Last Updated: August 27, 2019
We do not knowingly or intentionally collect or maintain personally identifiable information from persons under 13 years old, and no part of our website or application is directed to persons under 13. If you are under the age of 13, you may only use our services and access our Site and Application with the supervision and consent of your parents or legal guardians. If 2nd.MD learns that personally identifiable information of persons less than 13 years old has been collected without verifiable parental consent, then we will take appropriate steps to delete this information. If you are a parent or guardian and discover that your child under the age of 13 has obtained a 2nd.MD account, then please alert us at Privacy@2nd.MD and request that we delete that child’s personal information from our systems.
We collect information to provide the best service to each of our users. You have choices about the information we collect. When you are asked to provide personal information, you may decline. But if you choose not to provide information that is necessary for our services, you may not be able to use our services.
We collect two basic types of information: “Personal Information” and “Non-Personal Information”.
“Personal Information” means data that allows someone to identify or contact you, including, for example, your name, address, telephone number, e-mail address, driver’s license, Social Security Number, as well as any other non-public information about you that is associated with or linked to any of the foregoing data. Personal Information does not include publicly available information that is lawfully made available to the general public from federal, state or local government records or widely distributed media.
“Non-Personal Information” includes information that cannot be used to identify you personally, but can provide us with usage data, either individually or in the aggregate. This may include but is not limited to anonymous usage data, general demographic information, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks.
We acquire Personal Information when you voluntarily register or create a personal profile with us, or request products, services, or information from us. This may include your first and last name, e-mail and mailing address, phone, and other similar contact data. We may collect data about you such as your age, gender, country, and preferred language.
In some cases, we acquire Personal Information from your employer.
We collect passwords, password hints, and similar security information when you create an account to log in to our network.
Protected Health Information (“PHI”)
In an effort to improve the quality of the Service, we track information provided to us by your browser or by our software application when you view or use the Service, such as the website you came from (known as the referring URL), the type of browser you use, the device from which you connected to the Service, the time and date of access, and other information that does not personally identify you.
We track this information using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a user’s browser from our servers and are stored on the user’s computer hard drive. Sending a cookie to a user’s browser enables us to collect Non-Personal Information about that user and keep a record of the user’s preferences when utilizing our services, both on an individual and aggregate basis. Most internet browsers automatically accept cookies, but you can set your browser to refuse them or to alert you when they are being sent.
Certain pages on our websites or applications contain “web beacons” (also known as Internet tags, pixel tags and clear GIFs). These web beacons allow third parties to obtain information such as the IP address of the computer that downloaded the page on which the beacon appears, the URL of the page on which the beacon appears, the time the page containing the beacon was viewed, the type of browser used to view the page, and the information in cookies set by the third party.
In general, Personal Information you submit to us is used either to respond to requests that you make, or to aid us in serving you better. We use your Personal Information in the following ways:
Protected Health Information (“PHI”)
2nd.MD will protect PHI in compliance with both state and federal law. 2nd.MD is required to maintain the confidentiality of the PHI of our users, and we have policies and procedures and other safeguards to help protect your PHI from improper use and disclosure such as hosting our platform on Health Insurance Portability and Accountability Act (“HIPAA”) compliant servers. To the extent required by law, we will make reasonable efforts not to use, disclose, or request more than the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure, or request, taking into consideration practical and technological limitations. Your PHI may be used and disclosed to those who are involved in facilitating your healthcare educational consultation or other related services provided through our Services.
We may also share personal information with other third-party companies that we collaborate with or hire to perform services on our behalf, such as service providers, partnering entities, or agents. For example:
We may also share personal information with other parties when you expressly authorize us to do so.
We do not control the collection and use of your information collected by third parties described above in “When We May Share or Disclose Personal and Non-Personal Information”. When possible, these organizations are under contractual obligations to use this data only for providing the services to us and to maintain this information strictly confidential. In addition, we strive to provide you with choices regarding the Personal Information you provide to us. We have created mechanisms to provide you with control over your Personal Information:
Promotional Offers from 2nd.MD. We will only use your contact information to promote our own or third parties’ products or services with your express consent. If you wish to consent, or change your choice to non-consent, you may do so at any time by sending us an email stating your request to Privacy@2nd.MD. If we have sent you a promotional email, you may also send us a return email asking to be omitted from future email distributions. This opt out does not apply to information provided by 2nd.MD as a result of 2nd.MD Services.
Targeted Advertising.> We will only use information that we collect or you provide to deliver advertisements according to our advertisers’ target-audience preferences with your express consent. If you wish to consent to such use, you can check the relevant box located on the form on which we collect your Personal Information or otherwise seek such consent. If you wish to change your choice, you may do so at any time by sending us an email stating your request to Privacy@2nd.MD. Please note that if you choose to opt out, you will continue to see ads, but they will not be based on your online activity.
