1. Data We Collect
When you use the Site, we collect and process the following types of information:
Information We Collect about You
We collect information about your use of our Services, including but not limited to your Internet connections, computer equipment, web browsers, sites visited before using or accessing our Site, sites visited after leaving our Site, and other similar information about traffic and usage, as you navigate to, through, and away from our Site(s)). This is called “Non-Personal Data” because it does not identify you, but provides insights to us regarding your use of the Services. Non-Personal Data may become linked to you and/or your account only after you submit certain types of Personal Data to us, e.g. logging into your Site account. This does not apply, however, after you have left our Site.
We also use automated data collection tools, such as Cookies and Web Beacons, to collect certain types of Non-Personal Data. By using our Services, you acknowledge that we use these data collection tools and accept the terms of our Cookie Notification. You can set your browser to reject Cookies, but that may limit your use of some convenience features on the Services. For more information on Cookies and how to control Cookies on your web browser, please see our Cookie Notification.
Web Beacons are tiny graphics with a unique identifier that may be included on our Services for several purposes, including to deliver or communicate with Cookies, to track and measure the performance of our Services, and to monitor how many visitors view our Services. Unlike Cookies, which are stored on the device, Web Beacons are typically embedded invisibly on web pages or in an e-mail.
Log Data refers to certain information about how a user (including both account holders and non-Account holders) uses our Services. Log Data may include information such as a user’s Internet Protocol address, browser type, operating system, the pages or features of our Services to which a User browsed and the time spent on those pages or features, search terms, the links on our Services that a user clicked on, and other statistics.
You may be given the option to receive push notifications while using our Services. In order to serve push notifications, we may need to collect your IP address and a persistent identifier from your device. You can turn off push notifications in your device settings.
Information You Provide
When you register to use our Services, place an order, set up an account, respond to communications (e.g., surveys, requests for feedback), contact us via phone, e-mail, or postal mail, and so on, we will collect certain types of the information you provide to us. This may include your first and last name(s), mailing address, e-mail address, phone number, organization, payment information, geolocation information, and/or your IP address. By using the Services, you may also choose to disclose or provide your communication preferences, your physical location, and your demographic information. This type of data is called “Personal Data” because it can be used to identify you.
When you wish to make a payment to MDsave for our Services, you may choose how you would like to do so. You have the following payment options to choose from:
- You may provide your payment information (i.e. credit card number, ccv number, and billing zip code) through our Site, in which case our payment processing service provider, Authorize.net, will then process the payment for us. The only payment information that we retain from you is the billing zip code, last four (4) digits of the payment card, and the card’s expiration date. We then save an identifier token from Authorize.net that we can use to bill the same card on subsequent purchases without requiring you to re-enter your information.
- You may also choose instead to be connected to another of our third-party service providers, PayPal. In this case, we neither collect nor store any payment information from you and your payment interactions are entirely through PayPal’s services.
- Lastly, you may choose to be connected to our financing partner, CareCredit, who helps us organize monthly payment options for our users. In this case, as well, we neither collect nor store any payment information from you and your payment interactions are entirely through CareCredit's services.
To learn more about these and our other third-party service providers, as well as to see links to their respective privacy policies, please see Section 4 below.
You may choose to allow us to access your location by granting the Site access to your location when prompted or through your device’s location services settings. You may change these settings on your device.
When you connect to the Services, we are able to recognize the internet (IP) address of the computer providing you with internet access. Our use of this IP address may be to help diagnose problems with our server or otherwise administer our Services. This IP address may also be used to gather broad demographic information. Your IP address is never associated with you as an individual (unless you have first logged into your account with your personal log-in information) and is never provided to another company or organization.
Third-Party Social Networking Service(s)
Additionally, if you choose to access, visit, and/or use any third-party social networking service(s) that may be integrated with our Service, we may receive your Personal Data and other information about you and your computer, mobile, or other device that you have made available to those social networking services, including information about your contacts on those services. For example, some social networking services allow you to push content from our Service to your contacts or to pull information about your contacts so you can connect with them on or through our Service. Some social networking services also will facilitate your registration for our Service or enhance or personalize your experience on our Service. Your decision to use a social networking service in connection with our Service is voluntary. However, you should make sure you are comfortable with the information your third-party social networking services may make available to our Service by visiting those services’ privacy policies and/or modifying your privacy settings directly with those services.
