Privacy policy

1. Introduction

1.1 Purpose of this Policy.  This Privacy Policy (“Policy”) of Medications & Essentials Delivered Swiftly Inc. d/b/a MEDS, a New York business corporation (“our,” “us,” or “we”), applies to each one of our pharmacy customers, website visitors and mobile app users (“you” or “your”).  This Policy describes how we collect, use, and share your Personal Information (defined in Section 2.1), including health information.  This Policy also describes your options to control and set preferences for the collection, use and sharing of your Personal Information.  

1.2 About Us.  We are a pharmacy selling prescription-based medications and over-the-counter products. Through our website (https://medsrx.com/) and related mobile application, we enable our customers to order and manage their purchases and track deliveries for customers within our service territory.  For your medication, we will coordinate with you and your health care provider to manage your refill requests.  

1.3 Minimum Age Requirement.  Individuals under eighteen (18) years of age cannot use our services or access any of our Infrastructure except that customers under 18 years of age may purchase over-the-counter products when physically present in our brick-and-mortar stores in accordance with our store policies and applicable law.

1.4 Our Third Party Associates.  We rely on our relationships with various Associates (defined below) to conduct our business.  In this Policy, “Associates” will mean third parties with whom we conduct business for our business purposes, including: 

(a) any affiliates that control us, that we control, or that are under common control with us, such as our parents, subsidiaries and sister entities;  

(b) any third parties to whom we provide products, services or data, such as collaborators, advertisers and marketing agencies; 

(c) any health care providers to provide certain services you have requested, including those related to your health care; 

(d) any health plans to allow us to receive reimbursement for your prescription purchases; and 

(e) service providers and business partners who have been engaged to allow us to provide services to you or perform business functions on our behalf, such as customer support providers, credit card and payment processors, order fulfillment providers, market and data analyzers, product developers, website hosts, providers of communication systems (such as phone, text and email systems), providers of information technology systems (such as databases and data servers), online platform providers, information technology consultants, business advisors, auditors, accountants and attorneys.  

1.5 Our Infrastructure.  We may use our Infrastructure (defined below) to collect your Personal Information.  In this Policy, “Infrastructure” will mean the resources used by us or our Associates to receive or collect information, including the following resources: 

(a) https://medsrx.com/; 

(b) the mobile app named, Meds rx Pharmacy Delivered (“App”), which is downloadable at the App Store™ controlled by Apple Inc., the Google Play™ store controlled by Google LLC, or any other app marketplace where we make such app available;

(c) any other websites, ecommerce stores, servers, online portals, products, web portals, mobile applications and electronic user interfaces; 

(d) social media pages, email messages, text messages and direct messages; 

(e) phones, computers, web cameras and other communication devices operable to receive your written, text, oral, telephonic and video communications;

(f) real time communications with our representatives, including interviews, discussions, conversations and conferences via in-person interaction or video, phone or other means; 

(g) any brick-and-mortar facilities (such as stores) as well as any cameras, beacons, sensors and other tracking equipment located at such facilities; 

(h) any means for personal interaction or observation, such as the collection of survey results from you when you are located at such facilities; and 

(i) surveys, forms and other materials used to document your answers, feedback or behavior at such facilities.  

1.6 Mobile App Privacy.  This Policy applies to Personal Information we receive through all parts of our Infrastructure.  If we receive Personal Information through a mobile app that we own or operate, the related end user license agreement (if any) or screens or content in the applicable app marketplace (e.g., App Store™ or the Google Play™ store) may provide notices about how the app collects and uses such Personal Information.  If the app collects and sends Personal Information to others, such notices may describe that process as well.  Therefore, to fully understand the privacy of any Personal Information collected by any of our mobile apps, please review such notices as well as this Policy.  

1.7 Set of Online Documents.  This Policy includes and incorporates our set of online documents, including our Terms of Use and HIPAA Notice of Privacy Practices, and Cookie Policy.  Our Terms of Use include and incorporate this Policy.  Certain health information that we collect may be considered “protected health information” or “PHI” as defined under the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”). You should review our HIPAA Notice of Privacy Practices, which governs our use and disclosure of PHI. 

2. Meaning of Personal Information

2.1 Personal Information.  In this Policy, “Personal Information” will mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household.  

2.2 Deidentified Information and Aggregate Consumer Information.  Deidentified Information (defined below) and Aggregate Consumer Information (defined below) are not Personal Information.  We may create Deidentified Information and Aggregate Consumer Information by removing identifiers from your Personal Information and satisfying the other requirements of applicable law.  

2.3 In this Policy, “Deidentified Information” will mean information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to you, provided that the user of the deidentified information: 

(a) has implemented technical safeguards that prohibit reidentification of you; 

(b) has implemented business processes that specifically prohibit reidentification of the information; 

(c) has implemented business processes to prevent inadvertent release of deidentified information; and

(d) makes no attempt to reidentify the information.

2.4 In this Policy, “Aggregate Consumer Information” will mean information that relates to a group or category of consumers, from which individual consumer identities have been removed, that is not linked or reasonably linkable to any consumer or household, including via a device. 

