Welcome to MDsave, a website available at www.mdsave.com (the “Site”). The Site and related services (collectively, the “Services”) are owned and operated by MDSave Inc (“MDsave”, “we”, “us,” or “our”). We have developed this Privacy Policy to inform our users (“user(s),” “you,” or “your”) about how we collect data through our Services, how we use the collected data, and a user’s rights with respect to the collected data.

MDsave is hosted and operated in the United States. If you use the Services from outside the United States, please be aware that the information you provide to us is transmitted to, processed, and stored in the United States. Data will be collected, processed, maintained, and used subject to this Privacy Policy and applicable privacy laws in the United States and in the European Economic Area (the “EEA” and citizens thereof referred to herein as “Data Subjects”). These laws may be different from the privacy laws in your country. However, this does not change our commitments to safeguard your privacy, and we will comply with all applicable laws relating to the cross-border transfer of your Personal Data (as that term is described below).

Please read this Privacy Policy carefully. If you do not agree to be bound by this Privacy Policy, then do not access or use the Services. By accessing and/or using the Services, you accept and agree to be bound by this Privacy Policy and our Terms of Use, which are hereby incorporated by reference.

If you have any questions about this Privacy Policy, please contact us at [Insert hyperlink/e-mail address] or at the contact information below.

1. Data We Collect

When you use the Site, we collect and process the following types of information:

Information We Collect about You

We collect information about your use of our Services, including but not limited to your Internet connections, computer equipment, web browsers, sites visited before using or accessing our Site, sites visited after leaving our Site, and other similar information about traffic and usage, as you navigate to, through, and away from our Site(s)). This is called “Non-Personal Data” because it does not identify you, but provides insights to us regarding your use of the Services. Non-Personal Data may become linked to you and/or your account only after you submit certain types of Personal Data to us, e.g. logging into your Site account. This does not apply, however, after you have left our Site.

We also use automated data collection tools, such as Cookies and Web Beacons, to collect certain types of Non-Personal Data. By using our Services, you acknowledge that we use these data collection tools and accept the terms of our Cookie Notification. You can set your browser to reject Cookies, but that may limit your use of some convenience features on the Services. For more information on Cookies and how to control Cookies on your web browser, please see our Cookie Notification.

Web Beacons are tiny graphics with a unique identifier that may be included on our Services for several purposes, including to deliver or communicate with Cookies, to track and measure the performance of our Services, and to monitor how many visitors view our Services. Unlike Cookies, which are stored on the device, Web Beacons are typically embedded invisibly on web pages or in an e-mail.

Log Data refers to certain information about how a user (including both account holders and non-Account holders) uses our Services. Log Data may include information such as a user’s Internet Protocol address, browser type, operating system, the pages or features of our Services to which a User browsed and the time spent on those pages or features, search terms, the links on our Services that a user clicked on, and other statistics.

You may be given the option to receive push notifications while using our Services. In order to serve push notifications, we may need to collect your IP address and a persistent identifier from your device. You can turn off push notifications in your device settings.

Information You Provide

When you register to use our Services, place an order, set up an account, respond to communications (e.g., surveys, requests for feedback), contact us via phone, e-mail, or postal mail, and so on, we will collect certain types of the information you provide to us. This may include your first and last name(s), mailing address, e-mail address, phone number, organization, payment information, geolocation information, and/or your IP address. By using the Services, you may also choose to disclose or provide your communication preferences, your physical location, and your demographic information. This type of data is called “Personal Data” because it can be used to identify you.

When you wish to make a payment to MDsave for our Services, you may choose how you would like to do so. You have the following payment options to choose from:

  1. You may provide your payment information (i.e. credit card number, ccv number, and billing zip code) through our Site, in which case our payment processing service provider, Authorize.net, will then process the payment for us. The only payment information that we retain from you is the billing zip code, last four (4) digits of the payment card, and the card’s expiration date. We then save an identifier token from Authorize.net that we can use to bill the same card on subsequent purchases without requiring you to re-enter your information.
  2. You may also choose instead to be connected to another of our third-party service providers, PayPal. In this case, we neither collect nor store any payment information from you and your payment interactions are entirely through PayPal’s services.
  3. Lastly, you may choose to be connected to our financing partner, CareCredit, who helps us organize monthly payment options for our users. In this case, as well, we neither collect nor store any payment information from you and your payment interactions are entirely through CareCredit's services.

