Last updated Aug 14, 2024
MedManage Privacy Policy
Medidex, Inc. (“Medidex” or “we” or “us” or “our”) is committed to protecting your (“you” or “your” or “user(s)”) privacy and ensuring the security of your personal information. This privacy policy (the “Privacy Policy”) applies to the MedManage platform consisting of the MedManage mobile application (the “App”), MedManage website located at https://mymedicationlog.com (the “Website”), and MedManage web portal located at https://medidex.io (the “Web Portal”), owned and operated by Medidex (collectively, the “Platform” or “MedManage”), and any related services associated with it (the “Services”). We have created this Privacy Policy to outline our practices regarding the collection, use, and sharing of your information when you use our MedManage platform and related services. This Privacy Policy does not address the privacy practices of any third parties that we do not own, control, or are affiliated with. Capitalized terms not defined in this Privacy Policy will have the meaning set forth in our Terms of Use. By visiting and/or using our Platform, you are agreeing to the terms of this Privacy Policy and the accompanying Terms of Use. We encourage you to read the Privacy Policy, and to use the information it contains to help you make informed decisions.
By accessing or using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.
Our goal is to provide a clear understanding of how we handle your personal information and to offer transparency in our data practices. We take your privacy seriously and are committed to safeguarding your information through compliance with applicable data protection laws and industry best practices.
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@themedidex.com. Your trust is important to us, and we are here to address any issues you may have regarding the privacy and security of your information.
IF YOU DO NOT AGREE WITH THESE PRACTICES, PLEASE DO NOT USE THE SERVICES OR THE APP OR WEBSITE OR PROVIDE US WITH ANY OF YOUR PERSONAL INFORMATION.
- INFORMATION WE COLLECT
- Personal Information: When you create an account, use our Services, or communicate with us, we may collect personal information that you provide directly to us, including but not limited to:
-
-
- Name
- Email address
- Contact information
- Profile information (e.g., age, gender, medical history, emergency contacts)
-
-
- Medication Information: To help you manage your medications, we collect details about your medications and dosages, including:
-
-
- Medication names
- Dosage schedules
- Prescription information
- Logs of medication intake
-
-
- Additional Profiles: If you create profiles for family members or connect with caregivers or healthcare providers, we may collect additional information related to those profiles, including:
-
-
- Names
- Medication details
- Profile Information (e.g., age, gender, medical history, demographics), if provided
-
-
- Usage Data: We collect information about how you use our Services, including:
-
-
- Log data (e.g., IP address, access times, pages viewed)
- Device information (e.g., device type, operating system)
- Usage patterns (e.g., features used, actions taken)
-
-
- Location Data: With your permission, we may collect and process information about your location to provide location-based services, such as finding nearby medication dropbox locations.
- Communications: We may collect information from your communications with us, including:
- Location Data: With your permission, we may collect and process information about your location to provide location-based services, such as finding nearby medication dropbox locations.
-
-
- Customer support inquiries
- Feedback and suggestions
- Correspondence via email or through our Services
- Web Analytics: To enhance our Services, we use web analytics tools that collect information automatically, including:
- Web server logs
- Cookies
- Tracking pixels
- Tags
- Third-Party Information: We may receive information about you from third parties, including:
- Data from marketing partners, data providers, social media networks, payment processors, Medidex affiliates, and other users to improve our services and provide you a customizable experience (i.e. using Google sign-in to login).
- Healthcare providers or caregivers (if they input data on your behalf)
- Protected Health Information (PHI): If you share and connect your information directly with a healthcare provider through the Platform, your data may be considered electronic Protected Health Information (ePHI) and will be subject to additional privacy and security controls. Examples of ePHI include:
- Contact and personal information
- Medical history
- Medication records
- Other providers involved in your care
-
- LAWFUL BASIS FOR WHICH WE USE YOUR INFORMATION
We collect and use your personal information based on the following lawful bases:
- Contractual Necessity: We process your personal information to fulfill our contractual obligations to you. This includes providing and managing your access to our Services, responding to your inquiries, and ensuring that our Services function correctly.
- Consent: We rely on your consent to process your personal information in certain circumstances, such as when you provide your explicit consent to collect and use your data for specific purposes. You can withdraw your consent at any time by contacting us at privacy@themedidex.com, but this may affect your ability to use some parts of our Services.