3. No Sale of Your Personal Information

3.1 We do not, and will not, sell any of your Personal Information.  

3.2 When companies perform market research for their products and services, they often rely on data that describes the shopping and buying activities of a consumer population.  In exchange for supplying Deidentified Information or Aggregate Consumer Information to these types of companies and other third parties, we may receive payments or other monetary or valuable consideration.  

4. How We Collect Your Personal Information

We may collect your Personal Information in a variety of ways, such as by: 

(a) automatically pulling data from your browser or device, such as your computer or smartphone, by embedding computer code or data files to track your activity or geolocation, by other tracking means or methods described in our Cookie Policy; 

(b) receiving information you have provided to us via phone, text, email, electronic message, online form submission or other communications, including when you place orders; 

(c) receiving information from our Associates who have shared with us, the information you have made available, including health care providers and health plans permitted to disclose this information to us; 

(d) communicating with you in-person; and

(e) photographing or video recording you when you visit any brick-and-mortar facilities of our Infrastructure.  

5. The Categories of Your Personal Information We May Collect

The following table lists the categories of your Personal Information that we may collect for our business purposes:   

Categories of Personal Information	Examples of Personal Information
Identifiers  (if you chose to provide them)	Your name, unique personal identifier, Internet Protocol (IP) address, date of birth, email address, account name, social security number, driver’s license number, state identification card number, passport number, signature, physical characteristics or description, address, telephone number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, and any other of your financial information, medical information, or health insurance information.
Characteristics of Protected Classes  (if you chose to provide them)	Your race, color, national origin, religion, gender (including pregnancy), disability, age and citizenship status.
Biometric Information  (if you chose to provide it)	Photos, videos and images of you, including your face, eyes, fingerprints and voice.
Network Activity and Device Information	Your device, browser, internet or other electronic network activity information, including browsing history, search history, information regarding your interaction with an internet website, application, or advertisement, network routing information (where you came from), date/time stamps, clickstream information (when a webpage was visited and how much time was spent on the webpage), device information, browser type, Internet Protocol (IP) address (which may identify your general geographic location), referring/exit webpages, and number of visitors, views, and interactions.
Geolocation Data  (if you chose to provide it)	Your general geographic location and your Internet Protocol (IP) address, which may identify your general geographic location.
Audio and Visual Information  (if you chose to provide it)	Your audio, electronic, visual, thermal, olfactory, or similar information, including voices, sounds, photos and videos of you.
Professional Information  (if you chose to provide it)	Your professional or employment-related information.
Inferred Profile Information	Inferences drawn from any of the information described in this table to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.
Health Information (if you chose to provide it)	Your health information, including medical records and health insurance information.  See our HIPAA Notice of Privacy Practices.
Financial Information (if you chose to provide it)	Your financial information, including credit card information, bank account information, and information related to your other payment sources.

6. The Categories of the Sources of Your Personal Information

We may obtain your Personal Information from the following categories of sources: 

Categories of Sources	Description
You	We may collect the content, communications and Personal Information you send or provide when you use our products, services or Infrastructure.
Your Devices	We may pull your Personal Information from your devices and browsers through tracking methods and by placing cookies as described in our Cookie Policy.
Other People	We may receive your Personal Information from people who use our products or services.
Our Associates	We may receive your Personal Information from our Associates, including your physicians and health insurers

7. Our Purposes for Using Your Personal Information

7.1 We may collect, use, keep and share your Personal Information if doing so is necessary for us or our Associates to conduct any of the following activities (“Necessary Purposes”): 

Necessary Purposes	Description
Your Transaction	This includes completing the transaction for which your Personal Information was collected, provide a good or service that is requested by you or is reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between us and you, including processing your prescription and other over-the-counter purchases and any applicable discounts.
Security	This includes detecting security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
Repairs	This includes debugging to identify and repair errors that impair existing intended functionality.
Free Speech	This includes exercising free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
Research In The Public Interest	This includes engaging in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of your Personal Information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent.
Internal Uses as You Expect	This includes enabling solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
Complying with Law	This includes complying with a legal obligation.
Internal Uses in Context	This includes otherwise using your Personal Information, internally, in a lawful manner that is compatible with the context in which you provided the Personal Information.

7.2 We may use, keep and share your Personal Information for the following additional purposes: 

Additional Purposes	Description
Marketing Activities	This includes planning and performing the marketing activities for our products, services and Infrastructure.
Product/Service Improvement	This includes evaluating, improving, researching and developing our products, services and Infrastructure.
Personalizing	This includes personalizing our products, services and Infrastructure for you, such as by displaying advertisements that align with your unique interests.
Notifying You (until you opt-out)	This includes notifying you about new releases, alerts, updates, prices, terms, offers, or developments regarding our products or services.
Your Testimonials (with your consent)	This includes posting testimonials in our Infrastructure if you have given us authorization for the testimonials.
Tell a Friend (with your approval)	This includes contacting your friend for any referral or “tell a friend” feature that you have approved.
Safety	This includes protecting, as we determine necessary or appropriate, the health, safety, security or privacy of our employees, agents, visitors and Infrastructure.
Corporate Transactions	This includes transferring or supplying a copy of your Personal Information to a third party that acquires any portion of our business, assets, stock or equity in connection with a reorganization, merger, sale, joint venture, contractual assignment, transfer or other transaction, including any bankruptcy or similar proceeding.
Complying with Authorities	This includes acting, as we determine appropriate, to: (a) comply with applicable laws, including laws outside your country of residence; and (b) respond to requests from law enforcement authorities and public and government authorities, including those authorities outside your country of residence.
Enforcing Our Rights	This includes enforcing our rights under the Terms of Use and agreements with you, including pursuing available remedies and limiting the damages that we may sustain.
Other Business Purposes	This includes our other business purposes.

