This privacy statement (“Policy”) describes the current policies of Medipense Inc., (“Medipense” or “we” or “our”) with regard to personal information collected by us from you. Your privacy is important to Medipense. We developed this Policy so you know how we collect, use, disclose, transfer and store your information. Please read through this Policy to familiarize yourself with our privacy practices. If you have any questions, please let us know by emailing us or by sending a letter to the address set forth at the end of this Policy.
Table of Contents
- What information do we collect?
- What do we use your information for?
- Do we disclose any information to outside parties?
- What security measures have we implemented?
- Childrens Online Privacy Protection Act Compliance
- Personal Information Protection and Electronic Documents Act (PIPEDA or the PIPED Act)
- Health Insurance Portability and Accountability Act (HIPAA)
- General Data Protection Regulation (“GDPR”) (EU)
- Your Consent
- How to update or delete your data
- Contacting Us
- Face-to-face, phone, email, chat, video conference, mail or other business interactions with our customers, vendors or other businesses interested in our products and services.
What information do we collect?
We collect information from you when you register on our site, use our products or services, place an order, subscribe to our newsletter, respond to a survey or fill out a form.
When ordering or registering on our site, as appropriate, you may be asked to enter your: name, e-mail address, mailing address, phone number, business or other information as necessary to operate our site, software or products.
We may record the following information:
- Email address and password (Registration Information),
- Name, billing address, shipping address (Billing Information),
- Birth date, gender, height, weight, affiliation (Profile Information),
- Data sharing permissions with other accounts (Permissions Information),
- Health data such as prescription information, medical conditions, allergies, caregivers and health care providers. Body metrics such as cardiac activity, breathing activity, movement activity, manual annotations, and others, and information and statistics based on these measurements (Activity Information).
All personally identifiable information and associated medical information is subject to PIPEDA, HIPAA and GDPR as described below.
What do we use your information for?
Any of the information we collect from you may be used in one of the following ways:
- To improve our website
We continually strive to improve our website offerings based on the information and feedback we receive from you
- To improve customer service
Your information helps us to more effectively respond to your customer service requests and support needs
- To process transactions
Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested.
- To administer a contest, promotion, survey or other site feature
- To send periodic emails
The email address you provide for order processing, may be used to send you information and updates pertaining to your order, in addition to receiving occasional company news, updates, related product or service information, etc.
Note: If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.
- To assist in your care or treatment
Share information with your health care provider, family, close friends, or others involved in your care.
- To operate our software and products
The information you provide or allow us to access on your behalf, may contain information such as medications, dosage, medical conditions, schedules, timing and other personal health data which is required to properly program and dispense your medications at the specified time.
Do we disclose any information to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable information may be provided to other parties for marketing, advertising, or other uses.
What Security Measures Have We Implemented?
We take serous measures to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. All web access, our web site, APIs and web portal all use Secure Sockets Layer (SSL) software, which encrypts information you input, to protect information you submit via our Services. In addition, all data and images stored online via the RxPense are encrypted at rest.
Medipense’s products use biometric, RFID and password authentication schemes.
Our security measures are only as good as you are in ensuring privacy. It is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when finished using a shared computer.
Childrens Online Privacy Protection Act Compliance
We are in compliance with the requirements of COPPA (Childrens Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.
Personal Information Protection and Electronic Documents Act (PIPEDA or the PIPED Act)
We are in compliance with the law concerning privacy of your information. In Canada, we are governed by PIPEDA, an overview of which and how we are establishing company policy and compliance can be downloaded here.
The law gives individuals the right to
- know why an organization collects, uses or discloses their personal information;
- expect an organization to collect, use or disclose their personal information reasonably and appropriately, and not use the information for any purpose other than that to which they have consented;
- know who in the organization is responsible for protecting their personal information;
- expect an organization to protect their personal information by taking appropriate security measures;
- expect the personal information an organization holds about them to be accurate, complete and up-to-date;
- obtain access to their personal information and ask for corrections if necessary; and
- complain about how an organization handles their personal information if they feel their privacy rights have not been respected.
The law requires organizations to
- obtain consent when they collect, use or disclose their personal information;
- supply an individual with a product or a service even if they refuse consent for the collection, use or disclosure of your personal information unless that information is essential to the transaction;
- collect information by fair and lawful means; and
- have personal information policies that are clear, understandable and readily available.
Health Insurance Portability and Accountability Act (HIPAA)
In the USA, Medipense is compliant with HIPAA and takes all measures available to protect your data. To download a copy of our HIPAA policy: Medipense-HIPAA-Compliance-Notice-2018.
General Data Protection Regulation (“GDPR”) (EU)
How to update or delete your data
You can ask us to correct health information about you that you think is incorrect or incomplete. You can always update or delete any medical information yourself by logging into your account. Ask us how to do this.
You may ask us to delete your medical and personal information, including your account. We will comply with the understanding that you may no longer be able to use our products or services. Due to legal or government requirements, we may have to maintain an archived copy of your data along with any transaction records for a fixed period of time.
Policy revised: 24 MAY 2018