CHILDREN’S ONLINE PRIVACY PROTECTION ACT (“COPPA”)
We do not knowingly or intentionally collect or maintain personally identifiable information from persons under 13 years old, and no part of our website or application is directed to persons under 13. IF YOU ARE UNDER 13 YEARS OF AGE, PLEASE DO NOT USE OR ACCESS OUR SERVICES AT ANY TIME OR IN ANY MANNER. If 2nd.MD learns that personally identifiable information of persons less than 13 years old has been collected without verifiable parental consent, then we will take appropriate steps to delete this information. If you are a parent or guardian and discover that your child under the age of 13 has obtained a 2nd.MD account, then please alert us at legal@2nd.MD and request that we delete that child’s personal information from our systems.
TYPES OF INFORMATION WE MAY COLLECT
We collect information to provide the best service to each of our users. You have choices about the information we collect. When you are asked to provide personal information, you may decline. But if you choose not to provide information that is necessary for our services, you may not be able to use our services.
We collect two basic types of information: “Personal Information” and “Non-Personal Information”.
“Personal Information” means data that allows someone to identify or contact you, including, for example, your name, address, telephone number, e-mail address, driver’s license, Social Security Number, as well as any other non-public information about you that is associated with or linked to any of the foregoing data. Personal Information does not include publicly available information that is lawfully made available to the general public from federal, state or local government records or widely distributed media.
“Non-Personal Information” includes information that cannot be used to identify you personally, but can provide us with usage data, either individually or in the aggregate. This may include but is not limited to anonymous usage data, general demographic information, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks.
HOW WE ACQUIRE PERSONAL INFORMATION AND NON-PERSONAL INFORMATION
We acquire Personal Information when you voluntarily register or create a personal profile with us, or request products, services, or information from us. This may include your first and last name, e-mail and mailing address, phone, and other similar contact data. We may collect data about you such as your age, gender, country, and preferred language.
In some cases, we acquire Personal Information from your employer.
We collect passwords, password hints, and similar security information when you create an account to log in to our network.
In an effort to improve the quality of the Service, we track information provided to us by your browser or by our software application when you view or use the Service, such as the website you came from (known as the referring URL), the type of browser you use, the device from which you connected to the Service, the time and date of access, and other information that does not personally identify you.
We track this information using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a user’s browser from our servers and are stored on the user’s computer hard drive. Sending a cookie to a user’s browser enables us to collect Non-Personal Information about that user and keep a record of the user’s preferences when utilizing our services, both on an individual and aggregate basis. Most internet browsers automatically accept cookies, but you can set your browser to refuse them or to alert you when they are being sent.
Certain pages on our websites or applications contain “web beacons” (also known as Internet tags, pixel tags and clear GIFs). These web beacons allow third parties to obtain information such as the IP address of the computer that downloaded the page on which the beacon appears, the URL of the page on which the beacon appears, the time the page containing the beacon was viewed, the type of browser used to view the page, and the information in cookies set by the third party.
HOW WE USE PERSONAL AND NON-PERSONAL INFORMATION
In general, Personal Information you submit to us is used either to respond to requests that you make, or to aid us in serving you better. We use your Personal Information in the following ways:
- Facilitate the creation and securing of your account on our network;
- Verify your identity so that we can be sure that all our communications with you are confidential, and, for application security, to help prevent fraud and data loss;
- Send you a welcome e-mail to verify ownership of the e-mail address provided when your account was created;
- Provide improved administration of our Services;
- Provide the Services you request;
- Respond to inquiries or requests from you;
- Improve the quality of the experience when you interact with our Services;
- Send administrative e-mail notifications, such as security or support and maintenance advisories;
- Send newsletters, surveys, offers, and other promotional materials related to our Services and for other marketing purposes including those of third parties; and
- Perform marketing or data analysis.
Protected Health Information (“PHI”)
2nd.MD will protect PHI in compliance with both state and federal law. 2nd.MD is required to maintain the confidentiality of the PHI of our users, and we have policies and procedures and other safeguards to help protect your PHI from improper use and disclosure such as hosting our platform on Health Insurance Portability and Accountability Act (“HIPAA”) compliant servers. To the extent required by law, we will make reasonable efforts not to use, disclose, or request more than the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure, or request, taking into consideration practical and technological limitations. Your PHI may be used and disclosed to those who are involved in facilitating your healthcare educational consultation or other related services provided through our Services.
