Medify Health Privacy Policy
Last Updated: 2024
Medify Health (“Medify”), values your privacy and the privacy of our other customers and visitors to www.medifyhealth.com website, features and services (collectively, with any successor websites, the “Services”). Users of the Services are, collectively, referred to herein as “Users.” This Privacy Policy describes what information Medify Health gathers from you via the Services (the “Information”), how we use that Information, and what we do to protect it. Your Information may include what we refer to as “Medical Information”, which is defined in more detail below and involves certain health-related information necessary for performing the Services, and “Personal Information”, which is a limited set of identifying information that allows for communication between Users and Medify. When referred to in this Privacy Policy, the term Personal Information includes any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, including any information that is subject to applicable data protection laws, including, but not limited to, “Personal Information” as defined under the California Consumer Privacy Act, Cal. Civ. Code §§ 1798.100 et. seq., as amended (“CCPA”). Any Personal Information that is collected is limited to use in the ways that are disclosed in this Privacy Statement.
By using the Services, you expressly consent to the Information handling described in this notice. This Privacy Policy is incorporated into and is subject to the Medify Terms of Use. Your use of the Services and any Information you provide on the Services are subject to the terms of this Privacy Policy and Medify’s Terms of Use. This Privacy Policy does not apply to “protected health information” as defined under the Health Insurance Portability and Accountability Act of 1996, as amended and implemented (“HIPAA”). To the extent applicable, Medify will comply with Section 4004 of the 21st Century Cures Act (Cures Act), which defines practices that constitute information blocking and the identified reasonable and necessary activities that do not constitute information blocking.
1. Your Choices
You may decline to share your Information with Medify; in that case, Medify will not be able to provide you with some of the features and functionality found on the Services. By using the Services, however, you hereby consent to our Terms of Use and this Privacy Policy. You are responsible for always maintaining the secrecy of your unique password and account access information.
2. Our Commitment to Data Security
Medify uses certain physical, managerial, and technical safeguards consistent with those used to protect electronic health records that are designed to improve the integrity and security of your Information. However, Medify also cannot guarantee that such Information may not be accessed, disclosed, altered, or destroyed by unauthorized breach of any of our physical, technical, or managerial safeguards. Medify works with authorized service providers to provide website hosting and maintenance as well as other services. To the extent it is necessary for these service providers to complete their contractual obligations to Medify, these third parties may have access to or process your Information. Medify generally limits their use of your Information to the purpose for which it was shared. Such service providers shall be bound by obligations of confidentiality at least as protective of you and your Information as those contained herein. Medify uses all the Information that we collect to understand and analyze the usage trends and preferences of visitors to the Services, to improve the way the Services work and look, and to create new features and functionality. If Medify learns of a security systems incident, then we will attempt to notify you electronically so that you can take appropriate protective steps, if the event rises to the level of a breach. Medify will post a notice on the Services if a security breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive a free written notice of a security breach you should notify us at compliance@medifyhealth.com.
3. Medical Information
You may provide to Medify certain Medical Information when using the Services. Your Medical Information may include gender, birth year, health risk questionnaire data, lab and genetic test results, and metabolic assessments. Medify may use your Medical Information in any of the following ways: to provide the Services to you; to perform research to improve the functioning of the Services; to create a database that may be referenced in developing and providing reports, provided that your Personal Information will not be disclosed in any such reports; and for review, evaluation, and analysis by Medify and/or its authorized agents.
4. Personal Information
Medify attempts to limit the Personal Information you provide to an email for communication with you, your name, mobile phone number and lab results. Medify uses the Information you provide or that we collect to operate, maintain, enhance, and provide all of the features, Information and services found on the Services. We will use your email address, without further consent, for administrative purposes, for customer service purposes, and to address intellectual property infringement, rights of privacy, or defamation issues. Medify will not use your email address or other Personal Information to send promotional messages unless you have opted in or otherwise requested that Medify contact you about the Medify products and services or other information. Medify does not sell, trade, rent or share your Personal Information with other organizations for their marketing or promotional uses without your express consent.
You may provide financial information (such as debit/credit card number, billing information, etc.) on the Services in a purchase. This information is provided to our payment processors for purposes of processing the transaction. Medify does not view or store this financial information beyond what is necessary to provide the service or as otherwise directed by you.
5. How we Use Your Information
In addition to the purposes and uses described above, we use information in the following ways:
• To identify you when you visit our Services.
• To provide our products and Services or to process returns.
• To improve our Services and product offerings.
• To streamline the payment process.
• To conduct analytics.
• To communicate with you, such as to respond to and/or follow-up on your requests, inquiries, issues, or feedback.
