Last Update / Effective Date: September 29, 2020
through this website and mobile application ("Application") (collectively, the "Site") and other interactions with you, and how Personal Information is used, shared and protected.
Privacy laws and guidelines are part of a constantly changing environment. We reserve the right, at our discretion, to change, modify, add, or remove portions of this Policy at any time.
All changes will be effective immediately upon posting to the Site and Application. Material changes will be conspicuously posted on the Site and Application or otherwise communicated to you.
You are responsible for reviewing this Policy periodically to ensure that you are aware of our current privacy practices.
IF YOU ARE A CALIFORNIA RESIDENT, PLEASE SEE SECTION 11 BELOW FOR ADDITIONAL PROVISIONS THAT MAY APPLY TO YOU.
If you use this Site, you must comply with our Term of Use ("Terms") found here http://www.wellrx.com/terms/.
1. Categories of Personal Information We Collect
We may collect the following categories of Personal Information, which is information that identifies, relates to, describes, is reasonably capable of being associated with, or could
reasonably be linked, directly or indirectly, with a particular consumer or household ("Personal Information"):
- Identifiers: Identifiers such as: a real first name, middle initial, last name, name extension (e.g., Jr. Sr., I, II, etc.), date of birth, gender, email address, zip code, postal address (including street address, city, and state), phone number, group number, cardholder ID, member number, relationship code, store number, individual prescription number, password, relationship to insured, NPI (e.g., alias, unique personal identifier, online identifier, internet protocol address ("IP Address"), account name, or other similar identifiers.
- Customer Records: Any of the following types of information: telephone number, discount program effective date, discount program termination date, customer status, or medical information, including prescription and medication information.
- Protected Classifications: Characteristics of protected classifications under California or federal law such as: sex, age, and medical condition.
- Commercial Information: Commercial information, including records of products or services, including prescriptions, purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Internet Activity. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.
- Geolocation Data. Geolocation data.
- Inferences. Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
This Policy does not apply to any data that is publicly available.
2. Categories of Sources
We may collect all categories of Personal Information listed above from the following categories of sources:
SOURCE 1: We Collect Personal Information Directly From You.
We collect Personal Information that you provide directly to us. Personal Information is required to use certain Site and Application features, for example, to create accounts, contact us via email at [email protected], contact us via phone (where we may retain your message’s content and our response), receive or request data from us, and respond to communications from us (e.g., surveys and promotional offers).
Accounts. To create an online account, you must submit your first name, last name, date of birth, email address, zip code, gender, invite code or group number, and create a password. This data is used to populate a profile within your account. We will also collect any other information that you choose to submit in connection with your account, as well as your prescription information and general information about your health conditions (e.g., allergens, heart health, diabetes, etc.), and dietary preferences, if, for example, you decide to include such information in your health profile.
Marketing Communications; Opt-Out. We use your contact information to send you promotional and other electronic and hardcopy communications. We may use third-party providers to deliver communications to you. You may opt-out of such emails by using the unsubscribe link in the email or contacting us at [email protected] with "Unsubscribe" in the subject line. To opt-out of other communications (e.g., postal marketing and telemarketing), please contact us as set forth below. Opting out of marketing communications does not opt you out of communications about your account or transactions.
Feedback. When you provide comments or feedback about our Site and Application, the content on the Site and Application, or our services ("Feedback"), we will not treat that Feedback as confidential and we may use that Feedback for any purpose in our sole discretion so long as it does not personally identify you. Feedback will be used without attribution or compensation to you.
SOURCE 2: We Collect Personal Information Automatically
Automated Data. We may automatically collect certain information from you when you access our Site or use our Application. For example, we may collect information such as the websites you visit before or after you visit the Site or Application, pages you click-on on the Site or Application, IP address, location information, search requests, browser type, browser language, mobile carrier, operating system, data and time you visit the Site or Application, the amount of time spent on the Site or Application, unique device identifier (e.g., Google Advertising ID (GAID), Android ID, ID for Advertisers (IDFA), ID for Vendors (IDFV), MAC address, International Mobile Equipment Identity (IMEI), or other device IDs), requesting and referring URLs, and the device you use to access the Site or Application.