- Legal Obligations: We process your personal information to comply with legal and regulatory requirements. This includes maintaining records, responding to lawful requests from public authorities, and ensuring compliance with applicable laws and regulations.
- Legitimate Interests: We process your personal information based on our legitimate interests, provided that such interests are not overridden by your rights and interests. These legitimate interests include improving and personalizing our services, enhancing the security and functionality of our website, analyzing usage patterns to improve user experience, and communicating with you about updates, features, and other relevant information related to our services.
- Protection of Rights: We may use your information to protect our rights, privacy, safety, or property, and that of our users and the public.
- Public Interests: Where required, we may process your personal information for tasks carried out in the public interest, such as conducting public health research or ensuring public safety.
- HOW WE USE YOUR INFORMATION
The information collected from you is used for the following purposes:
- Providing Services: We use your personal information to deliver the Services you request, including creating and managing your account, providing medication management features, and facilitating communication with caregivers or healthcare providers.
- Personalization: We use your information to personalize your experience with our Services. This includes tailoring the content and features you see, providing customized recommendations, and improving our Services to better meet your needs.
- Communication: We use your contact information to communicate with you about your account, provide customer support, send important updates and notifications, and respond to your inquiries and requests. This includes transactional communications such as password reset emails and notifications about changes to our Services.
- Improvement and Development: We analyze usage data and feedback to understand how our Services are used and to identify areas for improvement. This helps us develop new features, enhance existing functionality, and improve the overall user experience.
- Security and Fraud Prevention: We use your information to ensure the security and integrity of our Services. This includes monitoring for suspicious activity, preventing fraud, and protecting against unauthorized access, hacking, or other security breaches.
- Compliance: We use your information to comply with legal and regulatory requirements. This includes maintaining records, conducting audits, and responding to lawful requests from public authorities.
- Research and Analytics: We use aggregated and anonymized data for research and analytics purposes. This helps us understand trends, measure the effectiveness of our Services, and make data-driven decisions to enhance our offerings.
- Marketing and Promotions: With your consent, we may use your information to send you promotional materials, newsletters, and other marketing communications about our Services and special offers. You can opt-out of receiving these communications at any time by following the unsubscribe instructions included in the emails or by contacting us at privacy@themedidex.com.
- Location-Based Services: With your permission, we use location data to provide location-based services, such as identifying nearby medication dropbox locations.
- Health and Safety: We may use your information to provide important health and safety notifications or in emergency situations where your health or safety is at risk.
- DATA RETENTION AND DELETING YOUR INFORMATION
- Data Retention: We retain your personal information for as long as your account is active or as needed to provide you with our Services. We keep your information for the time necessary for the purposes for which it is processed. The length of time we retain information depends on the purposes for which it collected and used, as well as your choices, after which time we may delete and/or aggregate it. We may also retain and use this information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
- Deleting Personal Information: You have the right to request the deletion of your personal information at any time. To do so, please contact our privacy team at privacy@themedidex.com using the email registered to the account you wish to delete. Upon receiving your request, we will take appropriate steps to delete your information from our active databases. Please note that certain information may be retained in our backup systems for a limited period due to technical and legal requirements.
- User Verification: Prior to processing deletion requests, we may need to verify the identity of the user to ensure the security of personal information, if you no longer have access to the email address associated with the account.
- Exceptions: Certain information may be exempt from deletion if retention is necessary for legal compliance, dispute resolution, or other legitimate business purposes.
- Effect on Services: Deleting certain information may impact the user’s ability to access and use specific services or features provided by Medidex.
- Backup Copies: Information may continue to exist in backup copies for a limited period after deletion. These copies are retained for system restoration purposes and are not actively used.
- Data Retention: We retain your personal information for as long as your account is active or as needed to provide you with our Services. We keep your information for the time necessary for the purposes for which it is processed. The length of time we retain information depends on the purposes for which it collected and used, as well as your choices, after which time we may delete and/or aggregate it. We may also retain and use this information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
- Information Sharing
- Our Employees: Information collected may be accessed by Medidex employees based on their job responsibilities, such as customer support or system administrators. Access is restricted to those with a legitimate need for the information, and confidentiality obligations are in place.
