to create a user profile account with us (“Account”). The current required data fields include, but are not necessarily limited to:

• Name
• Address (Billing & Shipping)
• Email address
• Password
• Home phone number
• Mobile phone number
• Credit card number, expiration date & security code and/or information regarding your PayPal, Google Wallet or other digital payment accounts
• Contact information for users of the Services for purposes of receiving information about the Services, such as prescription benefit, disease management, and specialty pharmacy services.
• Responses to surveys we send to you or your dependents
• Information we receive from your employer or health plan sponsor

1.2 INFORMATION WE COLLECT AS YOU ACCESS THE SITE

(a) Generally. In addition to any Personally Identifiable Information or other information that you choose to submit to us, we and our third-party service providers may use a variety of technologies that automatically (or passively) collect certain information whenever you visit the Site (“Non-Personally Identifiable Information”). Non-Personally Identifiable Information may include the browser that you are using and how and when you use the Site.  We may use Non-Personally Identifiable Information for various reasons, such as providing and enhancing the services for you and other users. In addition, we may collect your IP address or other unique identifier that identifies the device from which you access the Site.  This identifier is a number that is automatically assigned to your device, which our computers use to identify you and your device. This information may be non-identifying or may be associated with you. If we associate any Non-Personally Identifiable Information or information that identifies your device with your Personally Identifiable Information, we will treat it as Personally Identifiable Information.

(b) Geo-Location Information. We may collect information as you navigate the Site, which may include geographic location.

(c) Cookies. A cookie is a data file placed on a computer or other device when it is used to access the Site.  A Flash cookie is a data file placed on a device via the Adobe Flash plug-in that may be built-in to or downloaded by you to your device. Cookies and Flash cookies may be used for many purposes, including, without limitation, remembering you and your preferences and tracking your visits to the Site.  Cookies work by assigning a number to the user that has no meaning outside of the assigning website.

If you do not want information to be collected through the use of cookies, your browser allows you to deny or accept the use of cookies. Cookies can be disabled or controlled by setting a preference within your web browser or on your device. If you choose to disable cookies or Flash cookies on your device, some features of the Site may not function properly or may not be able to customize the delivery of information to you.

You should be aware that we cannot control the use of cookies (or the resulting information) by third-parties and use of third-party cookies is not covered by our Privacy Policy.

(d) Web Beacons. Small graphic images or other web programming code called web beacons (also known as “1×1 GIFs” or “clear GIFs”) may be included in our web and mobile pages and messages. The web beacons are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored in a user’s computer hard drive, web beacons are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. Web beacons or similar technologies help us better manage content on the Site by informing us what content is effective, monitor how users navigate the Site, and manage the users’ experience on the Site.

(e) Embedded Scripts. An embedded script is programming code that is designed to collect information about your interactions with the Site, such as the links you click on. The code is temporarily downloaded onto your device from our web server or a third-party provider, is active only while you are connected to the Site, and is deactivated or deleted thereafter.

1.3 INFORMATION THIRD PARTIES PROVIDE ABOUT YOU

We may, from time to time, supplement the information we collect about you through our Site with outside records from third parties in order to provide our services to you, enhance our ability to serve you, and tailor our content to you.  For example, we may collect information from third-party providers that you visit when using the Site.

1.4 INFORMATION COLLECTED BY OUR MOBILE APP

You may access the Member Portal and use the Services by accessing our mobile applications on a mobile device. By doing so, we may collect and use technical data and related information, including but not limited to, technical information about your device, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other Services to you (if any) related to our mobile applications. In addition, if you use our mobile applications, it may automatically collect and store some or all of the following information from your mobile device, including without limitation:

• Your preferred language and country site (if applicable)
• Your phone number or other unique device identifier assigned to your mobile device, such as the Mobile Equipment ID number
• The IP address of your mobile device
• The manufacturer and model of your mobile device
• Your mobile operating system
• The type of mobile internet browsers you are using
• Your geolocation
• Information about how you interact with the mobile application and our website(s) to which the application links, such as how many times you use a specific part of the mobile application over a given time period, the amount of time you spend using the application, how often you use the application, actions you take in the application and how you engage with the application

We may use information automatically collected by the mobile applications in the following ways:

• To operate and improve Site and Services
• To create aggregated and anonymized information to determine which application features are most popular and useful to users, and for other statistical analyses
• To prevent, discover, and investigate violations of this Privacy Policy or the Terms, and to investigate fraud
• To allow us to personalize the Services and content available through the mobile application

1.5 USER INFORMATION.

Unless otherwise noted elsewhere in this Policy, Personally Identifiable Information and Non-Personally Identifiable Information shall be collectively referred to as “User Information”.

2. How We Use User Information

2.1 TO PROVIDE OUR SERVICES.

We use your User Information to respond to your requests, such as to fulfill your order, contact you with information about your order, send you email alerts, send you newsletters, and provide you with related Member services. We may also use your User Information to send communications and administrative information to you, as permitted by law and our client agreements, including through the use of push notifications in our apps. We may use User Information to personalize your experience on the Site and improve your use of the Services, including by presenting products and content tailored to you, and for our business purposes, such as data analysis, audits, fraud monitoring and prevention, improving our Services and developing new products and services, determining the effectiveness of our promotional campaigns, and operating and expanding our business activities.

