Last Updated: October 25, 2022.
Effective Date: November 1, 2022.
We take the protection of your privacy and personal information very seriously and are committed to protecting your personal, confidential, and otherwise sensitive information. RepeatMD aspires to conduct business and process your Personal Information in accordance with all applicable data protection legislation, in all markets within which RepeatMD operates.
INFORMATION WE COLLECT
When you interact with us through the Services, we may collect information from and about you. You may interact with us directly, such as when you sign up for a RepeatMD account through the Site or App, as well as indirectly, such as when you sign up for a RepeatMD account through our Platform operated by one of our Rewards Providers or otherwise interact with one of our Rewards Providers.
- Identifiers (e.g., name, address, username, IP address, email address);
- Protected information (e.g., gender, race, citizenship, marital status);
- Biometric information (e.g., photograph, health data), and audio, electronic, visual, thermal, olfactory, or similar information;
- Commercial information (e.g., products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies);
- Employment-related information (e.g., work history, work authorizations);
- Non-public educational information, including information protected under the U.S. Family Educational Rights and Privacy Act (“FERPA”);
- Internet activity (e.g., interactions with a website, content, or advertisement);
- Inferences drawn from Personal Information to create a profile about preferences, characteristics, trends, predispositions, behavior, attitudes, and aptitudes;
- Sensitive Personal Information (e.g., social security, insurance or government ID number; precise geolocation; racial or ethnic origin; biometrics; union membership; contents of messages when we are not the recipient; as well as protected health information, personal health information, PHI, EPHI, and similar terms of art, each as defined under applicable health privacy laws; and other health information generally).
Personal Information does not include: (i) publicly available information as prescribed by applicable privacy and data protection laws; (ii) aggregate information, meaning data about a group or category of services or users from which individual identities and other Personal Information has been removed; or (iii) deidentified information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular consumer. Any de-identified information within RepeatMD’s control will not be used by us, either alone or in combination with other information, to identify a specific individual.
Information You Provide
We collect information from you when you voluntarily provide it, such as when you register for access to the Services and create an account, use certain Services, contact us with inquiries or respond to one of our surveys. For example, we may collect your name, phone number, email address, birthdate, location information, Third-Party Service (defined below) login credentials, other information (such as your name and online activity) based on your registration and privacy settings on those Third-Party Services, and the messages you send or receive through the Services.
We will not collect information related to your transaction at one of our Rewards Providers, including your receipt, payment card slip, bill, and order ticket data (which may include the items purchased and their purchase price) from point of sale (“POS”) devices used by Rewards Providers.
Information Automatically Collected
When you interact with the Services, we also may use various technologies, including cookies, web beacons, pixel tags, log files, local shared objects (Flash cookies), HTML5 cookies, or other tracking technologies, to automatically collect certain general user data and information, including aggregate measures of the Services’ use and aggregate technical and other data about your use of the Services that does not personally identify you.
RepeatMD may use this data to analyze, improve, support and operate the Services, for distribution in general benchmarking data and industry and/or other usage and demographic reports, and other business purposes. For example, we may track the total number of visitors or users of the Services, the number of visitors to each page of our Site or App, the domain names of our visitors’ Internet service providers, and how end user customers use and interact with the Services.
We may also remove your Personal Information from POS device data and aggregate it with other anonymous data, pool and/or combine aggregated data with other information, and share aggregated data with Rewards Providers, its affiliates, service providers, agents and business partners. RepeatMD may also disclose aggregated data to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.
Tracking Options and California Do Not Track Disclosures
Our cookies and other tracking technologies help provide additional functionality to the Services and help us analyze Services usage more accurately. For instance, our Services may set a cookie on your browser that saves your login credentials. You can set your browser or operating system settings to limit certain tracking or to decline cookies, but by doing so, you may not be able to use certain Service features. Please refer to your web browser’s or operating system’s website or “Help” section for more information on how to delete and/or disable your browser or operating system from receiving cookies or controlling your tracking preferences.
Combination of Information & Collected from Third-Party Services
We may combine the information we receive from or about you, including information you provide to us and information we automatically collect through the Services, as well as information across other computers or devices that you use, with information we collect or receive about you from other online and offline sources, or from other third party sources.
In addition, one of the special features of the Services is that they allow you to integrate various online third-party services, such as social media and social networking services (“Third-Party Services”), directly into your RepeatMD experience. To take advantage of this feature, we will ask you to provide us your username and password for the relevant Third-Party Services. By enabling such Third-Party Services, you are allowing us to pass your log-in information to these services for this purpose. When you add a Third-Party Service account to the Services, we will collect your login information and other relevant information necessary to enable the Services to access that Third-Party Service and your data contained within that Third-Party Service. However, please remember that the Third-Party Services may use, store and disclose your information differently, as described in their policies, and RepeatMD shall have no liability or responsibility for the privacy practices or other actions of any Third-Party Service.
