PRIVACY POLICY

Last Updated: August 27, 2019

INTRODUCTION

Welcome to 2nd.MD’s web and mobile experience. Innovation Specialists, LLC d/b/a 2nd.MD (“2nd.MD”, “Company”, “we,” “our”, or “us”) is committed to maintaining robust privacy protections for its users. Your privacy is important to us. This Privacy Policy describes the information 2nd.MD may collect from you or that you may provide when you visit the website www.2nd.MD (“Site”) and the associated 2nd.MD application (“Application”), and how 2nd.MD collects, uses, maintains, protects, and discloses the information you provide.

This Privacy Policy applies to information we collect:

Please note that by using our Services, you are accepting the practices described in this Privacy Policy and our Terms of Use, and you consent to our collection, storage, use and disclosure of your Personal and Non-Personal Information as defined in this Privacy Policy.

Please review this Privacy Policy carefully. If you do not agree to this Privacy Policy, please do not use 2nd.MD’s Services. By accessing or using our Site or Application, you agree to this Privacy Policy. This Privacy Policy may change from time to time (see Changes to this Privacy Policy). Your continued use of our Site or Application after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.

CHILDREN UNDER THE AGE OF 18

If you are under the age of eighteen (18) and wish to create an account with 2nd.MD (“Account”), your parent or legal guardian must create the Account, submit your personal information, and agree to this Privacy Policy on your behalf.

CHILDREN’S ONLINE PRIVACY PROTECTION ACT (“COPPA”)

We do not knowingly or intentionally collect or maintain personally identifiable information from persons under 13 years old, and no part of our website or application is directed to persons under 13. If you are under the age of 13, you may only use our services and access our Site and Application with the supervision and consent of your parents or legal guardians. If 2nd.MD learns that personally identifiable information of persons less than 13 years old has been collected without verifiable parental consent, then we will take appropriate steps to delete this information. If you are a parent or guardian and discover that your child under the age of 13 has obtained a 2nd.MD account, then please alert us at Privacy@2nd.MD and request that we delete that child’s personal information from our systems.

TYPES OF INFORMATION WE MAY COLLECT

We collect information to provide the best service to each of our users. You have choices about the information we collect. When you are asked to provide personal information, you may decline. But if you choose not to provide information that is necessary for our services, you may not be able to use our services.

We collect two basic types of information: “Personal Information” and “Non-Personal Information”.

“Personal Information” means data that allows someone to identify or contact you, including, for example, your name, address, telephone number, e-mail address, driver’s license, Social Security Number, as well as any other non-public information about you that is associated with or linked to any of the foregoing data. Personal Information does not include publicly available information that is lawfully made available to the general public from federal, state or local government records or widely distributed media.

“Non-Personal Information” includes information that cannot be used to identify you personally, but can provide us with usage data, either individually or in the aggregate. This may include but is not limited to anonymous usage data, general demographic information, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks.

HOW WE ACQUIRE PERSONAL INFORMATION AND NON-PERSONAL INFORMATION

Personal Information

We acquire Personal Information when you voluntarily register or create a personal profile with us, or request products, services, or information from us. This may include your first and last name, e-mail and mailing address, phone, and other similar contact data. We may collect data about you such as your age, gender, country, and preferred language.

In some cases, we acquire Personal Information from your employer.

We collect passwords, password hints, and similar security information when you create an account to log in to our network.

Protected Health Information (“PHI”)

When using our Services, we collect health information that you provide us, which may include information or records relating to your medical or health history, health status and laboratory testing results, diagnostic images, and other health information. Your health record contains personal information about you and your health. We may also collect health information about you prepared by your healthcare providers who provide medical records, treatment and examination notes, and other health related information. This information about you may identify you and/or relate to your past, present or future physical or mental health or condition and related health care services is referred to as Protected Health Information (“PHI”). 2nd.MD is required by law to maintain the privacy of PHI and to provide you with notice of our legal duties and privacy practices with respect to PHI. We are required to abide by the terms of this Privacy Policy.

Non-Personal Information

In an effort to improve the quality of the Service, we track information provided to us by your browser or by our software application when you view or use the Service, such as the website you came from (known as the referring URL), the type of browser you use, the device from which you connected to the Service, the time and date of access, and other information that does not personally identify you.

