PRIVACY POLICY

1. INTRODUCTION

We, Innovation Specialists, LLC d/b/a 2nd.MD and its subsidiaries and affiliates, including 1st.MD (“2nd.MD”, “we,” “our”, or “us”) are committed to maintaining robust privacy protections, and your privacy is important to us. This Privacy Policy describes the types of Your Information (defined below) we may collect, use and disclose when you (“you”, “User”) visit or use our online interfaces, products, services, websites, mobile applications and other service offerings (collectively referred to as the “Service(s)”) owned and operated by 2nd.MD.

This Privacy Policy applies to:

• Services that link to this Privacy Policy;
• Service-related communications including phone, email, text, and other electronic messages; and
• Your interactions with us on third-party websites and services, if those third-party websites and services include links to this Policy.

By using our Services, you are accepting the practices described in this Privacy Policy, and you agree to be bound by our Terms of Use. If you choose not to provide us with Your Information that is necessary for the provision of our Services, you may not be able to use our Services, or certain components of our Services.

Please note that this Privacy Policy may change from time to time (see Changes to this Privacy Policy), so please check this Privacy Policy periodically for updates.

2. PROTECTED HEALTH INFORMATION

To the extent we encounter your Protected Health Information (“PHI”) in connection with your use of the Services, PHI is instead governed by the Health Insurance Portability and Accountability Act (“HIPAA”). Therefore, we are legally required to treat your PHI confidentially in accordance with HIPAA and the privacy contracts we entered into with your employer and/or health plan.

3. TYPES OF YOUR INFORMATION

When you utilize our Services, we collect two different types of information: “Personal Information” and “Analytics Information.” Depending on your state laws, Analytics Information may also be considered Personal Information, and therefore we collectively refer to both types as “Your Information” for purposes of this Privacy Policy.

• “Personal Information” means pieces of data that alone, or together with other data, could allow someone to identify you. This may include but is not limited to your name, address, telephone number, e-mail address, username, password, password hints, security questions, audio or video recordings, photographs, driver’s license or Social Security Number. Note that Personal Information can also include health information, however if it is PHI, we will treat it in accordance with HIPAA (see Protected Health Information).
• “Analytics Information” includes data that can provide us with usage data, either individually or in the aggregate. This may include but is not limited to usage data, demographic information, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks.

4. HOW WE ACQUIRE YOUR INFORMATION

We may collect or generate Your Information in a variety of ways, including but not limited to the following:

• When you voluntarily register or create a personal profile with us - This may include your first and last name, e-mail and mailing address, phone, age, gender, country, and preferred language.
• In some cases, your employer (or your employer-sponsored health plan) will give us some of Your Information so that we can provide you with the Services - This may include eligibility information so that we can validate your eligibility to receive Services offered by your employer (or health plan).
• When you request support or other information from us about the Services – This may include your contact information, and other information about your inquiry.
• When you use and interact with the Services – This may include data and analytics generated through the use of cookies and similar tracking technologies (see Tracking Technologies)

Tracking Technologies

In an effort to improve the quality of the Service, we track information provided to us by your browser or by our software application when you view or use the Service, such as the website you came from (known as the referring URL), the type of browser you use, the device from which you connected to the Service, the time and date of access, and other information.

We track this information using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a User’s browser from our servers and are stored on the User’s computer hard drive. Sending a cookie to your browser enables us to collect Your Information and keep a record your preferences when utilizing our Services, both on an individual and aggregate basis. Most internet browsers automatically accept cookies, but you can set your browser to refuse them or to alert you when they are being sent.

Certain pages on our websites or applications contain “web beacons” (also known as Internet tags, pixel tags and clear GIFs). These web beacons allow third parties to obtain information such as the IP address of the computer that downloaded the page on which the beacon appears, the URL of the page on which the beacon appears, the time the page containing the beacon was viewed, the type of browser used to view the page, and the information in cookies set by the third party.

We may also use third party analytics services such as Google Analytics or Google Adsense to collect information about how you use and interact with our Services. Google Analytics uses cookies to help the Site analyze how Users use the Services. You can find out more about how Google uses data by visiting “How Google uses data when you use our partners’ sites or apps”, (located at www.google.com/policies/privacy/partners/). We may also use Google Analytics Advertising Features or other advertising networks to provide you with interest-based advertising based on your online activity. For more information regarding Google Analytics, please visit Google’s website and pages that describe Google Analytics, such as www.google.com/analytics/learn/privacy.html

5. HOW WE USE YOUR INFORMATION

We may use Your Information for the following purposes:

• Facilitate the creation and securing of your account on our network;
• Verify your identity so that we can be sure that all our communications with you are confidential, and to help prevent fraud and data loss;
• Send you welcome communications to verify ownership of the contact information provided when your account was created;
• Send you communications about your account, appointments and other Service-related reminders and messages;
• Provide improved administration of our Services;
• Provide the Services you request;
• Respond to inquiries or requests from you;
• Enforce our rights arising from contracts;
• Administer surveys and promotions;
• Improve the quality of the experience when you interact with our Services;
• Send administrative notifications, such as security or support and maintenance advisories;
• Send newsletters, surveys, offers, contests, sweepstakes, advertisements and other promotional materials related to our Services and for other marketing purposes including those of third parties;
• Track trends and analyze use patterns of our Services; and
• Perform marketing or data analysis.