- With Your Consent: We may share your personal information and Protected Health Information (PHI) with third parties when we have your explicit consent to do so or are entitled or required by law.
- Service Providers: We share your information with third-party service providers who perform services on our behalf. These service providers are contractually obligated to protect your information and only use it as necessary to perform their services. These include:
- Our Employees: Information collected may be accessed by Medidex employees based on their job responsibilities, such as customer support or system administrators. Access is restricted to those with a legitimate need for the information, and confidentiality obligations are in place.
-
-
- Hosting Providers: To host our application servers and store your data (e.g., Vultr).
- Email Services: To send transactional emails like password resets (e.g., SendGrid).
- Payment Processors: To process payments if you upgrade to a paid service (e.g., Stripe).
-
-
- Healthcare Providers and Caregivers: With your consent, we may share your personal information and PHI with your designated healthcare providers and caregivers to assist in managing your medication. This allows them to set up your data, make edits, and track your medication intake. Alternatively, healthcare providers or caregivers may enter personal information on your behalf if they create a profile for you.
- Legal and Regulatory Compliance: We may disclose your information as required by law or to comply with legal processes, such as:
- Healthcare Providers and Caregivers: With your consent, we may share your personal information and PHI with your designated healthcare providers and caregivers to assist in managing your medication. This allows them to set up your data, make edits, and track your medication intake. Alternatively, healthcare providers or caregivers may enter personal information on your behalf if they create a profile for you.
-
-
- Law Enforcement: Responding to lawful requests from law enforcement agencies.
- Regulatory Authorities: Complying with regulations and legal processes to ensure our operations are lawful.
-
-
- Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control of your personal information.
- Protection of Rights: We may disclose your information to:
- Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control of your personal information.
-
-
- Enforce our Terms of Service and other agreements.
- Protect our rights, property, and safety, as well as the rights, property, and safety of our users and others.
-
-
- Aggregated and Anonymized Data: We may share aggregated and anonymized data that cannot be used to identify you with third parties for research, analysis, and other purposes. This data helps us improve our Services and develop new features.
- Third-Party Integrations: If you use third-party services or applications in connection with our Services, such as social media login or integration, those third parties may have access to certain information about you. Their use of your information will be governed by their privacy policies. Such integrations may be limited or include additional controls if your account contains ePHI.
- Aggregated and Anonymized Data: We may share aggregated and anonymized data that cannot be used to identify you with third parties for research, analysis, and other purposes. This data helps us improve our Services and develop new features.
- STORAGE AND SECURITY OF YOUR INFORMATION
Ensuring the confidentiality and integrity of user information is a top priority at Medidex Inc. Here’s how we handle the storage and security of the information we collect:
- Data Storage: Your personal information and Protected Health Information (PHI) are stored on servers operated by our third-party hosting provider, Vultr, located in New Jersey, USA. We ensure that our service providers adhere to industry-standard security measures to protect your data.
- Access Controls: Access to user information is restricted within Medidex Inc. Only employees with a legitimate need, such as customer support or system administrators, have access based on their job responsibilities.
- Employee Confidentiality: Medidex Inc. employees are bound by confidentiality obligations and are trained on the secure handling of user information. This includes understanding the importance of maintaining the privacy and security of the data they may access.
- Regular Security Audits: Medidex Inc. conducts regular security audits and assessments to identify and address potential vulnerabilities. This proactive approach helps maintain a robust security posture.
- Incident Response Plan: In the event of a data security incident, Medidex Inc. has an incident response plan in place to promptly assess, contain, and mitigate the impact of the incident. Users will be notified as required by applicable data protection laws.
- Data Retention Policies: User information is retained only for as long as necessary to fulfill the purposes outlined in the Privacy Policy or as required by applicable laws and regulations. Once the retention period expires, data is securely deleted or anonymized.
- Your Responsibilities: Choose a strong password for your account and do not share it with others. Change your password regularly and notify us immediately if you suspect any unauthorized access to your account. Please make sure that the devices you use to access our Services are secure and protected from malware or viruses. Use antivirus software and keep your operating system and applications up to date. Additional security features such are available for you to configure to add additional security to your account, such as setting or updating an automatic idle logout timer.