Repeat MD may also use your information for the following purposes:
- To supply Services to you purchased via the Site, and to process your payments;
- For statistical purposes and analysis for management purposes in order to administer the Site and improve our Services;
- Internal record keeping, and administrative purposes, and to inform you about our events, Services, or other related information that we think would be of interested to you;
- To communicate marketing messages, newsletters, and details of our business;
- To manage the recruitment process, assess and confirm a candidate’s suitability for employment, and decide to whom to offer a job.
- Provide, maintain, and improve the Services;
- Personalize the User experience and provide support;
- Send you support and administrative messages;
- Monitor your compliance with any of your agreements with us;
- Detect, investigate, and prevent fraudulent transactions and other illegal activities and protect the rights and property of RepeatMD or others;
- Comply with applicable laws, regulations, legal processes or court orders;
- If we believe it is necessary, to identify, contact, or bring legal action against persons who may be causing injury to you, to us, or to others; or
- Fulfill any other purpose to which you consent.
RepeatMD and its subsidiaries and affiliates (the “Related Companies”) may also use the information collected from and about you through the Services to help us improve the content and functionality of the Services, to better understand our users, and to improve the RepeatMD Services. RepeatMD and its Related Companies may use this information to contact you in the future to tell you about services we believe will be of interest to you. RepeatMD may also use your information in other ways, with your consent or as disclosed to you at the time of collection.
RepeatMD retains all Personal Information collected through the Services for as long as required to fulfill the purpose for which it was collected. RepeatMD retention periods are determined by the regulations or policies that apply to the Users of a given Service. This means in some cases RepeatMD may be required to retain Personal Information for a specified period or indefinitely, unless or until an individual User requests that RepeatMD delete some or all of their Personal Information. This retention policy is necessary to enable RepeatMD to serve as a secure repository of information required for Users to work or participate in programs in healthcare settings.
RepeatMD is not in the business of selling your Personal Information. We consider personal information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your information with certain third parties without further notice to you, as set forth below:
- Rewards Providers: To the extent you have obtained or redeemed a reward offered by a Rewards Provider, added a Rewards Provider as a membership to your account, made a purchase at or through a Rewards Provider, or otherwise participated in any other activity sponsored or offered on behalf of the Rewards Provider, we may provide your information to such Rewards Providers (a) for the Rewards Provider to redeem and validate your reward, send you customized offers, troubleshoot redemption, combat fraud and otherwise communicate with you; (b) as part of legal proceedings affecting RepeatMD or the Rewards Provider; or (c) to send you marketing information or otherwise facilitate a direct relationship between the Rewards Provider and you.
- Agents, Consultants and Related Third Parties: RepeatMD, like many businesses, sometimes hires agents or service providers to perform certain business-related functions. Examples of such functions include maintaining databases, sending emails and SMS messages, offering and developing certain features of the Services, and performing maintenance and security. When we employ an agent or service provider to perform a function of this nature, we only provide them with the information that they need to perform their specific function. We also disclose automatically collected data (card scans, promotional activities, and redemption information) to our Rewards Providers, third-party ad servers, and third-party advertisers. These third parties may match this data with information that they have previously collected about you under their own privacy policies.
- Legal Requirements: RepeatMD may disclose your information if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation or assist government enforcement agencies, (ii) protect and defend the rights or property of RepeatMD, Rewards Providers, or our users, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, (iv) protect against legal liability; (v) protect Rewards Providers from fraudulent, abusive, or unlawful uses; or (vi) protect the security or integrity of the Services.
YOUR CHOICES AND OPT-OUTS
We do not share your personal information with other third-party organizations for their marketing or promotional uses without your consent except as part of a specific program or feature for which we will provide the ability to opt out. The Services will automatically send you SMS messages with updates and other information. You may stop receiving SMS messages by replying STOP or OFF in response to any received SMS message. You may also opt-out of receiving SMS messages on the RepeatMD website. If you opt-out of receiving SMS messages, you may not be able to use certain Services. If you do not want to receive marketing emails from us, click the unsubscribe link in the footer of such emails.
YOUR PRIVACY RIGHTS
Controlling Your Personal Information
RepeatMD provides you with options to control the Personal Information we hold about you and how we use it directly through our Services:
- Your Account: Registered users can change or delete certain Personal Information in their accounts at any time by signing into the Services and editing information or changing settings. Please contact your provider if you wish to change Personal Information on your account but are not able to do so yourself. Because RepeatMD serves as an information repository for Providers, we may be unable to delete your Personal Information as part of our obligations to meet our legal or contractual requirements.
- Do Not Track: Do Not Track signals are signals sent through a browser informing us that you do not want to be tracked. Currently, our systems do not recognize browser “do-not-track” requests. If this changes in the future, we will update this Privacy Statement.