To learn more about these and our other third-party service providers, as well as to see links to their respective privacy policies, please see Section 4 below.

Collectively in this Privacy Policy, Personal Data and Non-Personal Data is referenced as “Data.”

Geolocation Data

You may choose to allow us to access your location by granting the Site access to your location when prompted or through your device’s location services settings. You may change these settings on your device.

When you connect to the Services, we are able to recognize the internet (IP) address of the computer providing you with internet access. Our use of this IP address may be to help diagnose problems with our server or otherwise administer our Services. This IP address may also be used to gather broad demographic information. Your IP address is never associated with you as an individual (unless you have first logged into your account with your personal log-in information) and is never provided to another company or organization.

Third-Party Social Networking Service(s)

Additionally, if you choose to access, visit, and/or use any third-party social networking service(s) that may be integrated with our Service, we may receive your Personal Data and other information about you and your computer, mobile, or other device that you have made available to those social networking services, including information about your contacts on those services. For example, some social networking services allow you to push content from our Service to your contacts or to pull information about your contacts so you can connect with them on or through our Service. Some social networking services also will facilitate your registration for our Service or enhance or personalize your experience on our Service. Your decision to use a social networking service in connection with our Service is voluntary. However, you should make sure you are comfortable with the information your third-party social networking services may make available to our Service by visiting those services’ privacy policies and/or modifying your privacy settings directly with those services.

2. Use of Data

For Legitimate Interests. We do not sell or rent Personal Data to any third parties. We use information collected by clickstream data collection, web pixels, and cookies to store your preferences, improve website navigation, make personalized features and other services available to you, to generate statistical information, monitor and analyze user traffic and usage patterns, monitor and prevent fraud, investigate complaints and potential violations of our policies, to improve the our content and the products, services, materials, and other content that we describe or make available through the Site, and otherwise help administer and improve the Services.

We may identify you from your Personal Data and merge or co-mingle Personal Data and Non-Personal Data, for any lawful business purpose. Where you provide registration information, cookies can also be used to identify you when you log onto the Services or portions of the Services. Except as otherwise stated, we may use information we collect from you for the legitimate business purpose of providing our Services to you, including, but not limited to:

  • to respond to your requests and provide user support;
  • to evaluate and improve the content of our Services;
  • to customize the Services to your preferences;
  • to establish accounts to use the Services;
  • to communicate information and promotional materials to you (where you have not expressed a preference otherwise);
  • to check on your account status and maintain record of activities in connection with your use of the Site;
  • to notify you of any changes to relevant agreements or policies;
  • for research analysis;
  • to enforce our agreements, terms, conditions, and policies;
  • to work with our service providers who perform certain business functions or services on our behalf and who are bound by contractual obligations consistent with this Privacy Policy;
  • to prevent or investigate fraud (or for risk management purposes), or to comply with a legal obligations, court order, or in order to exercise our legal claims or to defend against legal claims;
  • to comply with a legal obligation, a court order, or in order to exercise our legal claims, or to defend against legal claims;
  • to conduct aggregate analysis and develop business intelligence that helps us to enhance, operate, protect, make informed decisions and report on the performances of our Services;
  • to describe our Services to current and prospective business partners and to other third parties for other lawful purposes; and
  • for other purposes identified to you and as requested by you (please note that you have the right to withdraw your consent to such use at any time by contacting us via the contact information below).