We track this information using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a user’s browser from our servers and are stored on the user’s computer hard drive. Sending a cookie to a user’s browser enables us to collect Non-Personal Information about that user and keep a record of the user’s preferences when utilizing our services, both on an individual and aggregate basis. Most internet browsers automatically accept cookies, but you can set your browser to refuse them or to alert you when they are being sent.

Certain pages on our websites or applications contain “web beacons” (also known as Internet tags, pixel tags and clear GIFs). These web beacons allow third parties to obtain information such as the IP address of the computer that downloaded the page on which the beacon appears, the URL of the page on which the beacon appears, the time the page containing the beacon was viewed, the type of browser used to view the page, and the information in cookies set by the third party.

We may also use third party analytics services such as Google Analytics or Google Adsense to collect information about how you use and interact with our Services. Google Analytics uses cookies to help the Site analyze how users use the Site. You can find out more about how Google uses data when you visit our Site by visiting “How Google uses data when you use our partners’ sites or apps”, (located at www.google.com/policies/privacy/partners/). We may also use Google Analytics Advertising Features or other advertising networks to provide you with interest-based advertising based on your online activity. For more information regarding Google Analytics, please visit Google’s website and pages that describe Google Analytics, such as www.google.com/analytics/learn/privacy.html.

HOW WE USE PERSONAL AND NON-PERSONAL INFORMATION

Personal Information

By using our Site or Application, you consent to our collection, use, and sharing of your Personal Information as described in this Privacy Policy. If you do not consent to this Privacy Policy, please do not use the Site or Application. We process your Personal Information in order to fulfill our obligations to you and to deliver our Services to you.

In general, Personal Information you submit to us is used either to respond to requests that you make, or to aid us in serving you better. We use your Personal Information in the following ways:

Protected Health Information (“PHI”)

2nd.MD will protect PHI in compliance with both state and federal law. 2nd.MD is required to maintain the confidentiality of the PHI of our users, and we have policies and procedures and other safeguards to help protect your PHI from improper use and disclosure such as hosting our platform on Health Insurance Portability and Accountability Act (“HIPAA”) compliant servers. To the extent required by law, we will make reasonable efforts not to use, disclose, or request more than the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure, or request, taking into consideration practical and technological limitations. Your PHI may be used and disclosed to those who are involved in facilitating your healthcare educational consultation or other related services provided through our Services.

Non-Personal Information

In general, we use Non-Personal Information to help us improve your user experience and the overall quality of our services. For example, by saving your language preference, we will be able to have our services appear in the language you prefer. We also aggregate Non-Personal Information to track trends and analyze use patterns on our website and application. This Privacy Policy does not limit in any way our use or disclosure of Non-Personal Information and we reserve the right to use and disclose such Non-Personal Information to our partners, advertisers, and other third parties at our discretion.

WHEN WE MAY SHARE OR DISCLOSE PERSONAL AND NON-PERSONAL INFORMATION

We do not share, sell, or otherwise disclose your Personal Information for purposes other than those outlined in this Privacy Policy. We disclose your Personal Data to a few third parties, including:

We may also share personal information with other third-party companies that we collaborate with or hire to perform services on our behalf, such as service providers, partnering entities, or agents. For example:

We may also share personal information with other parties when you expressly authorize us to do so.

CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION

We do not control the collection and use of your information collected by third parties described above in “When We May Share or Disclose Personal and Non-Personal Information”. When possible, these organizations are under contractual obligations to use this data only for providing the services to us and to maintain this information strictly confidential. In addition, we strive to provide you with choices regarding the Personal Information you provide to us. We have created mechanisms to provide you with control over your Personal Information:

Tracking Technologies and Advertising. You can set your browser or operating system to refuse all or some cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of our Site or Application may then be inaccessible or not function properly.

Promotional Offers from 2nd.MD. We will only use your contact information to promote our own or third parties’ products or services with your express consent. If you wish to consent, or change your choice to non-consent, you may do so at any time by sending us an email stating your request to Privacy@2nd.MD. If we have sent you a promotional email, you may also send us a return email asking to be omitted from future email distributions. This opt out does not apply to information provided by 2nd.MD as a result of 2nd.MD Services.