• To send marketing and promotional materials including information relating to our products, services, sales, or promotions, or those of our business partners.
• To detect and protect against malicious, deceptive, fraudulent, or illegal activity, including violation of our policies and terms and conditions, security incidents, and harm to the rights, property, or safety of our company and our users, employees, or others.
• To debug, identify, and repair errors that impair the existing intended functionality of our Services.
• To comply with our legal or regulatory obligations, to establish or exercise our rights, and to defend against a legal claim.
• For internal administrative purposes, as well as to manage our relationships.
• For such other purposes as you may consent (from time to time).
Although the sections above describe our primary purpose in collecting your information, in many situations, we have more than one purpose.
6. Information Medify Collects
Medify may use “cookies”, or small text files that are stored on your computer’s hard drive. Cookies ensure that this Service’s content is presented in the most effective manner for you and your computer.
Strictly Necessary Cookies
These cookies are essential in order to enable you to move around this Service and use its features. Without these cookies, services you have requested, such as remembering your submitted information, cannot be provided.
Performance Cookies
These cookies collect anonymous information on how people use this Service. For example, we may use Google Analytics cookies to help us understand how individuals arrive at our Servcies, browse or use this Service, and highlight areas where we can improve such as navigation and marketing. The data stored by these cookies never shows personal details from which your individual identity can be established.
Functionality Cookies
These cookies remember choices you make such as the country from which you visit this Service, language, and search parameters. These can then be used to provide you with an experience more appropriate to your selections and to make the visits more tailored. The information these cookies collect may be anonymized, and these cookies cannot track your browsing activity on other websites.
Targeting Cookies or Advertising Cookies
These cookies collect information about your browsing habits in order to make advertising more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as to help measure the effectiveness of an advertising campaign. The cookies are usually placed by third-party advertising networks. They remember the websites you visit, and that information is shared with other parties such as advertisers.
We may use different kinds of cookies, including session ID cookies and persistent cookies. Session ID cookies are used to personalize your user experience, and to determine ways to improve our Services and the other products and services we offer. These cookies are deleted when you close your browser session. Persistent cookies are used to collect information such as IP addresses, browser type, Internet Service Provider (ISP), referring/exit pages, platform type, date/time stamp, and a number of clicks.
You can refuse or accept cookies from our Services at any time by activating the settings on your browser. You are always free to decline our cookies if your browser permits, but some parts of the Services may not work properly if you do. Check the “Help” menu of your browser to learn how to change your cookie preferences. To find out more about cookies, visit www.aboutcookies.org.
Many web browsers allow for the use of a “Do Not Track” function to inform websites that you do not want your online activities tracked. Currently, we do not track your or any other users’ Personal Information over time and across third-party websites. We, therefore, do not respond to browser “Do Not Track” signals.
7. Disclosure of Information
Medify may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to comply with state and federal laws (such as U.S. Copyright law), respond to a court order, judicial or other government subpoena or warrant, or cooperate with law enforcement activity. Medify also reserves the right to disclose your information that we believe, in good faith, is appropriate or necessary to take precautions against liability; to protect Medify and others from fraudulent, abusive, or unlawful uses or activity; to investigate and defend ourselves against any third party claims or allegations; to assist government enforcement agencies; to protect the security or integrity of the Service; or to protect the rights, property, or personal safety of Medify, our users, or others.
Please note, we do not “share” Personal Information as that term is defined under the CCPA
8. Third Party Services
The Services may contain features or links to third party websites and services. Any personally identifiable information you provide on third-party sites or services is provided directly to such third party and is subject to that third party’s policies, if any, governing privacy and security, even if accessed through the Services. Medify is not responsible for the content or privacy and security policies of third-party sites or services to which links or access are provided through the Services. Medify encourages you to learn about third parties’ privacy and security policies before providing them with personally identifiable information.
9. Privacy Settings
Although Medify may allow you to adjust your privacy settings to limit access to your Information, please be aware that no security measures are perfect or impenetrable. We cannot control the actions of other Users with whom you may choose to share your Information. Therefore, if you choose to post Information using social media, we cannot and do not guarantee that Information you post on the Services will not be viewed by unauthorized persons. We are not responsible for the circumvention of any privacy settings or security measures contained on our Services. You understand and acknowledge that, even after removal, copies of information that you have posted may remain viewable in cached and archived pages or if other users have copied or stored such information.