With the Consent of a Data Subject within the EEA; or without consent, if a citizen of any other jurisdiction. If you are a Data Subject within the EEA, and we have obtained your consent, we may also use your information in the following ways; and, if you are a citizen of any other jurisdiction, you acknowledge that we may use your information in the following ways:

  • to share your information with our corporate parents, subsidiaries, other affiliated entities, and associated entities only for the purposes described in this Privacy Policy (never for the purpose of selling Data);
  • to send e-mail and postal mail, if you have consented to such use, to provide you with updates and news;
  • to process any request you make;
  • to process any commercial transaction, including but not limited to fulfilling an order or subscription request; and
  • to process your Personal Data as described throughout this Privacy Policy.

Performance of a Contract. If you have agreed to our terms of use, or other terms of service, and you have created an account or initiated a purchase through our Services, we may also use your information:

  • to establish your account to use the Services;
  • to validate your username, e-mail, password, and/or other login credentials;
  • to respond to your requests;
  • to fulfill your purchase(s);
  • to send you e-mail and postal mail supplying you with the most recent service information or to send you information about your order (e.g., order confirmations, shipment notifications, etc.);
  • to notify you of any changes to relevant agreements or policies; and
  • to process your Non-Personal Data as outlined as described throughout this Privacy Policy.

We may use third‐party e‐mail providers to deliver these communications to you. This is an opt-in e-mail program. If you no longer want to receive these e-mail communications, you may opt-out of receiving e-mail communications.

We may, from time to time, invite you to participate in online surveys, such as a post-purchase feedback survey on your experience with our Services. The information requested in these surveys may include, but is not limited to, your opinions, beliefs, insights, ideas, activities, experience, purchase history, and purchase intent regarding products, events, and Services. We use the information collected by these surveys to research market trends, company growth, community needs, etc. Your input will help us to improve customer experience and shape development of our products and Services.

We may anonymize or aggregate Data that we collect from the use of the Services, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access the Services, market trends, and other analysis that we create based on the information we receive from you and other users. If you provide Personal Data through our Services, we may aggregate that Data with other active Data, unless we specify otherwise at the point of collection.

3. How We Share Data

We do not sell or rent Personal Data to marketers or unaffiliated third parties. We do have relationships with trusted third parties, but we will not share any Personal Data that we have collected from or regarding you except as described below:

  • Corporate affiliates, including corporate parents, subsidiaries, other affiliated entities, and associated entities for the purposes described in this Policy which are required to treat the information in accordance with this Privacy Policy;
  • Service providers that help us administer and provide the Services (for example, a web hosting company whose services we use to host our platform). These third-party services providers have access to your Personal Data only for the purpose of performing services on our behalf. We have entered into contractual relationships with these service providers and require them to comply with all applicable data privacy laws and regulations and to use the Data only for the purposes for which it was disclosed. We require that any third-party service providers limit their use of your Data solely to providing services to us and that they maintain the confidentiality, security, and integrity of your Data and not make unauthorized use or disclosure of the Data;
  • Authorized third parties, who are parties directly authorized by you to receive the applicable Data. The use of your Data by an authorized third party is subject to that third party’s privacy policy;
  • Third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), in which case we will require the recipient to use such information in accordance with this Privacy Policy;
  • As we believe necessary: (i) under applicable law; (ii) to enforce applicable terms and conditions; (iii) to protect our rights, privacy, safety or property, and/or that of our affiliates, you, or others; (iv) to detect, prevent, or otherwise address fraud, security or technical issues; (v) to respond to claims that contact information (e.g. name, e-mail address, etc.) of a third-party has been posted or transmitted without their consent or as a form of harassment and (vi) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence;
  • Pursuant to your explicit approval prior to the disclosure; and • We may share aggregated, de-identified Data with our partners to let them know how many users viewed and interacted with their materials. This information does not identify any individual or educational institution.

4. Third-Party Service Providers

We use third-party service providers to help us operate our Services, who may collect, store, and/or process the information detailed herein. We allow access to our database by third parties that provide us with services, such as technical maintenance, market research, community and forums management, and personal/job search functionality, but only for the purpose of and to the extent necessary to provide those services.