WHEN WE MAY SHARE OR DISCLOSE PERSONAL AND NON-PERSONAL INFORMATION
Regardless of any choices you make regarding your Personal Information, 2nd.MD may disclose Personal Information for the following purposes, if it believes in good faith that such disclosure is necessary:
- If required by law, such as pursuant to a subpoena, regulatory oversight, or other legal process;
- If to protect or defend the rights or property of 2nd.MD or users of the Services;
- If all or part of the Company is sold, merged, dissolved, acquired, or in a similar transaction.
We may also share personal information with other third party companies that we collaborate with or hire to perform services on our behalf, such as service providers, partnering entities, or agents. For example:
- We may hire a company to help us send and manage e-mail, and we might provide the company with your e-mail address or certain other information for them to send you an e-mail message on our behalf.
- To help 2nd.MD communicate with people in different languages, 2nd.MD utilizes collects and uses the text and speech data you submit to provide the translation service.
We may also share personal information with other parties when you expressly authorize us to do so.
YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION AND PHI
You have the following rights regarding PHI we maintain about you. To exercise any of these rights, please submit your request in writing to our Privacy Officer at firstname.lastname@example.org.
Right to Access your PHI. You have the right, which may be restricted only in exceptional circumstances, to inspect and copy PHI that is maintained in a “designated record set”. A designated record set contains mental health/medical and billing records and any other records that are used to make decisions about your care. Your right to inspect and copy PHI will be restricted only in those situations where there is compelling evidence that access would cause serious harm to you or if the information is contained in separately maintained psychotherapy notes. We may charge a reasonable, cost-based fee for copies. If your records are maintained electronically, you may also request an electronic copy of your PHI. You may also request that a copy of your PHI be provided to another person.
Right to Amend your PHI. If you feel that the PHI we have about you is incorrect or incomplete, you may ask us to amend the information although we are not required to agree to the amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us. We may prepare a rebuttal to your statement and will provide you with a copy. Please contact the Privacy Officer if you have any questions.
Right to Request Confidential Communication. You have the right to request that we communicate with you about health matters in a certain way or at a certain location. We will accommodate reasonable requests. We may require specification of an alternative address or other method of contact as a condition for accommodating your request. We will not ask you for an explanation of why you are making the request.
Right to Restrict Disclosure of Your Personal Information and PHI. If you wish to restrict disclosure of personal information or PHI about you or your dependent to another person you identify, please contact the Privacy Officer at 2nd.MD directly to make such request.
Breach Notification. If there is a breach of PHI concerning you, we may be required to notify you of this breach, including what happened and what you can do to protect yourself.
By using 2nd.MD’s Services, you consent and authorize 2nd.MD to audio record, video record, and/or still photograph the educational consultation for the purpose of allowing you continued access to the consultation. You understand that all recordings, videos or images will become part of your electronically stored record. You understand that the use of technology to store and transmit your recordings introduces additional opportunities for someone to breach the security and privacy protocols that 2nd.MD uses to protect your confidential information. 2nd.MD stores and transmits the recordings in compliance with the HIPAA Security Rule and all other applicable state and federal regulations.
LINKS TO THIRD PARTY WEBSITES
OTHER IMPORTANT PRIVACY INFORMATION
Security of Personal Data
Protection of Passwords
Your account is protected by your account password, and we urge you to take steps to keep your personal information safe by not disclosing your password and by logging out of your account after each use. It is your responsibility to control the dissemination and use of your password, and to control access to and use of your user ID and password. If you need to deactivate your account, promptly inform 2nd.MD. You agree to promptly notify 2nd.MD of any unauthorized use of your username, password, or any other breach of security that you become aware of.
We may use the e-mail address you provide when you create your 2nd.MD account to send you an e-mail requesting that you validate your e-mail address, to send you appointment reminders, and to send you service notifications, such as e-mail notifications that information is available in your member account.
2nd.MD periodically sends newsletters, surveys, contests, sweepstakes or other promotions through e-mail. 2nd.MD may also periodically send you an e-mail summarizing recent account activity. Subject to your contact preferences, we may also use your e-mail addresses to send you promotional e-mail. You can unsubscribe from these e-mails at any time.
Operation in the United States
Our servers are located in the United States, so your information may be transferred to, stored, or processed in the United States. While the data protection, privacy, and other laws of the United States might not be as comprehensive as those in your country, we take many steps to protect your privacy. By using our Services, you understand and consent to the collection, storage, processing, and transfer of your information to our facilities in the United States.
Contact Us: If you would like more information about your privacy rights, please contact 2nd.MD by e-mailing legal@2nd.MD. If you believe we have violated your privacy rights, you have the right to file a complaint in writing with our Privacy Officer at legal@2nd.MD. We will not retaliate against you for filing a complaint.
Last Updated: February 12, 2018