Account Activity. If you choose to create an account, we may collect data about how you use (i) your online account, (ii) the Site when you are logged into your account, and (iii) the Application when you are logged into your account.
Cookies & Other Tracking Technologies.
What are cookies and web beacons / pixel tags? A cookie is a small text file that our Site saves onto your computer or device when you use the Site that provides us certain information about your activities. Cookies allow the Site to remember your actions and preferences and recognize you or your browser. Web beacons / pixel tags are small graphics on a webpage that monitor your activity when viewing a webpage.
- prevent fraud, protect your data from unauthorized parties, and comply with legal requirements;
- make our Site function properly;
- provide personalized experiences;
- tailor our interactions with you;
- help with our marketing efforts;
- provide us with valuable data and statistics about the usage and effectiveness of our Site and to help us improve our Site; and
- help us improve our services.
What type of information do Cookies collect? The Cookies on our Site may collect information such as:
- IP addresses assigned to the computers and other devices you use;
- your internet service provider;
- device ID number;
- approximate geographic location;
- browser type;
- Site pages visited;
- websites you access before and after visiting the Site, and
- data related to how and when you use the Site.
We may combine information from Cookies with Personal Information, including data obtained from third parties.
How long do Cookies last? A Cookie can either be a "session" Cookie or a "persistent" Cookie. Session Cookies exist only for so long as you are visiting the applicable Site and are typically deleted when you exit your web browser. Persistent Cookies exist for a set period of time, for example, up to several months or years. Each time you visit a Site that has implemented a persistent Cookie, the persistent Cookie is renewed and that Cookie will remain active until its predetermined expiration date. You can manually delete persistent Cookies through your browser settings.
We are not responsible for third-party Cookies. Cookies may either be "first-party" or "third-party" Cookies. A first-party Cookie allows your web browser to talk to the actual Site that you are visiting (i.e. this Site). A third-party Cookie allows your web browser to talk to a third-party website, such as the source of an ad that appears on the website you are visiting or a third-party analytics provider. We do not have control over third-party Cookies. Third-party Cookies are not governed by this Policy.
How do you manage Cookies or opt-out? Most browsers automatically accept cookies. You can disable this function by changing your browser settings, but disabling cookies may impact your use and enjoyment of the Site. Not all features or functions of the Site may work properly if you disable Cookies. You cannot disable all Cookies, such as Cookies that are essential to the functioning of the Site.
We have also enabled the following Google Analytics Advertising Features: Google Display Network Impression Reporting, Remarketing with Google Analytics and Google Analytics Demographics and Interest Reporting. The Google Display Network Impression Reporting uses the Google Analytics cookie to track our ad impressions and your interactions with those impressions, including the effectiveness of those ads, which generates reports for us to help us analyze our advertisements. Remarketing with Google Analytics uses the Google Analytics cookie to serve advertisements to you across the Internet based on your visit to our Site. Google Analytics Demographics and Interest Reporting uses a third party cookie to collect information about our website traffic by tracking users across websites and across time, which generates a report for us to better understand our Site users.
Online Behavioral Advertising. We use third parties to provide internet-based advertising services, including but not limited to Facebook, Live Ramp, and Double Click. These services collect data about your interactions with the Site and Application and other websites to send you targeted advertisements for goods and services. The data collected may be associated with your Personal Information. These advertisements may appear on the Site, Application, and on other websites and may be sent to you via email.
To change your preferences with respect to certain online ads and to obtain more information about third-party ad networks and online behavioral advertising, visit National Advertising Initiative Consumer opt-out page or the Digital Advertising Alliance Self-Regulatory Program. Changing your settings with individual browsers or ad networks will not necessarily carry over to other browsers or ad networks. As a result, depending on the opt-outs you request, you may still see our ads.
SOURCE 3: We Collect Personal Information From Third-Party Sources.
We obtain data about individuals from various third-party companies and public sources and we may combine that data with Personal Information or other data we collect. This enhances our existing data about our users, improves our ability to contact you, and enhances our marketing capabilities. Third party sources of information may include but are not limited to, the following:
Pharmacies. MSC collects information from Pharmacies to process claims and provide our prescription discount programs to you. We may use information sourced from pharmacies for other purposes related to the proper administration of our programs and to better communicate with you and to provide useful information to you in regards to your membership or use of our programs as applicable.
Clients. MSC receives information from certain client organizations that is necessary to enroll members into our programs on behalf of the client and the prospective member.
Practitioners. MSC may receive certain information from other medical practitioners to allow MSC to help consumers to save money on prescription claims and to assist with prescription compliance.
3. Purpose for Collecting Personal Information
We may use all categories of Personal Information listed above for the following business purposes:
As Stated or Agreed to at the Point of Collection. We may use Personal Information for the purposes stated or agreed-to (or as is obvious) at the point of collection. For example, we use Personal Information to respond to your questions, comments, or complaints. We may also use Personal Information as requested or consented to by you.
Administration. We use Personal Information for administrative purposes, such as managing your accounts, facilitating transactions, to inform our business strategies, to understand the Site’s and Application’s demographics and user preferences, for evaluating applications, and managing profiles.
Billing Pharmacies/Claims Questions. We use Personal Information to bill pharmacies that participate in our prescription drug discount program and to assist consumers and pharmacies with questions about adjudicated claims.
Rebate Program. We use Personal Information to assist with financing the operation of the discount card program.
Site and Application Management. We use Personal Information for Site management, such as troubleshooting problems, improving the content and functionality of the Site, statistical and other analyses of the Site, and to customize the Site for you and our other users.
Advertising. We may use Personal Information to send you promotions or to perform targeted advertising, to notify you of new services, products or programs, to notify you of new features of our Site, to notify you of changes to our Terms or this Policy, and for other similar communications.
To Protect Our Rights. We may use Personal Information to protect our legal rights or interests, or those of third parties, including to bring a legal action against you or anyone who may be causing harm to us, our Site, or to other users of the Site. We may also use Personal Information to see business, financial or legal advice, and to respond to other legal requests.
To Receive Feedback and Improve User Experience. We may collect Feedback from you through surveys. We may use all of the survey information that we collect to improve user experience. We may also aggregate and anonymize any survey information and license and distribute the same.
4. Categories of Third Parties With Whom We Share Personal Information
We may share all categories of Personal Information listed above with the following categories of third parties:
Employees and Affiliates. We may share Personal Information with our employees and affiliates who have a need to know the information for our business purposes.
Pharmacies. We may share Personal Information with pharmacies for billing purposes and to assist consumers and pharmacies with questions about adjudicated claims.
Third-Party Pharmaceutical Manufacturers. We may share your Personal Information with third-party pharmaceutical manufacturers or their intermediaries to assist with financing the operation of the discount card program.
Third-Party Service Providers. We may share Personal Information with our third-party service providers, consultants, agents, partners and representatives that provide services for us, with whom we have contracted to protect such Personal Information. These service providers and vendors may include but are not limited to our third-party marketing and ad agencies, our information technology vendors, and our customer service call vendors. Our service providers may also aggregate the information they receive for their own internal analysis and purposes and for inclusion in general databases regarding consumer behavior and trends as described above.
Government Officials / Law Enforcement. We will cooperate with law enforcement and other governmental agencies, and may disclose Personal Information: (i) if we believe in good faith we are legally required to disclose that Personal Information, (ii) if we are advised to disclose Personal Information by our legal counsel, or (iii) when necessary to identify, contact or bring a legal action against someone who may cause or be causing harm to, or interfering with the legal rights of, Company or any other party.
Professional Advisors. We may share Personal Information with certain service providers that are our professional advisors, such as our attorneys, accountants, financial advisors and business advisors, in their capacity as advisors to Us.
Legal Proceedings and Protection of Rights. We may share Personal Information with third parties to the extent permitted by applicable law, including in the event of a subpoena, court order, or law enforcement request. We will use Personal Information and share it with third parties if we believe doing so is necessary to provide you the contemplated services or to protect our rights or the rights of others, including disclosing information necessary to identify, contact, or bring legal action in the event of a violation of our contracts, terms, or policies.
Change in Ownership. In the event Company is the subject of a change of control or in the event the Site or Application changes ownership, in whole or in part, or in the event of a bankruptcy, receivership or a similar transaction, we may provide Personal Information to the subsequent owner(s).
Other. We may share Personal Information with third parties when explicitly requested by or consented to by you, or for the purposes for which you disclosed the Personal Information to us as indicated at the time and point of the disclosure (or as was obvious at the time and point of disclosure).
5. Use and Disclosure of De-Identified or Aggregated Information
We may collect, use, share, transfer and otherwise process de-identified and aggregated information that we receive or create for any purposes in our sole discretion, in compliance with applicable laws. We may use aggregate data to understand Site and Application users' needs, to determine Site and Application user demographics and user patterns, to determine what kinds of products and services we can provide, and to improve and enrich our products and services, including the Site, and Application. We are the sole and exclusive owner of such de-identified and aggregated information, including if we de-identify Personal Information so that it is no longer considered Personal Information under applicable laws.
We may share user information in the aggregate with (i) our clients in order to provide overviews of claims information, e.g., "specific drug associated with 35-47 year olds and mostly female," and (ii) third-party advertisers and content distributors for our own marketing purposes. For example, we may disclose the number of users and basic non-personal demographic data.
The Site and the Application are not directed at children under 18 years of age. We do not knowingly collect, use, or share Personal Information from children under 18. If a parent or legal guardian learns that their child provided us with Personal Information without his or her consent, please contact us and we will make commercially reasonable attempts to delete such Personal Information.
For clarity, we do not knowingly sell the Personal Information of anyone under the age of 18 years old without affirmative authorization.
7. Social Media
We are active on social media, including but not limited to Facebook, YouTube, Twitter, Instagram, Reddit, Pinterest, and LinkedIn ("Social Media"). Anything you post on Social Media is public information and will not be treated confidentially. We may post (or re-post) on the Site and our Social Media pages any comments or content that you post on our Social Media pages. YOU AGREE TO HOLD COMPANY AND ITS AFFILIATES HARMLESS AND WITHOUT LIABILITY FOR THE RESULTS OF ANY AND ALL CONTENT YOU POST ON COMPANY’S SOCIAL MEDIA.
Your use of Social Media is governed by the privacy policies and terms of the third parties that own and operate those social media platforms/websites and not by this Policy. We encourage you to review those policies and terms.
8. Data Security
Your privacy and the security of your Personal Information is very important to us. We use commercially reasonable technical and organizational measures to help secure Personal Information against loss, misuse, and alteration appropriate to the type of Personal Information processed. If a breach of your Personal Information occurs, we will notify you of the breach if required under applicable law.
YOU UNDERSTAND THAT NO DATA TRANSMISSION OVER THE INTERNET OR DEVICE CAN BE GUARANTEED TO BE 100% SECURE. WHILE WE STRIVE TO PROTECT PERSONAL INFORMATION, WE DO NOT GUARANTEE THE SECURITY OF PERSONAL INFORMATION AND YOU PROVIDE PERSONAL INFORMATION AT YOUR OWN RISK.
9. Access from Outside the United States
If you access the Site or the Application from outside the United States, please be aware that Personal Information may be transferred to, stored in, and processed in the United States. Certain governmental authorities may not consider the level of protection of Personal Information in the United States to be equivalent to that required in other jurisdictions.
10. Third-Party Websites
Certain capitalized terms not defined in this Policy have the meanings set forth in the California Consumer Privacy Act of 2018 as clarified by the State of California’s implementing regulations (the "CCPA").
A. Details Regarding the Collection, Sources, Purpose, and Sharing of Your Personal Information
To understand the categories of Personal Information we collect, see Section 1.
To understand the categories of sources from which your Personal Information is collected, see Section 2.
To understand the purposes for collecting your Personal Information, please see Section 3.
Categories of Personal Information Sold
In the last 12 months, we Sold the following categories of Personal Information. See the section above titled "Categories of Personal Information We Collect" for more detail on the type of Personal Information in each category.
- Category A: Identifiers
- Category B: Customer Records
- Category D: Commercial Information
- Category K: Inferences
We do not have actual knowledge of selling Personal Information of minors under the age of 16.
Categories of Personal Information Disclosed For a Business Purpose
In the last 12 months we disclosed the following categories of Personal Information for our or one of our service provider’s operational purposes. See Section 1 for more detail on the type of Personal Information in each category.
- Category A: Identifiers
- Category B: Customer Records
- Category C: Protected Classifications
- Category D: Commercial Information
- Category F: Internet Activity
- Category G: Geolocation Data
- Category K: Inferences
B. Your Rights to Access and Deletion
Subject to certain limitations such as (a) exceptions permitted by applicable law and (b) verification of your identity, you may exercise the following rights with regard to your Personal Information:
Right to Access. You have a right to access any of the following which occurred in the prior 12-month period: (a) the categories of Personal Information we collected from you, (b) the categories of sources from which the Personal Information was collected, (c) the business or commercial purpose for collecting or selling your Personal Information, (d) the categories of third parties with whom we shared your Personal Information, (e) the specific pieces of Personal Information we collected from you, and (f) a list of categories of Personal Information we Sold or disclosed for a Business Purpose in the last 12 months.
Right to Deletion. You have a right to request that we delete Personal Information we collected from you. We will comply with such request, and direct our service providers to do the same, subject to certain exceptions permitted by applicable law.
C. How to Exercise Your Rights of Access and Deletion
How to Exercise Your Rights. To exercise your rights described in this Policy, you may submit your request to us by contacting us at any of the following:
Via Toll-Free Phone at: 1-800-407-8156Medical Security Card Company, LLC
Via Email at: [email protected]
Via Mail at:
350 S Williams Blvd
Tucson, AZ 85711
Attention: Compliance Department
More on Submitting a Request to Delete. You may submit your request to delete here: Delete My Information
Who May Exercise Your Rights. You may only make a request to exercise your rights under the CCPA on behalf of yourself. A parent or legal guardian may make a request on behalf of their child. If you are a California resident, only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a request related to your Personal Information. See the Section 11(f) below entitled "Authorized Agents" for more information
Verifiable Consumer Request. In order to verify your request, you must provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information and you must describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
When We Will Respond. We will try to respond to your request within 45 days. If we require additional time, we will inform you of the reason and extension period. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. For data portability requests, we will select a format to provide your Personal Information to you. We may charge a fee to process or respond to your request if it is excessive or repetitive.
D. Your Rights to Opt-Out of Sales of Personal Information
Right to Opt-Out. You may direct us not to sell your Personal Information at any time (this is your right to "opt-out"). You may submit your opt-out request by following this link: DO NOT SELL MY PERSONAL INFORMATION
To opt-out online, please use the following web-form: Opt Out. Other ways you may opt-out include calling us at: 1-800-407-8156.
If you are using an authorized agent to exercise your rights to opt-out of the sale of Personal Information, please see the section entitled "Authorized Agents" below for the proof required when you use an authorized agent.
You have a right to not receive discriminatory treatment for exercising any of your rights under the CCPA. If we choose to offer a financial incentives program in the future, additional terms will apply which may be an exception to this Section.
F. Authorized Agents
You may designate an authorized agent to make a request on your behalf to exercise your rights under the CCPA. An authorized agent must be registered with the Secretary of State in California to conduct business in California. If you choose to use an authorized agent, you must: (1) provide signed permission to that authorized agent to submit requests on your behalf ; (2) verify your own identity (per the process stated above), and (3) directly confirm with us that you granted permission to the authorized agent to submit the request on your behalf. For clarity, you are required to verify the identity of both yourself and the authorized agent. We may deny a request from an authorized agent if we do not have proof that they are authorized by you to act on your behalf.
G. Shine the Light
Pursuant to California Civil Code Section 1798.83, if you are a California resident, you have the right to obtain: (a) a list of all third parties to whom we may have disclosed your Personal Information within the past year for direct marketing purposes, and (b) a description of the categories of Personal Information disclosed, by contacting us per the "Contact Us" Section below.
CALIFORNIA’S "DO-NOT-TRACK" REQUIREMENT. WE CURRENTLY DO NOT HONOR "DO NOT TRACK" REQUESTS.
This Policy is accessible to consumers with disabilities. If you are unable to access this policy in a form or format that allows you to read it, you may contact us using the Contact information below.
If you have any questions, you may contact us as set forth below:
Via Email at: [email protected]
By mail at:Medical Security Card Company, LLC
350 S Williams Blvd
Tucson, AZ 85711
By phone at: 1-800-407-8156