2. Use of Data
For Legitimate Interests. We do not sell or rent Personal Data to any third parties. We use information collected by clickstream data collection, web pixels, and cookies to store your preferences, improve website navigation, make personalized features and other services available to you, to generate statistical information, monitor and analyze user traffic and usage patterns, monitor and prevent fraud, investigate complaints and potential violations of our policies, to improve the our content and the products, services, materials, and other content that we describe or make available through the Site, and otherwise help administer and improve the Services.
We may identify you from your Personal Data and merge or co-mingle Personal Data and Non-Personal Data, for any lawful business purpose. Where you provide registration information, cookies can also be used to identify you when you log onto the Services or portions of the Services. Except as otherwise stated, we may use information we collect from you for the legitimate business purpose of providing our Services to you, including, but not limited to:
- to respond to your requests and provide user support;
- to evaluate and improve the content of our Services;
- to customize the Services to your preferences;
- to establish accounts to use the Services;
- to communicate information and promotional materials to you (where you have not expressed a preference otherwise);
- to check on your account status and maintain record of activities in connection with your use of the Site;
- to notify you of any changes to relevant agreements or policies;
- for research analysis;
- to enforce our agreements, terms, conditions, and policies;
- to prevent or investigate fraud (or for risk management purposes), or to comply with a legal obligations, court order, or in order to exercise our legal claims or to defend against legal claims;
- to comply with a legal obligation, a court order, or in order to exercise our legal claims, or to defend against legal claims;
- to conduct aggregate analysis and develop business intelligence that helps us to enhance, operate, protect, make informed decisions and report on the performances of our Services;
- to describe our Services to current and prospective business partners and to other third parties for other lawful purposes; and
- for other purposes identified to you and as requested by you (please note that you have the right to withdraw your consent to such use at any time by contacting us via the contact information below).
With the Consent of a Data Subject within the EEA; or without consent, if a citizen of any other jurisdiction. If you are a Data Subject within the EEA, and we have obtained your consent, we may also use your information in the following ways; and, if you are a citizen of any other jurisdiction, you acknowledge that we may use your information in the following ways:
- to send e-mail and postal mail, if you have consented to such use, to provide you with updates and news;
- to process any request you make;
- to process any commercial transaction, including but not limited to fulfilling an order or subscription request; and
- to establish your account to use the Services;
- to validate your username, e-mail, password, and/or other login credentials;
- to respond to your requests;
- to fulfill your purchase(s);
- to send you e-mail and postal mail supplying you with the most recent service information or to send you information about your order (e.g., order confirmations, shipment notifications, etc.);
- to notify you of any changes to relevant agreements or policies; and
We may use third‐party e‐mail providers to deliver these communications to you. This is an opt-in e-mail program. If you no longer want to receive these e-mail communications, you may opt-out of receiving e-mail communications.
We may, from time to time, invite you to participate in online surveys, such as a post-purchase feedback survey on your experience with our Services. The information requested in these surveys may include, but is not limited to, your opinions, beliefs, insights, ideas, activities, experience, purchase history, and purchase intent regarding products, events, and Services. We use the information collected by these surveys to research market trends, company growth, community needs, etc. Your input will help us to improve customer experience and shape development of our products and Services.
We may anonymize or aggregate Data that we collect from the use of the Services, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access the Services, market trends, and other analysis that we create based on the information we receive from you and other users. If you provide Personal Data through our Services, we may aggregate that Data with other active Data, unless we specify otherwise at the point of collection.
3. How We Share Data
We do not sell or rent Personal Data to marketers or unaffiliated third parties. We do have relationships with trusted third parties, but we will not share any Personal Data that we have collected from or regarding you except as described below:
- Service providers that help us administer and provide the Services (for example, a web hosting company whose services we use to host our platform). These third-party services providers have access to your Personal Data only for the purpose of performing services on our behalf. We have entered into contractual relationships with these service providers and require them to comply with all applicable data privacy laws and regulations and to use the Data only for the purposes for which it was disclosed. We require that any third-party service providers limit their use of your Data solely to providing services to us and that they maintain the confidentiality, security, and integrity of your Data and not make unauthorized use or disclosure of the Data;
- As we believe necessary: (i) under applicable law; (ii) to enforce applicable terms and conditions; (iii) to protect our rights, privacy, safety or property, and/or that of our affiliates, you, or others; (iv) to detect, prevent, or otherwise address fraud, security or technical issues; (v) to respond to claims that contact information (e.g. name, e-mail address, etc.) of a third-party has been posted or transmitted without their consent or as a form of harassment and (vi) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence;
- Pursuant to your explicit approval prior to the disclosure; and
- We may share aggregated, de-identified Data with our partners to let them know how many users viewed and interacted with their materials. This information does not identify any individual or educational institution.