There are times when you provide information about yourself to us in areas of the Service that may be managed or participated in by third parties. In such cases, the information may be used by us and by such third party(ies), each pursuant to its own policies. We may also provide your information to our advertisers, so that they can serve ads to you that meet your needs or match your interests.

We use commercially reasonable efforts to engage with third parties that post a privacy policy governing their collection, processing, and use of Non-Personal Data and Personal Data. While we may seek to require such third parties to follow appropriate privacy policies and will not authorize them to use this information except for the express purpose for which it is provided, and you agree that we do not bear any responsibility for any actions or policies of third parties. 

  1. Google Analytics. We have enabled Google Analytics to collect data about our traffic through the use of Google advertisements and other anonymous identifiers. We use Google Analytics cookies and other cookies to compile data to better understand users and provide users with a more tailored experience. You can opt out of Google Analytics by visiting Google’s Opt-Out Browser Add-on website here.
  2. Google Ads (previously Google AdWords). Our Site utilizes Google Ads display brief advertisements, service offerings, and product listings tailored to our content and audience, known as remarketing. Google Ads' system is based partly on browser cookies and partly on keywords determined by advertisers, which characteristics are then used to place ads on pages where they might be of interest to users. You can review Google’s privacy policy and further Google privacy controls here.
  3. PayPal. We use PayPal as our online payment processing service provider. When you made a purchase through your account online, the payment portal for PayPal collects and processes your payment information and allows us to track transactions without storing sensitive payment information on our systems. PayPal’s privacy policy can be viewed here.
  4. Authorize.net. We work with Authorize.net to help us with our ecommerce payment management when our customers wish to enter their payment information through our Site instead of through PayPal or a payment plan. Authorize.net is a payment gateway service provider who allows us to accept customer payment information directly. Authorize.net is an affiliate of Visa and their privacy policy can be reviewed here.
  5. CareCredit. CareCredit is our third-party partner for customers who elect to use a financing option when choosing a payment method for our Services. CareCredit helps our customers plan, manage, and pay for medical expenses. To read more about CareCredit's privacy policy, see here.
  6. Twilio. We work with Twilio, to facilitate SMS messages to Users regarding their shopping carts on our Site. We receive information about these communications, including the date and time of the SMS message, the parties’ phone numbers, and the content of any SMS messages. Standard message and data rates may apply. You can find Twilio’s privacy policy here.
  7. Invoca. Invoca provides a cloud-based call intelligence platform that helps us measure, automate, and optimize our users’ inbound calls in order for us to better understand and anticipate our callers’ needs and improve their service experience with us. You can read Invoca’s privacy policy here.
  8. RingCentral. We also work with RingCentral for phone support in order to utilize their cloud-based business phone system. Please click here for more information on RingCentral’s privacy policy.
  9. Salesforce. Salesforce is MDsave’s customer relations management (CRM) system provider. We use Salesforce’s services to manage many aspects of our customers’ accounts. You can find Salesforce’s privacy policy here.
  10. SendGrid. We use SendGrid’s email services to send our transactional e-mails to users, i.e. those emails pertaining to orders that you have submitted through our Site. We track how Users open these emails and what links they click so that we can better serve customers with information that they find relevant. You can review SendGrid’s privacy policy here. Please note that transactional emails, like order confirmations, are managed separately from general marketing emails (see below) and do not have an opt-out (with the exception of users concerned about medical record privacy who may contact us directly, as further outlined in our Terms of Service).
  11. MailChimp. We use MailChimp’s services to deliver promotional emails. MailChimp is a marketing automation platform that MDsave uses for its email marketing services. All of our e-mails sent through MailChimp include an opt-out/unsubscribe link to allow you to better control what communications you receive from us. MailChimp’s privacy policy can be viewed here.
  12. Domo. Domo provides our platform for business intelligence tools and interactive data visualization products. Domo’s cloud platform helps us consolidate our data so that we can better understand and continue to improve our Services for our customers. You can find Domo’s privacy policy here.
  13. Segment. Segment provides an analytics API and customer data platform to observe and collect the Non-Personally Identifiable Data (or “clickstream data”) from our Site visitors that allows us to study and improve our Site and Services. You can review Segment’s privacy policy here.
  14. Facebook. We use Facebook’s conversion tracking pixel and retargeting service(s) to monitor users who are redirected to the Service(s) after clicking on a Facebook ad. This allows us to monitor our ads and their effectiveness, as well as to provide advertisements to users for products according to their interests. Facebook explains conversion tracking on its website here and Facebook explains its use of Cookies and other storage technologies, as well as how to control Facebook’s use of Cookies, on its site here. You can access Facebook’s privacy policy at here.
  15. Redox. Redox provides an electronic health record integration API platform that allows us and our customers to interact and exchange health data with the healthcare organizations that our customers and users are interested in working with and making purchases from. Redox’s privacy policy can be reviewed here.