Targeted Advertising.> We will only use information that we collect or you provide to deliver advertisements according to our advertisers’ target-audience preferences with your express consent. If you wish to consent to such use, you can check the relevant box located on the form on which we collect your Personal Information or otherwise seek such consent. If you wish to change your choice, you may do so at any time by sending us an email stating your request to Privacy@2nd.MD. Please note that if you choose to opt out, you will continue to see ads, but they will not be based on your online activity.

YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION AND PHI

You may have certain rights under applicable data protection laws, including the right to access and update your Personal Information, restrict how it is used, transfer certain Personal Information to another entity, withdraw your consent at any time, and the right to have us erase certain Personal Information about you. To exercise any of these rights, please submit your request in writing to our Privacy Officer at Privacy@2nd.MD.

Right to Access your PHI. You have the right, which may be restricted only in exceptional circumstances, to inspect and copy PHI that is maintained in a “designated record set”. A designated record set contains mental health/medical and billing records and any other records that are used to make decisions about your care. Your right to inspect and copy PHI will be restricted only in those situations where there is compelling evidence that access would cause serious harm to you or if the information is contained in separately maintained psychotherapy notes. We may charge a reasonable, cost-based fee for copies. If your records are maintained electronically, you may also request an electronic copy of your PHI. You may also request that a copy of your PHI be provided to another person.

Right to Amend your PHI. If you feel that the PHI we have about you is incorrect or incomplete, you may ask us to amend the information although we are not required to agree to the amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us. We may prepare a rebuttal to your statement and will provide you with a copy. Please contact the Privacy Officer if you have any questions.

Right to Request Confidential Communication. You have the right to request that we communicate with you about health matters in a certain way or at a certain location. We will accommodate reasonable requests. We may require specification of an alternative address or other method of contact as a condition for accommodating your request. We will not ask you for an explanation of why you are making the request.

Right to Restrict Disclosure of Your Personal Information and PHI. If you wish to restrict disclosure of personal information or PHI about you or your dependent to another person you identify, please contact the Privacy Officer at 2nd.MD directly to make such request.

Withdrawal of Consent. To the extent that our processing of your Personal Information is based on your consent, you may withdraw your consent at any time by contacting us at Privacy@2nd.MD. We may no longer be able to provide you with some or all of our Services based on your withdrawal of your consent.

Right to be Forgotten. You have the right to request that we delete all of your Personal Information. We may not be able to delete your Personal Information except by also deleting your user account. We may not accommodate a request to erase information if we believe the deletion would violate any law or legal requirement or cause the information to be incorrect. In all other cases, we will retain your Personal Information as set forth in this policy. In addition, we cannot completely delete your Personal Information as some data may rest in previous backups. These will be retained for the periods set forth in our disaster recovery policies. If you delete your User Content, copies of your User Content may remain viewable in cached and archived pages, or might have been copied or stored by other Site or Application users. Proper access and use of information provided on the Site and Application, including User Content, is governed by our Terms of Use.

Breach Notification. If there is a breach of PHI concerning you, we may be required to notify you of this breach, including what happened and what you can do to protect yourself.

Marketing Purposes. You have the right at any time to prevent us from contacting you for marketing purposes. When we send a promotional communication to a user, the user can opt out of further promotional communications by following the unsubscribe instructions provided in each promotional e-mail. Please note that notwithstanding the promotional preferences you indicate by either unsubscribing or opting out, we may continue to send you administrative e-mails including, for example, periodic updates to our Privacy Policy.

RECORDING FEATURES

By using 2nd.MD’s Services, you consent and authorize 2nd.MD to audio record, video record, and/or still photograph the educational consultation for the purpose of allowing you continued access to the consultation. You understand that all recordings, videos or images will become part of your electronically stored record. You understand that the use of technology to store and transmit your recordings introduces additional opportunities for someone to breach the security and privacy protocols that 2nd.MD uses to protect your confidential information. 2nd.MD stores and transmits the recordings in compliance with the HIPAA Security Rule and all other applicable state and federal regulations.

LINKS TO THIRD PARTY WEBSITES

As part of the Service, we may provide links to or compatibility with other websites or applications. However, we are not responsible for the privacy practices employed by those websites or the information or content they contain. This Privacy Policy applies solely to information collected by us through the Service. Therefore, this Privacy Policy does not apply to your use of a third-party website accessed by selecting a link through our Services. To the extent that you access or use the Service through or on another website or application, then the privacy policy of that other website or application will apply to your access or use of that site or application. We encourage our users to read the privacy statements of other websites before proceeding to use them.