2.2 PROVIDER BUSINESS PARTNERS.

We may disclose User Information to our service providers, including those who provide website hosting, data analysis, payment processing, order fulfilment, information technology, specialty and mail pharmacy services, customer service, email delivery, auditing, and other services.

2.3 IP ADDRESS.

We use your Internet Protocol (IP) address to help diagnose problems with our computer server, and to administer our Site. Your IP address is used to help identify you, but contains no Personally Identifiable Information about you.

2.4 REGULATORY OR LEGAL REQUIREMENTS.

If we are requested by law enforcement officials or judicial authorities to provide User Information, we may do so.  In matters involving claims of personal or public safety or in litigation where the information is pertinent (including to allow us to pursue available remedies or limit the damages that we may sustain), we may use or disclose User Information, including without court process. We may also use or disclose User Information to enforce the Terms of Service, to protect our operations or those of any of our affiliates, or to protect our rights, privacy, safety, or property and that of our affiliates, you, or others. We may use and disclose User Information to investigate security breaches or to cooperate with authorities.

2.5 SOCIAL MEDIA

We may use and disclose your User Information to facilitate social sharing functionality that you initiate.  If you choose to connect your social media account with your Services account or otherwise engage in social sharing on the Site, your User Information may be shared with your friends, contacts, or others associated with your social media account, with other Services users, and with your social media account provider. By connecting your Services account and your social media account, you authorize us to share information with your social media account provider, and you understand that the use of the information we share will be governed by the social media site’s privacy policy.

2.6 CHANGE OF OWNERSHIP     

In the event that some or all of Company’s business, assets, or stock are sold or transferred (including in connection with any bankruptcy or similar proceedings) or used as security, or to the extent we engage in business negotiations with third-parties, User Information may be transferred to or shared with third parties as part of any such transaction or negotiation; provided, however, that such third parties are required to execute and be bound by a confidentiality and non-disclosure agreement protecting the confidentiality of your User Information.

3. Account Cancellation

We will retain User Information for as long as an Account remains active. Even after an account is terminated, we may retain certain User Information as necessary to comply with our legal and regulatory obligations, resolve disputes, conclude any activities related to cancellation of an Account (such as addressing chargebacks), investigate or prevent fraud and other inappropriate activity, to enforce our agreements, and for other business reasons consistent with applicable law.

4. Intended Members

Our Services are not directed to nor intended for use by minors under the age of 13.  We do not intentionally collect User Information from any person we know to be under 13, and instruct users under 13 not to send any information to or through our services.  If we discover that we have collected User Information from a person under 13, we will delete that User Information immediately.  If you are a parent or guardian of a minor under the age of 13 and believe he or she has disclosed User Information to us, please contact us.

The Services are designed for users from, and are controlled and operated by Company from, the United States. By using the Services, you consent to the transfer of your information to the United States, which may have different data protection rules than those of your country.

5. How We Protect Your Information

User Information is stored within our databases using standard, industry-wide, commercially reasonable security practices and procedures such as encryption, firewalls and SSL (Secure Socket Layers), and we implement all security measures required by law. As effective as such technology and efforts may be, no security system is infallible and impervious from attack or hacking; therefore, we cannot guarantee the security of our databases, nor can we guarantee that User Information will not be intercepted while being transmitted to us over the Internet or wireless communication, or accessed when stored on our or our service providers’ servers, and any information you transmit to us is at your own risk. To help us protect your information, we strongly encourage you to not share your username or password with anyone.

If you become aware of any breach of this Privacy Policy or our security practices you should promptly notify us via email at help@affirmedrx.com. 

6. Member Settings

You can manage your communications preferences in the Member Portal from your member dashboard. You may control the receipt of push notifications from Company through your mobile device settings. If you choose to receive communications from us via e-mail or other electronic means, you acknowledge that you are electing to receive such information, which may contain your Protected Health Information as defined by HIPAA, through an unencrypted method of communication. You further acknowledge that the information contained in an unencrypted email and/or text message is at risk of being intercepted and read by, or disclosed to, unauthorized third parties. You can request the removal or modification of the personal information you have provided to us by sending an email to the appropriate area under “Contact Information”. For your protection, we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity and obtain information on the context in which you provided your personal information before implementing your request. We will try to accommodate your request as soon as reasonably practicable. There may also be residual information that will remain within our databases and other records, which will not be removed.

7. Member Responsibility

By establishing an account with us, you agree that it is your responsibility to:

• 1. Authorize, monitor, and control access to and use of your account, User ID, and password.
• 2. Promptly inform us of any need to deactivate a password or an account by calling member services at the number on your member benefit card.
• 3. Promptly inform us of any breach of this Privacy Policy by notifying us via email at help@affirmedrx.com.

8. Contact Information

If you have any questions or concerns about this Privacy Policy, please contact member services at the number on your member benefit card.