A Note about Third-Party Tracking and Our Site — We do not serve targeted advertising; however, when you use the Internet, unaffiliated parties such as ad networks, web analytics companies, and social networking platforms may collect information about your online activities over time and across our and other websites. This information may be used to provide advertisements for products and services that may interest you, and those companies may use Cookies, clear GIFs, and other tracking technologies. We do not track your activity across different websites or online services. We do not honor “do not track” signals transmitted by web browsers.

For more information about third-party advertisers and how to prevent them from using your information, visit the NAI’s consumer website at http://www.networkadvertising.org/choices or http://www.aboutads.info/choices. If you do want to opt out using these tools, you need to opt out separately for each of your devices and for each web browser (such as Internet Explorer, Firefox or Safari) that you use on each device

5. Data Security

We take reasonable steps online and offline to safeguard the Personal Data that you provide to us, including Secure Sockets Layer (SSL) encrypted connections (HTTPS) to the web site(s) on our Service(s), secure multi-tiered firewalls, and portions of your data may also be encrypted on our storage server for additional security, secure cloud-based environments and uses server authentication and industry-standard firewalls in an effort to prevent interference or access from outside intruders. We also require unique account identifiers, user names, and passwords that must be entered each time users log into their accounts or use of secure password credentials to an authorized third-party portal.

Nonetheless, it is common knowledge that transmission of information via the internet is not wholly secure, and we cannot guarantee the security of your Personal Data, or any other information, transmitted to or through any of our Service(s). Any transmission of Personal Data, or other information, is at your own risk. By using our Service(s), you acknowledge and accept these risks. As a result, we cannot guarantee or warrant the security of any information you disclose or transmit to us or that are otherwise provided to us and we cannot be responsible for the theft, destruction, or inadvertent disclosure of information. It is your responsibility to safeguard any passwords, ID numbers, or other special access features associated with your use of the Service(s). Any transmission of information is at your own risk. By using our Service(s), you acknowledge and accept these risks.

If you have any questions about security on our Services, or if you become aware of any unauthorized use of an account, loss of your account credentials, or suspect a security breach, notify us immediately via email at info@mdsave.com. If our security system is breached, we will notify you of the breach only if and to the extent required under applicable law.

6. Your Choices, Access, and Rights to Your Personal Data

You may change, edit, update, or delete the information that you provided when you set up your account through our Service(s) through your account settings. You may also request the deletion of this information by sending an email to info@mdsave.com. If you reside in certain jurisdictions, such as the EEA, you may have additional rights and options with regard to accessing, reviewing, correcting, and updating your Personal Data, as well as how we use and disclose your Personal Data.