You may have certain rights under applicable data protection laws, including the right to access and update your Personal Information, restrict how it is used, transfer certain Personal Information to another entity, withdraw your consent at any time, and the right to have us erase certain Personal Information about you. To exercise any of these rights, please submit your request in writing to our Privacy Officer at Privacy@2nd.MD.
Right to Access your PHI. You have the right, which may be restricted only in exceptional circumstances, to inspect and copy PHI that is maintained in a “designated record set”. A designated record set contains mental health/medical and billing records and any other records that are used to make decisions about your care. Your right to inspect and copy PHI will be restricted only in those situations where there is compelling evidence that access would cause serious harm to you or if the information is contained in separately maintained psychotherapy notes. We may charge a reasonable, cost-based fee for copies. If your records are maintained electronically, you may also request an electronic copy of your PHI. You may also request that a copy of your PHI be provided to another person.
Right to Amend your PHI. If you feel that the PHI we have about you is incorrect or incomplete, you may ask us to amend the information although we are not required to agree to the amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us. We may prepare a rebuttal to your statement and will provide you with a copy. Please contact the Privacy Officer if you have any questions.
Right to Request Confidential Communication. You have the right to request that we communicate with you about health matters in a certain way or at a certain location. We will accommodate reasonable requests. We may require specification of an alternative address or other method of contact as a condition for accommodating your request. We will not ask you for an explanation of why you are making the request.
Right to Restrict Disclosure of Your Personal Information and PHI. If you wish to restrict disclosure of personal information or PHI about you or your dependent to another person you identify, please contact the Privacy Officer at 2nd.MD directly to make such request.
Withdrawal of Consent. To the extent that our processing of your Personal Information is based on your consent, you may withdraw your consent at any time by contacting us at Privacy@2nd.MD. We may no longer be able to provide you with some or all of our Services based on your withdrawal of your consent.
Breach Notification. If there is a breach of PHI concerning you, we may be required to notify you of this breach, including what happened and what you can do to protect yourself.
By using 2nd.MD’s Services, you consent and authorize 2nd.MD to audio record, video record, and/or still photograph the educational consultation for the purpose of allowing you continued access to the consultation. You understand that all recordings, videos or images will become part of your electronically stored record. You understand that the use of technology to store and transmit your recordings introduces additional opportunities for someone to breach the security and privacy protocols that 2nd.MD uses to protect your confidential information. 2nd.MD stores and transmits the recordings in compliance with the HIPAA Security Rule and all other applicable state and federal regulations.
Members can opt-out by replying “STOP” at any time. By enrolling in this subscription program, you consent that following such a request to unsubscribe, you will receive one (1) final message from 2nd.MD confirming that you have been inactivating in our system. Following such confirmation message, no additional text messages will be sent unless you re-activate your subscription.
Text Messaging and Data Rates
2nd.MD does not charge a fee for text messaging service. However, standard messaging and data rates may apply from your mobile carrier, and we are not responsible for any charges from a person’s service provider that may result from us providing this service.
Security of Personal Data
Protection of Passwords
Your account is protected by your account password, and we urge you to take steps to keep your personal information safe by not disclosing your password and by logging out of your account after each use. It is your responsibility to control the dissemination and use of your password, and to control access to and use of your user ID and password. If you need to deactivate your account, promptly inform 2nd.MD. You agree to promptly notify 2nd.MD of any unauthorized use of your username, password, or any other breach of security that you become aware of.
We may use the e-mail address you provide when you create your 2nd.MD account to send you an e-mail requesting that you validate your e-mail address, to send you appointment reminders, and to send you service notifications, such as e-mail notifications that information is available in your member account.
2nd.MD periodically sends newsletters, surveys, contests, sweepstakes or other promotions through e-mail. 2nd.MD may also periodically send you an e-mail summarizing recent account activity. Subject to your contact preferences, we may also use your e-mail addresses to send you promotional e-mail. You can unsubscribe from these e-mails at any time.
Consent to Processing of Personal Data in the United States
Our servers are located in the United States, so your information may be transferred to, stored, or processed in the United States. While the data protection, privacy, and other laws of the United States might not be as comprehensive as those in your country, we take many steps to protect your privacy. By using our Services, you understand and consent to the collection, storage, processing, and transfer of your information to our facilities in the United States. By using and accessing our Application and Website, users who reside or are located outside of the United States agree and consent to the transfer to and processing of personal information on servers located outside of the country where they reside, and that the protection of such information may be different than required under the laws of their residence or location.
Data Retention Periods
2nd.MD will retain your Personal Data for the entire time that you keep your account open. After you close your account, we may retain your Personal Data:
Contact Us: If you would like more information about your privacy rights, please contact 2nd.MD by e-mailing Privacy@2nd.MD, or through the “Contact” page on our Site or Application. If you believe we have violated your privacy rights, you have the right to file a complaint in writing with our Privacy Officer at Legal@2nd.MD. We will not retaliate against you for filing a complaint.