PRIVACY POLICY

Med Dept’s mission is for everyone to have swift and affordable quality medical supplies regardless of geography.

This Privacy Policy describes how we collect, use, disclose and otherwise process personal information we obtain in connection with the services we provide, including through our website and mobile applications (collectively “Site”) that link to this Privacy Policy.


The Privacy Policy is part of our Terms of Service. When you use our services and this Site you accept and agree to both the Terms of Service and to the Privacy Policy. If you do not agree to be bound to the Privacy Policy you should stop using the Services and this Site immediately or cease to provide the Services, as applicable. By accessing and using our platform or providing the Services, as applicable, you affirm that you have read the Terms of Service and the Privacy Policy and that you understand, agree to and acknowledge all the terms contained in both of them.

Please note that some of the services we provide are governed by the Health Insurance Portability and Accountability Act (“HIPAA”). When we provide services covered by HIPAA, you will receive a separate HIPAA privacy notice (“Notice of Privacy Practices”), which will govern the collection, use and disclosure of your protected health information. To the extent there are inconsistencies between the Notice of Privacy Practices you receive and this Privacy Policy, the Notice of Privacy Practices will govern.


Personal Information We Collect

We collect personal information from our program participants, family members, and caregivers, as well as the participants’ care teams, which may consist of physicians, other health care professionals, and support personnel. These individuals may provide information about themselves (e.g., patients who sign up to participate) as well as about each other (e.g., physicians who provide information about program participants).

This information may include:

· Health and medical information, such as medical insurance details, information about physical and mental health conditions and diagnoses, treatments for medical conditions, genetic information, family medical history, and medications an individual may take, including the dosage, timing, and frequency

· Personal and business contact information and preferences, such as name, email address, mailing address, phone number, and emergency contact information

· Biographical and demographic information, such as date of birth, age, gender, marital status, and information regarding any parents or legal guardians

· Audio and video feed, when you engage in Med Dept’s telemedicine services. We may record your audio and video conversations for quality and training purposes, and to advance and optimize the telemedicine program

· Transaction information, such as information about payments to and from you and other details of products or services you have purchased from us

· Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online

· Other information you provide to us, such as in emails, on phone calls, or in other correspondence with Med Dept or its service providers.

We and our service providers may use cookies, browser web storage (also known as locally stored objects, or "LSOs"), web beacons, and similar technologies to automatically collect information about your interaction with our services through your computer or mobile device, including:

· Device data, such as your computer or mobile device operating system type and version number, manufacturer and model, device identifier, browser type, screen resolution, IP address, and general location information such as city, state or geographic area; and

· Online activity data, such as the website you visited before browsing to our website, and information about your use of and actions on our websites and mobile apps, including pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access, and how you respond to emails we send you. We may track certain actions you take on the Site such as the content of searches performed on the Site and information that you enter into the Site (e.g. your name and email address when signing up for an email newsletter, requesting more information about us and our Services, etc.).

· Analytics. We may use tools such as Google Analytics, AppsFlyer and Mixpanel to help analyze how individuals use the Site. Such third parties may use Cookies, APIs, and SDKs in our services to enable them to collect and analyze user and device related data and information on our behalf. Google Analytics, AppsFlyer, and Mixpanel use Cookies to collect information such as how often users visit the Site, what pages they visit, and what other sites they used prior to coming to the Site. We use the information we get to improve our Site and Services. Although Google Analytics plants a persistent Cookie on your web browser to identify you as a unique user the next time you visit the Site, the Cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to the Site is restricted by the Google Analytics Terms of Service and the Google Privacy Policy. You may prevent your data from being used by Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout/. Mixpanel’s ability to use and share information it collects about your visits to the Site is restricted by the Mixpanel Terms of Service located at https://mixpanel.com/terms/ and the Mixpanel Privacy Policy located at https://mixpanel.com/privacy/. You can opt-out of Mixpanel’s automatic retention of data collected through your browsers while on our Site by clicking on this link https://mixpanel.com/optout/. To track opt-outs, Mixpanel uses a persistent opt-out Cookie placed on your devices. You can find out the types of information AppsFlyer collects and how you can opt-out of AppsFlyer by visiting its website: https://www.appsflyer.com/optout or by emailing privacy@appsflyer.com.