- Security: We employ reasonable security practices to ensure that the information is safe and secure with us. However, no information on the internet is 100% safe, and you accept and acknowledge such risk. Also, we will disclose the information so collected for limited purposes as mentioned in this Privacy Policy.
- LINKS TO OTHER SITES
The Website may contain links to third-party websites or services that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We strongly advise you to review the privacy policy of every site you visit. Your use of any linked third-party websites or services is at your own risk, and we are not liable for any issues arising from such use.
- HIPAA COMPLIANCE
If your information is used on MedManage as part of services offered by a healthcare provider that is a Covered Entity such as a doctor’s office or nursing home and is directly shared with the Covered Entity, your information is considered PHI and subject to additional controls and requirements to comply with HIPAA regulations. At Medidex Inc., we are committed to protecting your health information and ensuring compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This section explains how we handle Protected Health Information (PHI) in accordance with HIPAA regulations.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
What is HIPAA?
HIPAA is a federal law designed to protect the privacy and security of health information and to provide individuals with certain rights to their health information. The key components of HIPAA include:
- Privacy Rule: Establishes standards for the protection of PHI and individuals’ rights to access and control their health information.
- Security Rule: Requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic PHI (ePHI).
- Breach Notification Rule: Requires covered entities to notify affected individuals, the Secretary of Health and Human Services (HHS), and, in some cases, the media of breaches of unsecured PHI.
Protected Health Information (PHI)
PHI includes any information that relates to an individual’s past, present, or future physical or mental health, healthcare services provided to the individual, or payment for healthcare services, and that can be used to identify the individual. Examples of PHI we may collect and process include:
- Contact and personal information (e.g., name, address, phone number)
- Medical history and health conditions
- Medication names and dosage schedules
- Logs of medication intake
- Information entered by healthcare providers or caregivers
How We Protect Your PHI
Administrative Safeguards:
- Policies and Procedures: We have implemented comprehensive policies and procedures to ensure the protection of PHI, including procedures for managing and reporting security incidents and breaches.
- Training: All employees undergo regular training on HIPAA compliance and the proper handling of PHI.
- Access Controls: We limit access to PHI to authorized personnel who need it to perform their job duties.
Physical Safeguards:
- Facility Security: Our servers storing PHI are housed in facilities that are secured with physical controls, such as locked doors and access badges, to prevent unauthorized access to areas where PHI is stored.
- Workstation Security: Workstations and devices used to access PHI are secured with password protection and automatic screen lock mechanisms.
Technical Safeguards:
- Encryption: We use encryption technologies to protect PHI during transmission (e.g., SSL/TLS for data in transit) and while stored on our servers (e.g., AES encryption for data at rest).
- Authentication: Access to databases containing PHI requires multi-factor authentication to verify the identity of users.
- Audit Controls: We maintain audit logs of access to PHI and regularly review these logs to detect and respond to any unauthorized access or activities.
Breach Notification:
In the event of a breach of unsecured PHI, we will promptly notify affected individuals, the HHS, and, if required, the media, in accordance with the Breach Notification Rule. Our notification will include:
- A brief description of the breach, including the date of the breach and the date of discovery.
- A description of the types of PHI involved in the breach.
- Steps affected individuals can take to protect themselves from potential harm.
- A brief description of our actions to investigate the breach, mitigate harm, and prevent future breaches.
- Contact information for individuals to ask questions or obtain additional information.
Individual Rights Under HIPAA:
HIPAA provides individuals with several rights regarding their PHI, including:
- Right to Access: You have the right to access and obtain a copy of your PHI. You can request access by contacting us at privacy@themedidex.com.
- Right to Amend: If you believe that your PHI is incorrect or incomplete, you have the right to request an amendment. We will review your request and, if appropriate, make the necessary amendments.
- Right to an Accounting of Disclosures: You have the right to request an accounting of certain disclosures of your PHI made by us. This accounting does not include disclosures made for treatment, payment, or healthcare operations.
- Right to Request Restrictions: You have the right to request restrictions on how we use or disclose your PHI. While we are not required to agree to all requested restrictions, we will consider your request and respond accordingly.
- Right to Request Confidential Communications: You have the right to request that we communicate with you about your PHI in a specific manner or at a specific location. We will accommodate reasonable requests.