TEXT MESSAGE POLICY

2nd.MD Text Messages (SMS) may make available text messaging services in which you can receive messages from us and send messages to us on your mobile phone (the “Text Messaging Services”). By activating your 2nd.MD account and providing your phone number to 2nd.MD, you consent to receiving text messages from 2nd.MD. By using our text message services, you agree to these terms and conditions, which incorporate by reference our Terms of Use. If you do not agree to these terms and conditions, please do not use the text messaging services. You can stop messages at any time by replying “STOP”.

Cancellation

Members can opt-out by replying “STOP” at any time. By enrolling in this subscription program, you consent that following such a request to unsubscribe, you will receive one (1) final message from 2nd.MD confirming that you have been inactivating in our system. Following such confirmation message, no additional text messages will be sent unless you re-activate your subscription.

Text Messaging and Data Rates

2nd.MD does not charge a fee for text messaging service. However, standard messaging and data rates may apply from your mobile carrier, and we are not responsible for any charges from a person’s service provider that may result from us providing this service.

OTHER IMPORTANT PRIVACY INFORMATION

Security of Personal Data

We intend to protect the personal information entrusted to us and treat it securely in accordance with this Privacy Policy. 2nd.MD implements physical, administrative, and technical safeguards designed to protect your personal information from unauthorized access, use, or disclosure. We protect your information from potential security breaches by implementing certain technological security measures, and periodically subjecting our Services to simulated intrusions tests. We also contractually require that our suppliers protect such information from unauthorized access, use, and disclosure. However, the Internet cannot be guaranteed to be 100% secure, and these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of our security measures. By using our Service, you acknowledge that you understand and agree to assume these risks.

Protection of Passwords

Your account is protected by your account password, and we urge you to take steps to keep your personal information safe by not disclosing your password and by logging out of your account after each use. It is your responsibility to control the dissemination and use of your password, and to control access to and use of your user ID and password. If you need to deactivate your account, promptly inform 2nd.MD. You agree to promptly notify 2nd.MD of any unauthorized use of your username, password, or any other breach of security that you become aware of.

E-mail Communications

We may use the e-mail address you provide when you create your 2nd.MD account to send you an e-mail requesting that you validate your e-mail address, to send you appointment reminders, and to send you service notifications, such as e-mail notifications that information is available in your member account.

2nd.MD periodically sends newsletters, surveys, contests, sweepstakes or other promotions through e-mail. 2nd.MD may also periodically send you an e-mail summarizing recent account activity. Subject to your contact preferences, we may also use your e-mail addresses to send you promotional e-mail. You can unsubscribe from these e-mails at any time.

Consent to Processing of Personal Data in the United States

Our servers are located in the United States, so your information may be transferred to, stored, or processed in the United States. While the data protection, privacy, and other laws of the United States might not be as comprehensive as those in your country, we take many steps to protect your privacy. By using our Services, you understand and consent to the collection, storage, processing, and transfer of your information to our facilities in the United States. By using and accessing our Application and Website, users who reside or are located outside of the United States agree and consent to the transfer to and processing of personal information on servers located outside of the country where they reside, and that the protection of such information may be different than required under the laws of their residence or location.

Changes to this Privacy Policy

The policies indicated by this Privacy Policy will remain effective, even if the user’s coverage is terminated, to the extent we retain information about a user. 2nd.MD reserves the right to change the terms of our Privacy Policy at any time. Any new Privacy Policy will be effective for all PII/PHI we maintain at that time. We will provide you with a copy of the revised Privacy Policy by posting a copy on our website and applications, or e-mailing you a copy. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically accessing the Application or visiting our Site and reviewing this Privacy Policy to check for any changes. The date this Privacy Policy was last revised is identified at the top of the page.

Data Retention Periods

2nd.MD will retain your Personal Data for the entire time that you keep your account open. After you close your account, we may retain your Personal Data:

Contact Us: If you would like more information about your privacy rights, please contact 2nd.MD by e-mailing Privacy@2nd.MD, or through the “Contact” page on our Site or Application. If you believe we have violated your privacy rights, you have the right to file a complaint in writing with our Privacy Officer at Legal@2nd.MD. We will not retaliate against you for filing a complaint.