See: Cookie Policy


How We Use Your Personal Information

We use your personal information for the following purposes:

To provide you the services described in Terms of Service, including to:

· Establish and maintain your account

· Facilitate your interaction with peers, coaches, health care professionals and others, at your request

· Provide information about our services through announcements, updates, security alerts, and support and administrative messages

· Enable the services’ security features, such as two-factor authentication

· Understand your needs and interests, and personalize your experience with the services and our communications

· Provide support and maintenance for the services, analyze and improve our services and to develop new products and services

· To respond to your requests, questions and feedback

For research and public health purposes. We may use your personal information for research and public health initiatives, including to prepare for symposia, research publications, conferences, and scientific and educational events. In connection with this research, we will not disclose your name or contact details.

To comply with law. We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

For compliance, fraud prevention, and safety. We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the services; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

With your consent. We may offer you opportunities to opt in to allow us to collect, use and share your information for other purposes, and we will do so only if you opt in.


How We Share Your Personal Information

Affiliates. We may share your personal information with our corporate parent, subsidiaries, and affiliates that are involved in providing the services to you, such as Med Dept .

Service providers. We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate the services (such as customer support, hosting, analytics, email delivery, and database management services). These third parties may use your personal information only as directed or authorized by us and in a manner consistent with this Privacy Policy, and are prohibited from using or disclosing your information for any other purpose.

Clinical research organizations, healthcare organizations or healthcare providers, researchers, institutions, and publishers for the research and public health purposes described above. We will not disclose your name or contact details to these organizations.

Your family members, caregivers, and care team. By participating in our programs, you direct us to share some of your information with your family members, caregivers, and care team. For example, they may be able to view the contents of your monitoring history, treatment outcomes, and other information contained within the services. Your care team may obtain the information about you through the services and store it in their own systems. The services may permit your care team to see the names and other identifying information about your other health care providers and their organizations to facilitate collaborative care.

Your insurance provider. When you participate in programs sponsored by your insurance provider, you also direct us to provide certain information about your use of our services to the insurance provider, including engagement and outcome metrics. We may also provide some of your information to confirm your eligibility for our services.

Third-party platforms. By enabling features or functionality that connect your account to a third-party platform (such as by logging in to the website or mobile application using your account with the third-party, providing your API key or similar access token for the services to a third-party, or otherwise linking your account with the services to a third-party’s services), you chose to disclose certain of your personal information with those platforms. We do not control the third party’s use of your personal information.

Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.

Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. In such a case, we will make reasonable efforts to require the recipient to honor this Privacy Policy.

With your consent. We may offer you opportunities to opt in to allow us to collect, use and share your information for other purposes, and we will do so only if you opt in.


Your Choices

Access or update your information. If you have registered to use our services, you may review and update certain personal information in your account profile by logging into the account or emailing us customerservice@themeddept.com.

Cookies and browser web storage. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the services may not work properly. Similarly, your browser settings may allow you to clear your browser web storage.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.


Security

Med Dept maintains organizational, technical and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information we maintain. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee the security of personal information. In the event that Med Dept is required to notify you about a situation involving your data, we may do so by email or telephone to the extent permitted by law.


Data Retention

Med Dept retains personal information for as long as necessary to (a) provide our services; (b) comply with legal obligations; (c) resolve disputes; and (d) enforce the terms of customer agreements.

Data Deletion

You may request deletion of your personal information by us, however, we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete personal information, it will be deleted from the active database, but may remain in our archives (subject to applicable law) and we may also retain anonymous information about your use of our services. Once we disclose some of your personal information to third parties, we may not be able to access that personal information any longer and cannot force the deletion or modification of any such information by the parties to whom we have made those disclosures. After we delete personal information, we may retain de-identified information and will continue to use de-identified information as permitted under this Privacy Policy.