How to Contact Us:
If you have any questions, concerns, or requests regarding your PHI or our HIPAA compliance, please contact us at:
Medidex Inc.
Attn: Privacy Officer
800 N King Street Suite 304
1440 Wilmington, DE 19801
Email: privacy@themedidex.com
If you have any further questions or need assistance, please do not hesitate to reach out to us.
- RIGHTS OF USERS FROM CALIFORNIA
This privacy notice section for California residents supplements the information contained in our Privacy Policy and it applies solely to all visitors, users, and others who reside in the State of California.
“Shine the Light” and “Eraser” Laws: Residents of the State of California may request a list of all third parties to which we have disclosed certain information during the preceding year for those third parties’ direct marketing purposes.
California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA): The CCPA, as amended by the CPRA, provides California residents and/or their authorized agents with specific rights regarding the collection and processing of their personal information.
In compliance with the California Consumer Privacy Act (CCPA), we are required to disclose the categories of personal information we collect from users. The following outlines the categories of information we collect, along with examples and purposes for which the information is used.
Identifiers:
- Name
- Email address
- Contact information
- User ID
Personal Information Categories Listed in the California Customer Records Statute:
- Name
- Contact information
- Medical history (if provided)
- Medication information
Protected Classification Characteristics Under California or Federal Law:
- Age (if provided)
- Gender (if provided)
- Medical conditions (if provided)
Commercial Information:
- Records of products or services purchased, obtained, or considered
- Payment information (if upgrading to a paid service)
Biometric Information:
- Not collected
Internet or Other Similar Network Activity:
- Interaction with our website and mobile app
- Usage data (e.g., access times, pages viewed)
Geolocation Data:
- Location information (with your permission)
Sensory Data:
- Not collected
Professional or Employment-Related Information:
- As part of profile information (if provided)
- Organization or facility for healthcare providers
Non-Public Education Information:
- Not collected
Inferences Drawn from Other Personal Information:
- Preferences and behaviors inferred from usage of our Services
Health Information:
- Medication names and dosage schedules
- Logs of medication intake
- Medical history, vital signs, intake assessments (if provided)
Electronic Network Activity:
- Device information (e.g., device type, operating system)
- IP address
Your Right to Know: California residents have the right to request that we disclose the following information to you about our collection and use of your personal information over the past twelve (12) months. We may ask you to provide certain information to identify yourself so that we may compare it with our records in order to verify your request. Upon verification, we will disclose to you:
- The categories of personal information we have collected about you.
- The categories of sources for the personal information we have collected about you.
- The specific pieces of personal information we have collected about you.
- Our business or commercial purpose for collecting or “selling” your personal information as defined by the CCPA.
- The categories of third parties to whom we have sold or shared your personal information, if any, and the categories of personal information that we have shared with each third-party recipient.
Your Right to Opt-Out of “Sale” or “Sharing” of Personal Information: California residents have the right to opt-out of the “sale” or “sharing” of their personal information as defined by the CCPA by contacting us at privacy@themedidex.com.
Please note that we do not knowingly “sell” the personal information of any individuals.
If and where we are “sharing” your personal information with third parties for the purposes of cross-context behavioral advertising or profiling, you may opt-out of such sharing at any time by submitting a request at privacy@themedidex.com.
Your Right to Limit Use of Sensitive Personal Information: California residents may have the right to request that businesses limit the use of any sensitive personal information to those uses which are necessary to perform the Services or for other specifically-enumerated business purposes under the CCPA, as amended by the CPRA. Please note that we do not use sensitive personal information other than as necessary to perform the Services or as specifically permitted under the CCPA.
Your Right to Delete: California residents have the right to request that we delete any of the personal information collected from you and retained by us, subject to certain exceptions. We may ask you to provide certain information to identify yourself so that we may compare it with our records in order to verify your request. Once your request is verified and we have determined that we are required to delete the requested personal information in accordance with the CCPA, we will delete, and direct our service providers to delete your personal information from their records. Your request to delete personal information that we have collected may be denied if we conclude it is necessary for us to retain such personal information under one or more of the exceptions listed in the CCPA.