As a Data Subject, you have the right to request access to your Personal Data as it exists in our records by emailing us at info@mdsave.com. You also have the right to rectification, correction, or amendment of your Personal Data if it is inaccurate or incomplete. You may also have the right to erasure of your Personal Data; however, this is not always possible due to legal requirements and exceptions may apply. A Data Subject may have the right to object to the processing of his or her Personal Data, for example, due to his or her particular situation, for direct marketing uses, or for scientific or historical research. In certain circumstances, Data Subjects may have the right to obtain a restriction on our processing of their Personal Data, in which case such Personal Data will, with the exception of storage, only be processed with the Data Subject’s consent or in circumstances such as our exercise or defense of legal claims or the protection of another person. Data Subjects may also have the right to request that we provide data portability for their Personal Data via a copy of the data in a commonly-used format and/or transfer their Personal Data directly to another data controller (where technically feasible). Exceptions to these rights may apply, for example, if the processing is necessary for a task carried out in the public interest. Finally, if a Data Subject has given his or her consent to our processing of his or her Personal Data for certain purposes, he or she has the right to withdraw consent to such use at any time by contacting us via the contact information below.

If you are not satisfied with how we manage your Personal Data, you have the right to make a complaint to a data protection regulator. A list of National Data Protection Authorities can be found here.

7. Data Retention

Unless otherwise described or requested by you, we will retain your Data only for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

At any time, users may request deletion of their accounts by e-mailing info@mdsave.com. When you delete your account, it cannot be recovered.

Please note that we do retain Non-Personal Data, including aggregated, de-identified data for the purposes described in the section titled, “How We Use Data.”

8. MDSave as a Data Processor

We may collect, use, and disclose certain Personal Data about you when acting as service provider to an organization that uses or provides our Site or Services. These organizations are responsible for ensuring that the your privacy rights are respected, and should include information to help you understand how third parties collect and use your Personal Data. To the extent that we are acting as a data processor, we will process your Personal Data according to the terms of our agreement with the respective organization and its lawful instructions.

9. Data Protection Officer

Our appointed Data Protection Officer is Ryan Aipperspach. If you have an inquiry regarding your Personal Data, pursuant to the rights listed in the preceding section (above), please send your message to the following: 

Ryan Aipperspach
MDsave
100 Bush Street, Suite 1750
San Francisco, CA 94104

10. Links to Third Party Sites

Our Services may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. Such links do not constitute an endorsement by us of those other websites, their content or services, or the persons or entities associated with those websites. This Privacy Policy does not apply to third-party websites. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies and terms of all third-party websites or services that you may visit.

11. Children's Privacy

We do not sell products or services for purchase by anyone under the age of thirteen (13). In accordance with the Children’s Online Privacy Protection Act (“COPPA”), we will never knowingly request or solicit Personal Data from anyone under the age of thirteen (13) without verifiable parental consent. In the event that we receive actual knowledge that we have collected such Personal Data without the requisite and verifiable parental consent, we will delete that information from our database as quickly as is practical. We reserve the right to request proof of age at any stage so that we can verify that minors are not using the Service(s).

12. Your California Privacy Rights

California Civil Code Section 1798.83 permits California residents to request and obtain a list of what Personal Data (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. Under Section 1798.83, California residents are entitled to request and obtain such information, by e-mailing a request to info@mdsave.com.

13. Changes in the Privacy Policy

We reserve the right to modify and update this Privacy Policy at any time by posting an amended version of the statement on our Site. Please refer to this policy regularly. If at any time we decide to use Personal Data in a manner different from that stated at the time it was collected, we will notify you either on the panel home page of our Site or via e-mail.

14. How to Contact Us

Because protecting your privacy is important to us, you may always submit concerns regarding our Privacy Policy on the contact us page. We will attempt to respond to all reasonable concerns and inquiries expeditiously. If you have any questions or comments about our Privacy Policy, please contact us at:

By e-mail: info@mdsave.com
By telephone: (877) 461-2491 

By regular mail:
ATTN: Ryan Aipperspach
MDsave
100 Bush Street, Suite 1750
San Francisco, CA 94104

Please be assured that any Personal Data that you provide in communications to us will not be used to send you promotional materials, unless you so request.

LAST UPDATED October 1, 2018