Depending on where you reside, you may have additional privacy rights or be entitled to additional controls over your Personal Information. Please see our supplemental notices specific to residents of California and Canada.
YOUR CALIFORNIA PRIVACY RIGHTS
This section provides residents of the State of California (“California Consumers”) with the disclosures and notices required under the California Consumer Privacy Act of 2018, as amended (“CCPA”). The following paragraphs apply solely to California Consumers and describe the specific rights afforded under the CCPA.
In many cases, RepeatMD collects Personal Information about you in a business-to-business context or as part of your employment with a Provider. Please note that Personal Information collected and used in this context is not protected under the CCPA.
California Consumers may exercise the following rights over their Personal Information, subject to any exceptions and limitations that may apply:
- Right to Know. You have the right to request that we disclose information to you about our collection and use of your Personal Information, such as: (i) categories of Personal Information we have collected about you; (ii) categories of sources for the Personal Information we have collected about you; (iii) our business or commercial purpose for collecting, selling, or sharing your Personal Information; (iv) categories of third parties with whom we disclose your Personal Information; and (v) a list of specific pieces of Personal Information we have collected about you. If a business sells or shares your Personal Information, you also have the right to request disclosure of the categories of your Personal Information sold or shared and the categories of third parties to whom that Personal information was sold or shared, as well as the categories of Personal information disclosed for a business purpose and the categories of recipients of that information. RepeatMD is only required to respond to two disclosure requests from you within a 12-month period.
- Right to Access. You have the right to request that we provide you with access to specific pieces of Personal Information we have collected about you (also called a data portability request). If you submit a right to access request, we will provide you with copies of the requested Personal Information in a portable and readily usable format. Please note that RepeatMD may be prohibited by law from disclosing copies of certain Personal Information when the disclosure would create a substantial, articulable, and unreasonable risk to the security of the information, our systems, or your account. In some cases, your access may be limited to Personal Information collected over the preceding 12-months. We are only required by law to respond to two access requests from you within a 12-month period. If you discover that we maintain inaccurate Personal Information about you, or if your Personal Information changes, please inform us and we will update our records Right to Correct to reflect the correct information.
- Right to Deletion. You have the right to request that we delete Personal Information that we collected from you and retained, with certain exceptions. Requests to delete may be denied to comply with regulatory or contractual requirements, or subject to other legal exceptions or limitations. If we grant your request, we will permanently delete, deidentify, or aggregate the Personal Information. We will confirm the Personal Information to be deleted prior to its deletion, and we will notify you when your request is complete.
- No Selling or Sharing Personal Information. RepeatMD does not sell your Personal Information to any third parties or share your Personal Information with third parties for cross-contextual behavioral advertising purposes. If this changes in the future, we will update this Privacy Statement and provide you with a method to opt-out of such sale and sharing.
- Limited Use and Disclosure of Sensitive Personal Information. RepeatMD does not use or disclose sensitive Personal Information for the purpose of inferring characteristics about any consumer. If this ever changes in the future, we will update this Privacy Statement and provide you with methods to limit use and disclosure of Sensitive Personal Information. However, we have no control over whether a given Provider may use or disclose a registered user’s sensitive Personal information for any particular purpose. Please direct any questions about your sensitive Personal Information to the respective provider.
- Right to Nondiscrimination. We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by law, we will not: (i) deny you goods or services; (ii) charge you different prices or rates for goods or services; (iii) provide you a different level or quality of goods or services; or (iv) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services, because you exercised a right under the CCPA.
- Right to Disclosure of Marketing Information. Under California’s Shine the Light Act (Ca. Civ. Code § 1798.83-1798.84), California Consumers are entitled to request certain disclosures about Personal Information sharing with affiliates and/or third parties for marketing purposes. Please contact us if you wish to obtain these disclosures.
California Consumers may exercise these rights over their Personal Information by contacting their provider or by sending RepeatMD a request to firstname.lastname@example.org, subject to any exceptions and limitations that may apply.
Children:RepeatMD does not direct the Services to, nor does it not knowingly collect Personal Information from children under the age of 13. If we learn that a child under the age of 13 has provided personally identifiable information to RepeatMD through the Services, we will endeavor to delete that information from our databases.
RepeatMD takes reasonable steps to protect the information provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet, email, mobile or other electronic transmission is ever fully secure or error free, so you should take special care in deciding what information you provide. It is your responsibility to keep your account secure from unauthorized access. We encourage you to take steps to protect against unauthorized access to your account, such as choosing a robust password, keeping the password private, and signing off after using a shared computer or other device. RepeatMD is not responsible for any lost, stolen, or compromised passwords, or any unauthorized activity on your account.
ACCESS TO INFORMATION; CONTACTING US
You may request, by contacting us as specified below, that we update or correct certain information that you have provided to us through the Services. We will take reasonable steps to honor your request. You may also update or correct certain information associated with your account, and you are responsible for maintaining the accuracy of this information.