10. Storage of Information
Information collected on the Services may be stored and processed in the United States or any other country in which Medify or its affiliates, subsidiaries or agents maintain facilities, and by using the Services you consent to any such transfer of Information outside of your country. Except as prohibited by law, we will retain and use your Personal Information for as long as necessary to provide you with the Services or to document our business relationship or otherwise as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
11. International Visitors
The Service is hosted in the United States and is intended solely for visitors located within the United States. If you choose to use the Services from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your personally identifiable information outside of those regions to the United States for storage and processing, and by providing your personally identifiable information on the Service you consent to that transfer, storage, and processing.
12. In the Event of Merger or Sale
In the event that Medify is acquired by or merged with a third-party entity, by using the Services you consent, in any of these circumstances, to the transfer or assigning of the Information that we have collected from you as a User as part of such merger, acquisition, sale, or other change of control.
13. Changes and Updates to this Privacy Policy
This Privacy Policy may be revised periodically without further notice to you, and this will be reflected by a ‘last modified’ date below. Please revisit this page to stay aware of any changes. In general, we only use your personal Personal Information in the manner described in the Privacy Policy in effect when we received that personal Personal Information. Your continued use of the Services constitutes your agreement to this Privacy Policy and any future revisions. For revisions to this Privacy Policy that may be materially less restrictive on our use or disclosure of personal Information you have provided to us, we will make reasonable efforts to notify you and obtain your consent before implementing such revisions with respect to such Information.
14. Certain State Laws
California, Colorado, Connecticut, and Utah Residents
If you are a resident of the above states, you may have the right, subject to certain exceptions defined in the laws and regulations applicable to you, to request that a company:
• Disclose certain information to you about its collection and use of your Personal Information. This right includes information about:
• The categories of Personal Information we collected about you;
• The categories of sources for the Personal Information we collected about you;
• Our business or commercial purpose for collecting that Personal Information;
• The categories of third parties with whom we disclosed, shared, or sold that Personal Information;
• The categories of Personal Information that each recipient received;
• The specific pieces of Personal Information we collected about you;
• Provide the Personal Information it has about you in a readily useable format that allows you to transmit the information to another entity without hindrance;
• Delete any of your Personal Information that it has collected from you and retained;
• Stop selling your Personal Information and refrain from doing so in the future; however, we do not sell your Personal Information;
• Correct inaccurate Personal Information it has about you; or
• Stop sharing your Personal Information for purposes of cross-context behavioral advertising, targeted advertising, and/or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you; however, we do not share your Personal Information for these purposes;
You may also have the right not to receive discriminatory treatment if you exercise the rights listed herein that are provided to you by your state of residence.
As mentioned, certain information that is governed by other laws, such as the California Confidentiality of Medical Information Act (CMIA) or HIPAA, may not be subject to the rights noted above. However, additional rights might be available under those laws and standards. Please contact compliance@medifyhealth.com if you would like more information.
Note that Medify acts as a “Service Provider” as defined by the CCPA when it collects Personal Information. If we have collected your Personal Information outside of our role as a Service Provider, we will respond to your verified consumer request accordingly.
Additionally, we are not required to respond to a consumer’s requests for access or disclosure of Personal Information more than twice in a twelve (12) month period.
California Civil Code Section 1798.83 permits California residents to request a list of all third parties to which we, during the immediately preceding calendar year, have disclosed certain Personal Information for direct marketing purposes; however, we do not share Personal Information with other people or non-affiliated businesses for their direct marketing purposes.
Nevada Residents
Although we do not sell Personal Information, Nevada residents have the right to submit a verified request directing us not to sell their Personal Information. If you are a Nevada resident, and would like to submit such a request, please send your request through any of the methods noted below.
Exercising Your Rights
To exercise any of the rights described above, you can contact us by:
• Emailing us at compliance@medifyhealth.com ; or
• Calling us at (866) 201-6777.
When you make a request, we may require that you provide information and follow procedures so that we can verify the request and your jurisdiction before responding to it. The verification steps we take may differ depending on the request you make. We will match the information that you provide in your request to the Information we already have on file to verify your identity. If we are able to verify your request, we will process it. If we cannot verify your request, we may ask you for additional information to help us verify your request. Please provide as much of the requested information as possible to help us verify the request. We will only use the information received in a request for the purposes of responding to the request.
Certain states permit their residents to use an authorized agent to make privacy rights requests. We require the authorized agent to provide us with proof of the data subject’s written permission (for example, a power of attorney) that shows the authorized agent has the authority to submit a request for the data subject. An authorized agent must follow the process described above to make a request. The authorized agent must also verify his/her own identity. We will confirm the agent’s authority with the data subject about whom the request was made.
15. Medify Contact Information
Please contact Medify with any questions or comments about this Privacy Policy, your personal Personal Information, our third-party disclosure sites, or your consent choices at: compliance@medifyhealth.com.