4. Third-Party Service Providers
We use third-party service providers to help us operate our Services, who may collect, store, and/or process the information detailed herein. We allow access to our database by third parties that provide us with services, such as technical maintenance, market research, community and forums management, and personal/job search functionality, but only for the purpose of and to the extent necessary to provide those services.
There are times when you provide information about yourself to us in areas of the Service that may be managed or participated in by third parties. In such cases, the information may be used by us and by such third party(ies), each pursuant to its own policies. We may also provide your information to our advertisers, so that they can serve ads to you that meet your needs or match your interests.
- Google Analytics. We have enabled Google Analytics to collect data about our traffic through the use of Google advertisements and other anonymous identifiers. We use Google Analytics cookies and other cookies to compile data to better understand users and provide users with a more tailored experience. (You can opt out of Google Analytics by visiting Google’s Opt-Out Browser Add-on website.)
- Technology Lab. Technology Lab provides IT support services to MDsave employees, which provides them with incidental access to user data that may be stored on employee devices.
For more information about third-party advertisers and how to prevent them from using your information, visit the NAI’s consumer website at http://www.networkadvertising.org/choices or http://www.aboutads.info/choices. If you do want to opt out using these tools, you need to opt out separately for each of your devices and for each web browser (such as Internet Explorer, Firefox or Safari) that you use on each device
5. Data Security
We take reasonable steps online and offline to safeguard the Personal Data that you provide to us, including Secure Sockets Layer (SSL) encrypted connections (HTTPS) to the web site(s) on our Service(s), secure multi-tiered firewalls, and portions of your data may also be encrypted on our storage server for additional security, secure cloud-based environments and uses server authentication and industry-standard firewalls in an effort to prevent interference or access from outside intruders. We also require unique account identifiers, user names, and passwords that must be entered each time users log into their accounts or use of secure password credentials to an authorized third-party portal.
Nonetheless, it is common knowledge that transmission of information via the internet is not wholly secure, and we cannot guarantee the security of your Personal Data, or any other information, transmitted to or through any of our Service(s). Any transmission of Personal Data, or other information, is at your own risk. By using our Service(s), you acknowledge and accept these risks. As a result, we cannot guarantee or warrant the security of any information you disclose or transmit to us or that are otherwise provided to us and we cannot be responsible for the theft, destruction, or inadvertent disclosure of information. It is your responsibility to safeguard any passwords, ID numbers, or other special access features associated with your use of the Service(s). Any transmission of information is at your own risk. By using our Service(s), you acknowledge and accept these risks.
If you have any questions about security on our Services, or if you become aware of any unauthorized use of an account, loss of your account credentials, or suspect a security breach, notify us immediately via email at firstname.lastname@example.org. If our security system is breached, we will notify you of the breach only if and to the extent required under applicable law.
6. Your Choices, Access, and Rights to Your Personal Data
You may change, edit, update, or delete the information that you provided when you set up your account through our Service(s) through your account settings. You may also request the deletion of this information by sending an email to email@example.com. If you reside in certain jurisdictions, such as the EEA or California, you may have additional rights and options with regard to accessing, reviewing, correcting, and updating your Personal Data, as well as how we use and disclose your Personal Data.
As a Data Subject, you have the right to request access to your Personal Data as it exists in our records by emailing us at firstname.lastname@example.org. You also have the right to rectification, correction, or amendment of your Personal Data if it is inaccurate or incomplete. You may also have the right to erasure of your Personal Data; however, this is not always possible due to legal requirements and exceptions may apply. A Data Subject may have the right to object to the processing of his or her Personal Data, for example, due to his or her particular situation, for direct marketing uses, or for scientific or historical research. In certain circumstances, Data Subjects may have the right to obtain a restriction on our processing of their Personal Data, in which case such Personal Data will, with the exception of storage, only be processed with the Data Subject’s consent or in circumstances such as our exercise or defense of legal claims or the protection of another person. Data Subjects may also have the right to request that we provide data portability for their Personal Data via a copy of the data in a commonly-used format and/or transfer their Personal Data directly to another data controller (where technically feasible). Exceptions to these rights may apply, for example, if the processing is necessary for a task carried out in the public interest. Finally, if a Data Subject has given his or her consent to our processing of his or her Personal Data for certain purposes, he or she has the right to withdraw consent to such use at any time by contacting us via the contact information below.