Creation of Anonymous Data for Analytics

We may create anonymous data from personal information by excluding information that makes the data personally identifiable, and use that anonymous data for our lawful business purposes. We de-identify any patient data in accordance with applicable HIPAA requirements.


Children

If we have obtained consent from a parent or legal guardian, Med Dept may collect, use, and disclose the personal information of a child under 13 as described throughout this Privacy Policy. Parents or legal guardians may contact us to ask if we have collected their child's personal information, to review or correct that information, and to request that Med Dept stop collecting this information or have it deleted. Such requests are subject to Med Dept verifying to our satisfaction that the requester is in fact the child's parent or legal guardian.


Job Applicants

When you visit the “Careers” portion of our website, we collect the information that you provide to us in connection with your job application. This includes business and personal contact information, professional credentials and skills, educational and work history, and other information of the type that may be included in a resume. This may also include diversity information that you voluntarily provide. We use this information to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics. We may also use this information to provide improved administration of the website, and as otherwise necessary (a) to comply with relevant laws or to respond to subpoenas or warrants served on Med Dept ; (b) to protect and defend the rights or property of Med Dept or others; (c) in connection with a legal investigation; and/or (d) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or Med Dept Terms of Use.


International Data Transfers

Med Dept is headquartered in the United States and has affiliates and service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction.


Other Sites and Services

For your convenience and information, we may provide links to websites and other third-party content that is not owned or operated by Med Dept. These links are not an endorsement, authorization or representation that we are affiliated with that third party. We do not exercise control over third party websites or services, and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use.

Non-Discrimination

Med Dept will not discriminate against you for exercising your privacy rights as set forth herein. If you choose to exercise your privacy rights, you will not receive discriminatory treatment or a lesser degree of service from us.


Changes to this Privacy Policy

We may update our Privacy Policy from time to time by posting a new version online or within our application. You should check this page occasionally to review any changes. If we make material changes to this Privacy Policy, we will notify you by email, in-app notification, a notice on this website or another method that we believe is reasonably likely to reach you.


NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Med Dept and its associated professional entities (collectively “Med Dept ”) is committed to obtaining, maintaining, using and disclosing your protected health information (“PHI”) in a manner that protects your privacy. We urge you to read this Notice of Privacy Practices (this “Notice”) carefully in order to understand both our commitment to the privacy of your PHI and your rights.

Med Dept is required by law to maintain the privacy of your PHI and to provide you with a notice of our legal duties and privacy practices with respect to PHI. PHI is information about you, including basic demographic information, that may identify you and that relates to your past, present or future physical or mental health condition, treatment or payment for health services. This Notice describes how we may use and disclose your PHI to carry out treatment, payment or health care operations, and for other specified purposes that are permitted or required by law. The Notice also describes your rights with respect to your PHI.

Med Dept reserves the right to amend this Notice from time to time. When material changes are made, Med Dept will promptly post the updated Notice on the Med Dept website at www.themeddept.com, and provide a copy to you at your request. Med Dept is required to abide by the terms of the Notice currently in effect.

I. Uses and Disclosures of Your Information

Med Dept may use or disclose your PHI for the following purposes:

· Treatment. Med Dept may use or disclose your PHI for purposes of providing your medical treatment. For example, we may disclose your PHI to your primary care physician if needed in order to coordinate your medical care.

· Payment. Med Dept may use or disclose your PHI for purposes of billing and collecting payment for our services. For example, we may disclose your PHI to your health plan in order to obtain payment for our services.

· Health Care Operations. Med Dept may use or disclose your PHI to facilitate our health care operations. For example, we may review your PHI internally as part of an audit to confirm the quality of services being delivered to our patients.

· As Required by Law. Med Dept may use or disclose your PHI if required to do so by federal or state law.

· Disclosures to your Representative and/or Individuals Involved in Your Care. Med Dept may disclose your PHI to your family members who are involved in your care, including those who are responsible for paying for your care. Med Dept may also disclose your PHI to your personal representative, as established under applicable law or to an administrator or authorized individual associated with your estate.

