OptimizeRx Corporation (hereinafter collectively referred to as the "Company," "we," "us" or "our") provides a software platform to help patients, the patient's caregiver family and friends, and medical workers improve the patient's medical therapy outcomes. As such personal data is very important to the company, and we respect and protect an individual's privacy.
"Personal Information" or "Information" means information that (1) is transferred from the EU to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.
"Sensitive Personal Information' means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual's health.
Company shall inform an individual of the purpose for which it collects and uses the Personal Information and the types of non-agent third parties to which the Company discloses or may disclose that Information. Company shall provide the individual with the choice and means for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to the Company, or as soon as practicable thereafter, and in any event before the Company uses or discloses the Information for a purpose other than for which it was originally collected.
The Company will offer individuals the opportunity to choose (opt out) whether their Personal Information is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, the Company will give individuals the opportunity to affirmatively or explicitly (opt out) consent to the disclosure of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Company shall treat Sensitive Personal Information received from an individual the same as the individual would treat and identify it as Sensitive Personal Information.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to firstname.lastname@example.org
When signing up for the Company services, the users do so by providing their mobile phone number in order to communicate with the Company system via two-way text messaging. In doing so, the user is providing mobile phone carriers, and sms aggregator services access to the personal information exchanged via two-way text messaging. Users who do not wish to have their personal information disclosed to these third parties, will be advised at sign up, not to sign up for the service.
In order to provide its services to users, the Company receives technical support services from its wholly owned subsidiary CareSpeak Communications d.o.o., located in Zagreb, Croatia (EU), which may have access to the users' personal information during their regular technical support activities. Company shall ensure that any third party for which Personal Information may be disclosed subscribes to the Principles or are subject to law providing the same level of privacy protection as is required by the Principles and agree in writing to provide an adequate level of privacy protection.
OptimizeRx Corporation's accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, OptimizeRx Corporation remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless OptimizeRx Corporation proves that it is not responsible for the event giving rise to the damage.
Company shall take reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Company has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Company cannot guarantee the security of Information on or transmitted via the Internet.
Company shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, Company shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.
Users have the right to request from the Company (a) access to a secure web portal containing their personal information to allow the individual to correct, amend or delete inaccurate information changes to their personal data (e.g. phone number, name, etc.), and/or (b) that their account be terminated and that all their personally identifiable data be permanently deleted, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.
Pursuant to the Privacy Shield Frameworks, EU individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to email@example.com. If requested to remove data, we will respond within a reasonable timeframe.
In order to deliver the appropriate service(s) to the patient, the Company may collect the following data for the purposes listed:
1 An "event date" may be a procedure date, a start of therapy date, a hospital discharge date, and any other even that may be relevant in a patient’s medical therapy treatment and or other personal communications purposes
In order to provide patients, their caregivers, clinicians and program sponsors with the desired services, the Company has to rely on the following third parties:
The Company does not disclose user personal data, in ways other than described in this document. The Company is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Attn: Privacy Officer
400 Water Street, Suite 200
Rochester, MI 48307
OptimizeRx Corporation has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction