UPDATED August 8, 2023
We have the highest regard for your privacy and personal information and realize that the success of our services depends on the trust that you have in the way we handle your personal information. By entrusting us with your information, we would like to assure you of our commitment to keep such information private. We have taken considerable steps to protect the confidentiality, security and integrity of this information. We encourage you to review the following information carefully.
GROUNDS FOR DATA COLLECTION
Processing of your Personal Information (meaning, any information which may potentially allow your identification with reasonable means; hereinafter “Personal Information”) is necessary for the performance of our contractual obligations towards you and providing you with our Service, to protect our legitimate interests, to ensure compliance with legal and financial regulatory obligations, or otherwise, subject to your consent.
HOW DO WE RECEIVE INFORMATION ABOUT YOU
While you may use some of the functionality of the Service without creating a profile or registration, certain tools of the Service require registration and provision of your information, including Personal Information.
- If you choose to create a profile or register with us – you will be asked to provide Personal Information which will be associated with your Health information.
- Whenever you submit information via our Service – including, but not limited to, by telephone or email with customer service, we may collect Health Information and other Personal Information you provide us, in order to provide you with our Service.
- Third parties – we may receive information about you from our partners, such as pharmaceutical companies and medical providers as needed in order to provide you with our Service, and from other third parties in the context of our marketing activities, as further described in this policy.
It is your voluntary decision whether to provide us with any Personal Information or Health Information, however if you do not provide this information you may not be able to create a profile or register with the Service and your use of the Service may be limited.
WHAT TYPES OF INFORMATION DO WE COLLECT
Personal Information – We may collect the following Personal Information about you:
Contact Information – your name, gender, birth date, email address, home address and/or office address, phone number and optionally, zip code.
Caregiver or Medfriend Information – If you opt to use the Caregiver or Medfriend features of the Apps, we will also receive the contact information (such as name, phone number, address and email) of the Caregiver or Medfriend that you chose to appoint and provide us with their information.
Additional information – while you are using our Apps, subject to your permission, we may obtain access to your contact list and to your calendar. In addition, if you choose to make use of the skin tracker, you will be required to grant us access to your camera and to the photos saved on your device.
Medisafe Community information – if you use the Medisafe Community feature available through the App, you will be required to register with this feature. During the registration process, you will be required to create your nickname and to provide certain information about you, such as your age, gender, and health condition. The nickname you choose does not need to identify you in any way (in fact, we advise you use a nickname, not your real name, in order to protect your privacy), but this is up to your decision. The information you provide during your registration process as well as any User Content (as this term is defined under the User Content Terms) you provide, will be processed by us.
If you are a healthcare provider – you may be asked to provide information regarding your professional qualifications as well as additional Personal Information.
Voluntary information – when you communicate with us (for example when you send us an email or use a “contact us” form) we collect your email address, and the Personal Information you provided us with within such communication.
Technical information – we collect certain technical information that is automatically recorded when you use our Service, such as your IP address and device geo-location.
Background geo-location – please note that certain features of our Apps (such as medication reminders you have set to display upon your arrival home) requires you to enable background location access on your device.
Personal Health Information – you may choose to use certain features of the Service that will allow you to input other Personal Information with respect to your health, such as the medications you take, the date of your prescriptions, the number of refills you have made, how often you take your medication, dosage, physical measurements your doctor’s name, information related to your health insurance, and the name of your pharmacy (collectively your “Health Information”).
Site usage data – We collect information about your use of the Site, including but not limited to: type of computing or mobile device you use, language of your operating system, the Internet browser you are using, geo-location and use of the Site.
Health Information – We may also collect your non-identifiable Health Information if you choose to provide it (in case of non-registered users)
Technical information – The App automatically collects certain information about you when you use the App, this includes, but not limited to: details of the Wi-Fi you use and accelerometer used on your device, type of computing or mobile device you use, advertiser ID, your device’s operating system, the language of your operating system and the Internet browser you are using. The App may also access a list of installed apps on your device. This is done only to ensure proper quality of service, as some apps might interfere with the App functionality.
TRACKING TECHNOLOGIES – COOKIES
A “persistent” cookie may be used to help save your settings and customizations. Also, if you log in to the Site, such a cookie will be used to recognize you as a valid user so you will not need to log in each time you use the Site.
Most Web browsers automatically accept cookies however allow you to modify security settings so you can approve or reject cookies on a case-by-case basis or reject all cookies. You can configure your web browser to remove cookies by following the directions provided in your Internet browser’s “help” section.
HOW DO WE USE THE INFORMATION WE COLLECT
- Provision of service – we use the Personal Information you provide us for the provision and improvement of our Service to you, operate our business, and provide information that you request form us. For example, data collected automatically on the Service may be used to help diagnose problems with our servers, to make our Service more useful, to customize it and personalize its content for you (for example, we will use your Health information to send you reminders to take your medications).
- Marketing purposes – subject to your marketing preferences, we may use your Personal Information (such as your email address or phone number) to communicate with you. We may also send you promotional material concerning our services or our partners’ services (which we believe may interest you), including but not limited to, by building an automated profile based on your Personal Information, for marketing purposes.
- Analytics, surveys and research – we are always trying to improve our services and think of new and exciting features for our users. From time to time, we may conduct surveys or test features, and analyze the information we have to develop, evaluate and improve these features.
- Protecting our interests – we may use your Personal Information when we believe it’s necessary in order to take precautions against liabilities, investigate and defend ourselves against any third party claims or allegations, investigate and protect ourselves from fraud, protect the security or integrity of our Service and protect the rights and property of Medisafe, its users and/or partners.
- Compliance with legal and regulatory requirements – we also use your Personal Information as required by law, regulation or other governmental authority, or to comply with a subpoena or similar legal process.
WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION
- Research partners – we may share your Personal Information with third parties, such as research institutes, healthcare systems and healthcare providers. They may associate it with other information that they have about you, for improved healthcare, research purposes and the improvement of our Service.
- Providers of personalized third party content – from time to time, we may also ask whether you would like us to share your Personal Information with another company that may want to send you information about their products or services. If you consent to such transfer by us of your Personal Information to another company, please note that the information provided will be subject to such company’s privacy practices and shall not be within our control.
- Content providers – we may also use your Personal Information in order to provide you with personalized third party content or links to third party sites that might interest you. We provide this third party content and/or links to third party sites for information purposes only and are not liable for such content or sites. For more information see the “Links to other Websites or Apps” section below.
- Service providers – we may share your Personal Information, as is reasonably necessary, with our service providers, including vendors and suppliers that provide us with development services, technology (such as AWS), services, or content for the operation, development and maintenance of our Service or data and analysis on Service use, who are bound by an obligation of confidentiality, provided that we will only share Personal Information to the extent necessary with such service providers.
- Medisafe Community – if you register to the Medisafe Community feature through the App, your registration details (including your nickname, gender, age and medical condition) will be published on the Medisafe Community, together with your User Content, so that other members of the Medisafe Community can view it. Note that the nickname you choose does not need to identify you in any way. Please note that if you chose to use your real name, or a nickname which identifies you in any way, this information will be visible to other users of Medisafe Community you interact with. You can request removal of your User Content from the Medisafe Community at any time.
- Law authorities – we may share your personal data with law enforcement authorities, courts and tribunals, including with legal advisors and consultants, in case we need to respond to law enforcement requests or other legal requests or pursuant to a requirement imposed by law, order, judgment or decree, or courts in order to protect and defend our rights and property or those of Service users.
- Merger, acquisition or sale – we may transfer your Personal Information in the event of a merger, acquisition or sale of all or a portion of our assets.
- Personal Information you may share through our Service
- Medfriend and Caregivers –
- If you use the Services on your own behalf: You may send family members or friends an invitation to be your “Medfriend” or “Caregiver” by means of the Service, so that such person will receive alerts regarding your compliance with your medication regime. At your decision, your chosen Caregivers may also receive permissions to edit your information on the Services. By sending such invitation and granting such permissions, you represent that you have the right to appoint and provide the information of such person; that you consent to our disclosure of Personal Information about your medications and your compliance with your medication regime to such person; and, as applicable, that you allow your Caregiver to make changes to the Services including to your personal information, on your behalf. Sharing of your Personal Information and providing the editing permissions in this manner are solely at your responsibility.
- If you use the Services on behalf of your child or an incapacitated person, you shall be considered such person’s “Medfriend” or “Caregiver”, as applicable. In such event, you represent and warrant that you have the legal authority to act on behalf of that person; that you will keep confidential and only use the Personal Information made available to you through the Services for the purpose for which it was made available to you; that any permission and personal information provided to you through the Services will be used with due care and only for that person’s own good and best interests.
- Medical professionals and Doctors – You may use the Service in order to share your Personal Information or other information with your doctor or healthcare providers. Such sharing may be enabled by inviting your healthcare provider to monitor your Personal Information, by accepting an invitation from your healthcare provider to download and use the Service, or otherwise using the Service settings to share your information with your healthcare provider; in these cases you consent to our sending Personal Information about your medications and your compliance with your medication regime with your healthcare providers. Confirm with your healthcare provider that they have sent you an invitation to use the Service. Such sharing of your information is at your discretion and is solely your responsibility.
- Pharmacies and coupon companies – you may choose to share your Personal Information with pharmacies with which we partner or third party coupon companies, so that we may send you coupons or provide you with reminders to get your prescription refilled. If you choose to share your Personal Information in this manner, please note that such information may be disclosed to the coupon companies or pharmacies and will be subject to their privacy practices.
- Medfriend and Caregivers –
While we take great care to keep your Personal Information confidential and secure, when you share your health or medication information with others or provide feedback regarding health matters, medications and otherwise, including by means of social media sites, or when you participate in a forum on the Service, any information disclosed by you in such way is solely your responsibility. You should exercise caution when disclosing any information (including Personal Information) in such ways, as you do not know who will access or use such information and for what purposes.
USE OF AGGREGATED DATA
We may de-identify and aggregate Personal Information; aggregated data will not contain any information that could be used to contact or identify you. We may analyze and/or combine all information we receive, including Health Information and information regarding your use of the Service, with information from other users to create aggregated data that may be disclosed to and utilized by us, our partners and by third parties without restriction, on commercial terms that we can determine in our sole discretion, for purposes such as: content marketing, research purposes, in order to understand behavior patterns, in order to increase adherence to medication regimens, marketing strategies and for entering into commercial contracts in order to provide our users with the Service. As an exception to the above, we will not include data received via Apple HealthKit in the aggregated data we share with and/or sell to third parties or for marketing purposes.
Personal Information may be transferred to and maintained on computers and servers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside of the United States, please note that data we collect about you may be transferred to, processed and stored in the United States unless otherwise noted. If you reside in the UK or the EU, please note that some of our service providers may be located outside the European Economic Area (the “EEA”). In such cases we will transfer your data only to such countries as approved by the European Commission as providing adequate level of data protection, or enter into legal agreements ensuring an adequate level of data protection in accordance with the instructions of the EU commission as updated from time to time.
We may transfer our databases containing your Personal Information in connection with the transfer or sale of all (or substantially all) of our business assets, or in the event of a merger, consolidation or similar transaction.
We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed.
The following table describes all the rights you are entitled to. Please note that some rights are only available for residents of California, Virginia, or the European Union. For more information regarding your rights as a California resident, please see the CCPA-Related Information section below or visit https://oag.ca.gov/privacy/privacy-laws.
Data subjects residing in other jurisdictions may also be afforded with certain rights with respect to their personal data, as determined by such jurisdictions’ applicable laws. Such rights maybe similar or may differ from those set out above with respect to EU residents.
We comply with applicable laws and respect the privacy rights of our users. If you wish to exercise any of your rights, or ask us a question, please contact us by using the contact details provided below.
However, please note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements.
We will retain your Personal Information for as long as necessary to provide the Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation.
LINKS TO OTHER WEBSITES OR APPS
HOW WE PROTECT YOUR INFORMATION
We have implemented administrative, technical, and physical safeguards to help prevent unauthorized access, use, or disclosure of your Personal Information. Your information is stored on secure servers and isn’t publicly available. We limit access of your information only to those employees or partners that need to know the information in order to enable the carrying out of the agreement between us.
While we seek to protect your information to ensure that it is kept confidential, no security system is infallible and impervious, and we cannot absolutely guarantee its security. You should be aware that there is always some risk involved in transmitting information over the internet. While we strive to protect your Personal Information, we cannot ensure or warrant the security and privacy of your Personal Information or other content you transmit using the Service, and you do so at your own risk.
You need to help us prevent unauthorized access to your account by protecting your password appropriately and limiting access to your account (for example, by signing off after you have finished accessing your account). You will be solely responsible for keeping your password confidential and for all use of your password and your account, including any unauthorized use.
Our Service is intended for use by persons over the age of majority (as determined by applicable laws where such persons reside in: “Age of Majority”), unless we are provided with a valid parental or guardianship approval and consent, in accordance with the requirements of applicable laws. Under no circumstances should the Service be used by persons under the Age of Majority. We will not knowingly collect Personal Information from any person under the Age of Majority unless as described herein, and at our sole discretion. If you discover that a child has been using the Service without your consent, or that someone has been using the Service for or on behalf of your child without your consent, please contact us using the information below under “How to Contact Us” and we will take reasonable steps to delete the child’s information from our active databases. Medisafe reserves the right to check its user base from time to time and remove users whom Medisafe has grounds to believe they are in fact minors, including without limitation, restricting those user accounts, or deleting them, as Medisafe may deem appropriate.
This information applies to Personal Information of users who reside in the State of California (“Consumers” as defined under the California Consumer Privacy Act of 2018 (“CCPA“), as amended by the California Privacy Rights Act of 2020 (“CPRA“) and will be referred herein as “you”).
Personal Information is defined under the CCPA as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device.