· Disclosures to Business Associates. Med Dept may disclose your PHI to certain of our service providers that have agreed to maintain the privacy and security thereof. For example, we may disclose your PHI to Med Dept Inc., which provides administrative support services to Med Dept .

· De-Identification of PHI. Med Dept may de-identify your PHI, meaning that Med Dept would remove all identifying features as determined by law to make it extremely unlikely that the information could identify you. De-identified information no longer qualifies as PHI, meaning that Med Dept may use and disclose it for purposes not set forth in this Notice.

Med Dept may also use or disclose your PHI in other ways as permitted by law. Generally, these are ways that serve the public health and/or research. Specifically:

· Med Dept may use or disclose your PHI as needed to assist with public health and safety issues and may disclose your PHI to law enforcement officials when needed, to health oversight agencies for authorized activities and for special government functions including national security needs.

· Med Dept may disclose your PHI as needed to organ procurement organizations, medical examiners and funeral directors in the event of an individual’s death.

· Med Dept may use or disclose your PHI to address workers’ compensation claims.

· Med Dept may use or disclose your PHI in response to a court or administrative order, or in response to a subpoena.

Uses and disclosures of PHI for purposes other than those described above, including for marketing purposes and disclosures that would constitute the sale of PHI, will not be made in the absence of a written authorization signed by you or your personal representative. Once you sign an authorization, you may revoke it by contacting Med Dept at customerservice@themeddept.com. However, any use or disclosure of your PHI already taken in reliance on your authorization prior to your revocation cannot be reversed.

II. Your Rights Regarding Your PHI

You have the following rights with respect to your PHI:

· You have the right to request restrictions on certain uses and disclosures of your PHI. Med Dept will consider every request to restrict uses or disclosures of your PHI and will strive to honor those that are reasonable. However, Med Dept is not legally required to honor each request unless the requested restriction involves a disclosure not required by law to a health plan for purposes of payment or health care operations, and you have paid for the applicable services in full, out of pocket. With respect to any requested restriction, if Med Dept agrees to honor it, we will document such restriction and continue to abide by it.

· You have the right to receive confidential communications of your PHI from Med Dept Specifically, you may request that Med Dept communicate with you about your PHI using a specific means, phone number or address. Med Dept will accommodate reasonable requests regarding confidential communications of your PHI.

· Subject to applicable state law, you have the right to inspect and copy your PHI. You also have the right to access and receive your PHI electronically if readily producible in such format.

· You have the right to correct or update your PHI. If you believe that there is an error in your PHI, you may request that Med Dept update it as appropriate.

· You have the right to receive an accounting of certain disclosures of your PHI made by Med Dept . Upon receipt of such request, Med Dept will provide you with a list of disclosures made by Med Dept in the prior six (6) years, not including certain types of disclosures such as, by way of example only, those made directly to you or pursuant to your written authorization.

· You have the right to obtain a paper copy of this Notice upon request.

To exercise any of these rights, please send written communication to Med Dept at customerservice@themeddept.com.

III. Breach Notification

Med Dept is required by law to notify you in the event that your PHI is subject to a security breach unless Med Dept reasonably determines that, after fully investigating the situation and assessing the risk presented, there is a low probability that the privacy or security of your PHI has been compromised. You will be notified without unreasonable delay and in no event later than sixty (60) days following discovery of the security breach. Such notification will include information about the security breach, including steps that Med Dept has taken to mitigate potential harm, and a contact person to whom you may address additional questions.

IV. Questions, Comments or Complaints

If you have any questions or comments about this Notice, or if you have any complaints about Med Dept privacy practices, please contact us at customerservice@themeddept.com. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services. Med Dept will not retaliate against you for filing a complaint.

Contact Us

If you have any questions or concerns at all about our Privacy Policy, please contact us at:

351 S Cypress Rd Ste 317, Pompano Beach FL 33060

or

customerservice@themeddept.com.

Last Updated and Effective: January 24, 2022