6. WHEN WE MAY SHARE OR DISCLOSE YOUR INFORMATION

We may disclose Your Information in the following ways:

• To a company we merge, acquire, or that buys us, or in the event of change in structure of our company of any form;
• To comply with our legal obligations;
• To perform our contracts with your employer or health plan;
• To enforce our rights; and
• At your request, or with your permission.

We may also share Your Information with other trusted business partners and service providers that we collaborate with or hire to perform services on our behalf. We enter into written contracts with these parties to ensure they handle Your Information appropriately. For example:

• To help us send and manage e-mail and/or text communications, so we might provide that company with your contact details to send you messages on our behalf.
• To serve you advertisements that you may be interested in, which may be personalized to you. If you do not wish to receive such advertisements, you can always adjust your individual browser’s settings.
• To help us communicate with Users in different languages, and provide translation services.

7. YOUR INFORMATION CHOICES AND RIGHTS

Depending on what state you reside in and what Services you utilize, you may have certain rights with respect to Your Information. If you have any questions about Your Information choices or rights, please reach out to us (see Contact Us).

• Tracking Technologies and Advertising: You can set your browser or operating system to refuse all or some cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of our Services may not be accessible, and may not function properly.
• Communications from 2nd.MD: If we have sent you a message or communication that you no longer wish to receive, please follow the instructions provided in the text or email you received or reach out to us (see Contact Us).
• Delete your account with us: Please reach out to us (see Contact Us).

8. CHILDREN’S ONLINE PRIVACY PROTECTION ACT (“COPPA”)

We do not knowingly or intentionally collect or maintain personally identifiable information from persons under 13 years old, and no part of our Services are directed to persons under 13. If you are under the age of 13, you may only use our Services with the supervision and consent of your parents or legal guardians, and in accordance with our Terms of Use. If 2nd.MD learns that personally identifiable information of persons less than 13 years old has been collected without verifiable parental consent, then we will take appropriate steps to delete this information. If you are a parent or guardian and discover that your child under the age of 13 has obtained a 2nd.MD account, then please alert us and request that we delete that child’s personal information from our systems (see Contact Us)

9. LINKS TO THIRD PARTY WEBSITES

As part of the Service, we may provide links to or compatibility with other websites or applications. However, we are not responsible for the privacy practices employed by those websites or the information or content they contain. We encourage our users to read the privacy statements of other websites before proceeding to use them.

10. SECURITY OF YOUR INFORMATION

• Security Generally: We intend to protect Your Information treat it securely in accordance with this Privacy Policy. 2nd.MD implements physical, administrative, and technical safeguards designed to protect Your Information from unauthorized access, use, or disclosure. We protect your information from potential security breaches by implementing certain technological security measures, and periodically subjecting our Services to simulated intrusions tests. We also contractually require that our suppliers protect such information from unauthorized access, use, and disclosure. However, the Internet cannot be guaranteed to be 100% secure, and these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of our security measures. By using our Service, you acknowledge that you understand and agree to assume these risks.
• Passwords: Your account is protected by your account password, and we urge you to take steps to keep Your Information safe by not disclosing your password and by logging out of your account after each use. It is your responsibility to control the dissemination and use of your password, and to control access to and use of your user ID and password. You agree to promptly notify 2nd.MD of any unauthorized use of your username, password, or any other breach of security that you become aware of.
• Data Retention: 2nd.MD will retain your Personal Data for the entire time that you keep your account open. After you close your account, we may retain your Personal Data:
  • For as long as necessary to comply with any legal requirement;
  • On our backup and disaster recovery systems in accordance with our backup and disaster recovery policies and procedures;
  • For as long as necessary to protect our legal interests or otherwise pursue our legal rights and remedies; and
  • For data that has been aggregated or otherwise rendered anonymous in such a manner than you are no longer identifiable, indefinitely.

11. CHANGES TO THIS PRIVACY POLICY

2nd.MD reserves the right to change the terms of our Privacy Policy at any time. Any new Privacy Policy will be effective for Your Information that we maintain at that time. We will provide you with a copy of the revised Privacy Policy by posting a copy through our Services. The date this Privacy Policy was last revised is identified at the top of the page.

12. CONTACT US

If you have questions or would like more information about Your Information and your rights, please contact us by e-mailing Privacy@2nd.MD, or through the “Contact” or “Support” functions on our Services. If you believe we have violated your privacy rights, you have the right to file a complaint in writing with our Privacy Officer at Legal@2nd.MD. We will not retaliate against you for filing a complaint.