Your Right to Correct: Under the CCPA, as amended by the CPRA, California residents have the right to request that we correct any inaccurate personal information we maintain about you, taking into account the nature of the personal information and the purposes for which we are processing such personal information. We will use commercially reasonable efforts to correct such inaccurate personal information about you.
Non-Discrimination: You will not receive any discriminatory treatment by us for the exercise of your privacy rights conferred by the CCPA.
To exercise any of your rights, please contact us at privacy@themedidex.com
- NOTICE FOR USERS FROM NEVADA
Under Nevada law, certain Nevada residents may opt out of the sale of “personally identifiable information” for monetary consideration to a person for that person to license or sell such information to additional persons.
“Personally identifiable information” includes first and last name, address, email address, phone number, social security number, or an identifier that allows a specific person to be contacted either physically or online.
Please note, we do not sell your personal information to anyone.
- RIGHTS OF USERS FROM VIRGINIA
If you are a customer located in Virginia, you have specific rights regarding your personal information under the Virginia Consumer Data Protection Act (VCDPA). These rights include:
- Right to Access: You have the right to request access to the personal information we hold about you. This allows you to receive a copy of the data we have collected and verify that we are processing it lawfully.
- Right to Correct: You have the right to request correction of any inaccurate or incomplete personal information we hold about you to ensure that it is accurate and up-to-date.
- Right to Delete: You have the right to request the deletion of your personal information where there is no longer a legitimate reason for us to continue processing it.
- Right to Data Portability: You have the right to request the transfer of your personal information to you or to a third party in a structured, commonly used, and machine-readable format. This allows you to reuse your data across different services.
- Right to Opt-Out of Data Processing: You have the right to opt-out of the processing of your personal information for purposes of:
- Targeted Advertising: Opt-out of your personal data being used for targeted advertising.
- Sale of Personal Data: Opt-out of the sale of your personal data.
- Profiling: Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
- Right to Non-Discrimination: You have the right not to be discriminated against for exercising your rights under the VCDPA. This means we will not deny you goods or services, charge you different prices, or provide a different level of service because you exercised any of your rights.
- Right to Appeal: If we refuse to take action on your request, you have the right to appeal our decision. We will inform you of the reasons for our refusal and provide you with information on how you can appeal the decision.
Important Note: These rights will only be exercisable if and when our business falls within the threshold that makes the Virginia Consumer Data Protection Act (VCDPA) applicable to us.
To exercise any of these rights, please contact us at privacy@themedidex.com. We will respond to your request in accordance with applicable data protection laws and take steps to confirm your identity before fulfilling your request to protect your privacy and security.
- RIGHTS OF USERS FROM FLORIDA
We are committed to protecting your privacy and ensuring the security of your personal information. As part of our compliance with the Florida Information Protection Act (FIPA), this section outlines the rights you have under this data protection law – if and when such act applies to our company. FIPA grants you certain rights concerning the collection, use, and disclosure of your personal information by businesses operating in Florida. We recognize the importance of these rights and aim to provide you with transparency and control over your personal data. Please take a moment to familiarize yourself with the rights described below, which empower you to make informed decisions about your privacy.
- Right to Be Informed: You have the right to be informed about how your personal information is collected, used, stored, and shared by businesses under the Florida Information Protection Act (FIPA). This includes receiving clear and concise privacy notices that disclose the types of personal information collected, the purposes for which it is used, and any third parties with whom it may be shared.
- Right to Access: You have the right to request access to your personal information held by businesses subject to FIPA. Upon submitting a valid request, businesses must provide you with a copy of your personal information in a commonly used and machine-readable format. This allows you to review the accuracy and completeness of your personal information and understand how it is being processed.
- Right to Rectification: If your personal information held by a business is inaccurate or incomplete, you have the right to request its rectification. Upon receiving a valid request, businesses must promptly update or correct your personal information, ensuring that it is accurate and up to date.
- Right to Deletion: You have the right to request the deletion of your personal information held by businesses subject to FIPA. Upon submitting a valid deletion request, businesses must delete your personal information, unless retention of the data is required by law or for legitimate business purposes.
- Right to Restrict Processing: FIPA grants you the right to request the restriction of processing of your personal information by businesses. This means that businesses must limit the ways in which they use or process your personal information upon receiving a valid request, while still retaining the data. Restrictions may include temporarily suspending processing activities or limiting the purposes for which the personal information is used.