Personal Information does not include: Publicly available information that is lawfully made available in government records; information that a consumer has made available to the public; De-identified or aggregated consumer information, and information excluded from the CCPA’s or CPRA’s scope such as Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA);clinical trial data, and any Personal Information covered by certain sector-specific privacy laws, such as the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA), the California Financial Information Privacy Act (FIPA) and the Driver’s Privacy Protection Act of 1994.
Collection, disclosure and sharing of Personal Information
In the preceding twelve (12) months, we have collected the following Personal Information:
Category A- Identifiers: such as a real name, unique personal identifier, online identifier, Internet Protocol address, email address.
Category B- Internet or other similar network activity: information on a consumer’s interaction with a website
Category C- Geolocation data.
Category D- Professional or employment-related information.
We collected such Personal Information from the following categories of sources:
- Directly and indirectly from activity on our Service. For example, directly from you when you inquire about our Service, or indirectly, we collect your usage data automatically from measurement tools.
- Directly from you. For example from forms you complete, contact us, etc.
- Indirectly from you. For example, when you view or interact with certain content, web page or ad we provide, we may collect certain ookie information and similar identifiers regarding your engagement with our content, web page or ad.
We may use the Personal Information collected for the following purposes:
- To fulfill or meet the reason you provided the Personal Information (support, respond to a query, etc.)
- To improve and maintain our Service
- For marketing our Service
- For analyzing your use of the Service
- To respond to law enforcement
- To enforce our policies, to defend from claims or exercise our legal rights
- Any other reason detailed in this Policy.
We will not collect additional categories of personal information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
We do not “Sell” or “Share” personal information, as this term is defined under the CCPA.
In the preceding twelve (12) months we disclosed your Personal Information. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except the performance of the contract. We also prevent the recipient from selling or sharing your Personal Information.
For more information about the disclosure of your Personal Information, please see the following table:
Exercising Your Rights Under the CCPA
As mentioned above, your rights may be exercised by using the Data Subject Request Form, which includes instructions for submitting, the general description of the process, verification requirements, when applicable, and any information the consumer or employee must provide.
In addition to the information provided under the User Rights and Opt-Out Options section above, we provide the option to opt out of Sharing for Cross-Contextual Behavioral Advertising or Selling Personal Information by using the following opt-out options:
- Through Device-Level Choices: if you do not want to receive interest-based advertisements, you can limit the collection of certain information through your device settings.
- Opt-Out through Industry Consumer-Choice Platforms: you can make choices about data collection for certain companies which participate in such tools, by visiting an industry consumer-choice platform, such as the NAI or DAA or EDAA.
Please know that opting out of interest-based advertising does not mean that you will not receive advertising. You may still receive ads, but those ads may be less relevant to your interests.
Authorized agents may submit opt out requests on a consumer’s behalf. If you have elected to use an authorized agent, or if you are an authorized agent who would like to submit requests on behalf of a consumer, the following procedures will be required prior to acceptance of any requests by an authorized agent on behalf of a California consumer. Usually, we will accept requests from qualified third parties on behalf of other consumers, regardless of either the consumer or the authorized agent’s state of residence, provided that the third party successfully completes the following qualification procedures:
- When a consumer uses an authorized agent to submit a request to know or a request to delete, a business may require that the consumer do the following:
- Provide the authorized agent signed permission to do so or power of attorney.
- Verify their own identity directly with the business.
- Directly confirm with the business that they provided the authorized agent permission to submit the request.
- We may deny a request from an authorized agent that does not submit proof that they have been authorized by the consumer to act on their behalf.
Notice Of Financial Incentive
We do not offer financial incentives to consumers for providing Personal Information.
Other California Obligations
- Direct Marketing Requests: California Civil Code Section 1798.83 permits you, if you are a California resident, to request certain information regarding disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please use the Data Subject Request Form.
- “Do Not Track” Settings: Cal. Bus. And Prof. Code Section 22575 also requires us to notify you how we deal with the “Do Not Track” settings in your browser. As of the effective date listed above, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, we so not respond to the Do Not Track settings. Do Not Track is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. For more details, including how to turn on Do Not Track, visit: www.donottrack.us.
This Policy has been drafted in the English language, which is the original and controlling version of this Policy. All translations of this Policy into other languages shall be solely for convenience and shall not control the meaning or application of this Policy. In the event of any discrepancy between the meanings of any translated versions of the Policy and the English language version, the meaning of the English language version shall prevail.
HOW TO CONTACT US
117 Kendrick St., Suite 300, Needham, MA 02494
ATTN: Medisafe Project Ltd.
Building #41, Ha’atzmaut, Haifa 3303321, Israel
115 Mare St., London E8 4RU, UK
You may also contact our Data Protection Officer: [email protected]
This policy was last updated on the 8th day of August, 2023.