If you are not satisfied with how we manage your Personal Data, you have the right to make a complaint to a data protection regulator. A list of National Data Protection Authorities can be found here.
7. Data Retention
At any time, users may request deletion of their accounts by e-mailing email@example.com. When you delete your account, it cannot be recovered.
Please note that we do retain Non-Personal Data, including aggregated, de-identified data for the purposes described in the section titled, “How We Use Data.”
8. MDSave as a Data Processor
We may collect, use, and disclose certain Personal Data about you when acting as service provider to an organization that uses or provides our Site or Services. These organizations are responsible for ensuring that your privacy rights are respected, and should include information to help you understand how third parties collect and use your Personal Data. To the extent that we are acting as a data processor, we will process your Personal Data according to the terms of our agreement with the respective organization and its lawful instructions.
9. Data Protection Officer
Our appointed Data Protection Officer is Ryan Aipperspach. If you have an inquiry regarding your Personal Data, pursuant to the rights listed in the preceding section (above), please send your message to the following:
100 Bush Street, Suite 1750
San Francisco, CA 94104
10. Links to Third Party Sites
11. Children's Privacy
We do not sell products or services for purchase by anyone under the age of thirteen (13). In accordance with the Children’s Online Privacy Protection Act (“COPPA”), we will never knowingly request or solicit Personal Data from anyone under the age of thirteen (13) without verifiable parental consent. In the event that we receive actual knowledge that we have collected such Personal Data without the requisite and verifiable parental consent, we will delete that information from our database as quickly as is practical. We reserve the right to request proof of age at any stage so that we can verify that minors are not using the Service(s).
12. Your California Privacy Rights
California Civil Code Section 1798.100-199, the California Consumer Privacy Act (“CCPA”) permits certain additional responsibilities towards California Residents. Before collection of Personal Data, we will notify California residents as to the categories of Personal Data that will be collected. In the last twelve (12) months, MDsave collected the following categories of personal information from its consumers: identifiers; personal information categories listed in the California Customer Records statute (California Civil Code Section 1798.80(e)); protected classification characteristics under California or federal law; commercial information; Internet or other similar network activity; and geolocation data. In the last twelve (12) months, MDsave has not sold personal information. MDsave has disclosed the following categories of personal information to service providers for a business purpose in the last twelve (12) months: identifiers; personal information categories listed in the California Customer Records statute (California Civil Code Section 1798.80(e)); protected classification characteristics under California or federal law; commercial information; Internet or other similar network activity; and geolocation data. MDsave may disclose deidentified patient information, and as part of such disclosure, MDsave uses the HIPAA safe harbor method under 45 C.F.R. § 164.514(b)(2) to deidentify such information.
In addition, California residents may request the list of the Personal Data and related information collected by us as denoted in California Civil Code Sections 1798.110(a) and 1798.115. A California resident may also request that we delete any Personal Data about the California resident, so long as the Personal Data is not necessary to our business or service provider functions, as denoted in California Civil Code Section 1798.105(d). California residents will not receive discriminatory treatment by us for the exercise of their privacy rights conferred by the CCPA. In addition, a California resident may designate an authorized agent to make a request under the CCPA on his or her behalf. Any California resident Personal Data requests may be emailed to firstname.lastname@example.org, or directed through our toll-free telephone number (877) 461-2491 or our website https://www.mdsave.com/contactus.
California Civil Code Section 1798.83 permits California residents to request and obtain a list of what Personal Data (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made up to twice per year and are free of charge. Under Section 1798.83, California residents are entitled to request and obtain such information, by e-mailing a request to email@example.com.
14. How to Contact Us
By e-mail: firstname.lastname@example.org
By telephone: (877) 461-2491
By regular mail:
ATTN: Ryan Aipperspach
100 Winners Circle North, Suite 202
Brentwood, TN 37027
Please be assured that any Personal Data that you provide in communications to us will not be used to send you promotional materials, unless you so request.
LAST UPDATED December 7, 2020