- Right to Data Portability: You have the right to request the portability of your personal information held by businesses subject to FIPA. This means that upon submitting a valid request, businesses must provide you with your personal information in a structured, commonly used, and machine-readable format, allowing you to transmit it to another entity if desired.
- Right to Opt-Out of Sale: Under FIPA, you have the right to opt-out of the sale of your personal information to third parties. Businesses are required to provide a clear and conspicuous opt-out mechanism for you to exercise this right. Once your opt-out request is received, businesses must refrain from selling your personal information, unless an exception applies under the law.
- Right to Non-Discrimination: FIPA prohibits businesses from discriminating against you based on your exercise of your rights under the Act. Businesses cannot deny goods, services, discounts, or any other benefits based on your exercise of your privacy rights, except, where permitted by law.
However, it is pertinent to note that the above rights also come with certain exceptions. For any questions, clarifications, or to exercise any of the rights described above, please contact us at privacy@themedidex.com. We will promptly review and respond to your requests in accordance with the requirements of FIPA if you are entitled to such a right.
- RIGHTS OF USERS FROM ILLINOIS
If you are a resident of Illinois, you have certain rights under the Illinois Personal Information Protection Act (PIPA) regarding the collection, use, and disclosure of your personal information by our company. We are committed to upholding these rights, and this section outlines the specific rights granted to you under PIPA:
- Right to Know: You have the right to know what categories of personal information we collect about you and the purposes for which we use it. We are committed to providing transparency regarding the collection and use of your personal information. You can find detailed information about the types of personal information we collect and the purposes for which it is used in this Privacy Policy.
- Right to Access: You have the right to request access to the personal information we hold about you. If you wish to exercise this right, please contact us through the methods provided in the “Contact Information” section of this Privacy Policy. We will respond to your request within a reasonable timeframe, as required by law.
- Right to Correct: If you believe that any personal information we hold about you is inaccurate or incomplete, you have the right to request corrections. Please contact us with your request, and we will promptly review and update your personal information as needed.
- Right to Delete: Under certain circumstances, you may have the right to request the deletion of your personal information. We will comply with such requests to the extent required by applicable law. However, please note that we may retain certain information for legitimate business purposes or as required by law.
- Right to Opt-Out: You have the right to opt-out of the sale of your personal information to third parties, as permitted by PIPA. We do not sell personal information to third parties.
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights under PIPA. This includes denying you goods or services, charging you different prices, or providing you with a lower quality of service.
- Contact Information: If you have any questions, concerns, or wish to exercise your rights under PIPA, please contact us at privacy@themedidex.com. Please include “PIPA Rights Request” in the subject line of your email.
- RIGHTS OF USERS FROM OTHER STATES
Your data controller with respect to the personal information collected on the website and our App is:
Company Name: Medidex Inc.
Registered Office: 800 N King Street Suite 304 1440, Wilmington DE, 19801
Depending upon the laws of your specific state, you may be eligible for some or all the following rights in respect of your personal information:
- Right to obtain information: You may have a right to obtain information about how and on what basis your personal information is processed and to obtain a copy.
- Right to rectification: You may have the right to have any incomplete or inaccurate information we hold about you rectified and corrected.
- Right of Erasure: You may have the right to erase your personal information in limited circumstances where (a) you believe that it is no longer necessary for us to hold your personal information; (b) we are processing your personal information on the basis of legitimate interests and you object to such processing, and we cannot demonstrate an overriding legitimate ground for the processing; (c) where you have provided your personal information to us with your consent and you wish to withdraw your consent and there is no other ground under which we can process your personal information; and (d) where you believe the personal information we hold about you is being unlawfully processed by us.
- Right of restriction: You may have the right to restrict processing of your personal information where: (a) the accuracy of the personal information is contested; (b) the processing is unlawful but you object to the erasure of the personal information; (c) we no longer require the personal information for the purposes for which it was collected, but it is required for the establishment, exercise or defense of a legal claim or (d) you have objected to us processing your personal information based on our legitimate interests and we are considering your objection.
- Right to object: You may have the right to object to decisions which are based solely on automated processing or profiling.
- Right to ask for a copy: Where you have provided your personal information to us with your consent, you may have the right to ask us for a copy of this data in a structured, machine-readable format and to ask us to share (port) this data to another data controller; or to obtain a copy of or access to safeguards under which your personal information is transferred outside of your jurisdiction.
- Right to withdraw your consent. You may have the right to withdraw your consent on using your personal data. If you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of our services.
- Request the transfer of your Personal Data. If you so have this right, we will provide to you, or to a third-party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note that this right may only apply to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
To make such requests, please contact us at privacy@themedidex.com. Please note, we reserve the right to reject the request if you are not entitled to the right that you request to enforce.
- RESPONDING TO LEGAL REQUESTS
We may access, preserve, and share your information in response to a legal request (like a search warrant, court order or subpoena/summon) if we have a good faith belief that the law requires us to do so. This may include responding to legal requests from law enforcement agencies, courts, tribunals, and government authorities. We may also access, preserve and share information when we have a good faith belief it is necessary to: detect, prevent and address fraud and other illegal activity; to protect ourselves, you and others, including as part of investigations; or to prevent death or imminent bodily harm. We also may retain information from accounts disabled for violations of our terms for at least a year to prevent repeat abuse or other violations of our terms.
- CHILDREN PRIVACY
The website is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete such information as soon as possible. Please contact us at privacy@themedidex.com if you believe we knowingly or unknowingly collected information described in this Section.
- OPTING OUT
a) Marketing Communications: If you receive marketing emails from Medidex Inc. and no longer wish to receive such emails, you may opt-out at any time. To do so, please follow the unsubscribe instructions included in the email or contact us at info@themedidex.com. We will process your request within a reasonable period, and after that you will no longer receive marketing communications from us.
b) Data Sharing: If you prefer not to have your personal information shared with third parties for purposes other than those necessary to provide our Services, you can contact us at privacy@themedidex.com to opt out of such sharing.
c) Cookies and Tracking Technologies: You can control the use of cookies and similar tracking technologies through your browser settings. Most web browsers allow you to manage your cookie preferences, including deleting or blocking cookies. However, please note that disabling cookies may affect the functionality and performance of our website.
d) Direct Requests: You can also opt-out of having your personal information used for certain purposes by directly contacting us at privacy@themedidex.com. Please specify the type of opt-out request you are making, and we will process your request in accordance with applicable laws and our policies.
e) Impact of Opting Out: While you have the right to opt-out of certain uses of your personal information, please be aware that doing so may limit your access to certain features or services on our website. We will make every effort to accommodate your preferences while still providing you with the best possible experience.
- CHOICE OF LAW AND DISPUTE RESOLUTION
Unless provided by the relevant statute, rules, or directives applicable to the jurisdiction in which you reside, in case of any disputes, issues, claims or controversies arising out of or in relation to your use of the Site or our services, the governing law and dispute resolution mechanism as provided in the Terms of Use shall apply to this Privacy Policy as well.
- QUESTIONS ABOUT THIS PRIVACY POLICY
In the event you have any grievance regarding anything related to this Privacy Policy, or with any content or service of Medidex Inc., in that case you may freely write your concerns through your registered email to Grievance Officer/Designated Representative at below:
- Email: privacy@themedidex.com
- Postal: 800 N King Street Suite 304 1440, Wilmington DE, 19801
- UPDATES TO THIS POLICY
On occasion, we may revise this Policy to reflect changes in our practices regarding information collection and use. If we make a material modification to this Policy, we will notify you of such changes. You agree that we may notify you about such updates by placing a notice on the Platform. Such modifications are effective, and you agree to be bound by such modifications, when you use or otherwise access the Platform after being notified of the updates, or 30 days from the date the updates are posted to the Platform, whichever is earliest. Changes to this Policy are effective immediately for new users of the Platform upon their sign up to the platform. If you do not agree with the terms of this Policy please do not continue to use the Platform.
- FEEDBACK AND SUGGESTIONS
We welcome your comments and feedback regarding this Privacy Policy. Please write to us at privacy@themedidex.com.
Medidex, Inc.
800 N King Street Suite 304 1440
Wilmington DE, 19801
privacy@themedidex.com
2024 © Medidex Inc. All Rights Reserved