8. The Categories of Third Parties Who May Receive Your Personal Information

8.1 We may disclose your Personal Information to the following categories of third parties:  

Categories of Sources	Description
Connected People and Businesses	This includes people and businesses that own or operate apps, websites, products and services that are connected to our products, services or Infrastructure.
Associates	This includes our Associates involved with our business purposes.
Law Enforcement Agencies	This includes law enforcement agencies concerning activity that that we reasonably, and in good faith, believe may violate federal, state, or local law.
Others Permitted by Applicable Law	This includes other third parties permitted to receive your Personal Information in accordance with the applicable laws.

8.2 Based on your voluntary conduct, third parties may receive your Personal Information, such as: 

(a) people and businesses to whom you share your Personal Information; and 

(b) people and businesses who receive your Personal Information from those who originally received it from you.  

9. Privacy Policies of Third Parties

Our Infrastructure may provide links to or the ability for you to connect with resources owned or controlled by third parties, such as third party websites, services, social networks and mobile applications.  Some of these resources may be integrated into our products, services or Infrastructure.  Clicking on these resources or enabling these connections may enable the applicable third party to collect or share your Personal Information.  These third party resources are beyond our control.  We encourage you to check the privacy policies of these third party resources before providing your Personal Information to them.  

10. How to Control Your Preferences

10.1 Opt-Out Settings.  We may enable you to opt-out of, decline or disable certain features that involve the use of your Personal Information.  For example, we may enable you to select a setting to opt out of marketing emails and messages by modifying your user profile or using our unsubscribe link.  

10.2 Cookie Settings.  You may disable certain cookies as described in our Cookie Policy.  However, your election to disable cookies may degrade the functionality of our products, services and Infrastructure.  

10.3 Blocking of Advertisements.  Your browser may enable you to block advertisements.  However, doing so may degrade the functionality of our products, services and Infrastructure.    

11. Specific Privacy Laws

11.1 Health Privacy Laws

We may enter into a contract with you (or engage in a transaction with you) that involves your health or medical services.  In accordance with this contract, you may provide us with Personal Information that includes your health information.  Your health information may be protected under applicable laws, such as the Health Information Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH).  These laws may provide certain provisions regarding such contract, the handling of your health information, your rights, and the procedures we must follow.  These laws may require that we give you certain health privacy notices beyond the notices in this Policy.  We will comply with these laws.  Please refer to our HIPAA Notice of Privacy Practices.

11.2 Financial Privacy Laws 

We may enter into a contract with you (or engage in a transaction with you) that involves our receipt of Personal Information that includes your financial information.  Your financial information may be protected under applicable laws, such as the Privacy of the Gramm–Leach–Bliley Act (Public Law No. 106-102) and the Privacy Regulations and related implementing regulations, and the standards for safeguarding customer information set forth in 12 CFR Part 364 and 16 CFR Part 314.  These laws may provide certain provisions regarding such contract, the handling of your financial information, your rights, and the procedures we must follow.  These laws may require that we give you certain financial privacy notices beyond the notices in this Policy.  We will comply with these laws.  

12. How to Request Opt-Outs, Corrections, Deletions and Copies

12.1 You may have the ability to update your account profile and related Personal Information by logging in to your user account and following the prompts to update your profile.  

12.2 Also, you may provide us with a request to: (a) obtain a copy of your Personal Information in our possession; (b) correct or delete any such Personal Information; or (c) change how we collect or use your Personal Information.  In your request, please make clear the specific pieces of Personal Information you would like to have changed or deleted from our databases.  To submit a request under this Section, state “Legal Matter” in the subject line of your request, and sent your request through our contact page or by writing or emailing us at the following address:  

MEDS 

Legal Department

1104 2nd Ave, New York, NY 10022

Email Address: info@medsrx.com

Our HIPAA Notice of Privacy Practices describes how you may update or amend your PHI.

12.3 For security purposes, we may require identity verification before processing your request.  

12.4 We will respond to your request within a reasonable timeframe and in accordance within the requirements, frequency and timing specified by the applicable laws.  We may decline part or all of your request as permitted by the applicable laws.  For example, we may decline to delete your Personal Information if the applicable laws permit us to retain it for Necessary Purposes or other business purposes.  In such cases, we will let you know the reason for the decline.  

13. How Long We May Keep Your Personal Information

13.1 We may retain your Personal Information until we no longer have Necessary Purposes or other business purposes to keep your Personal Information (“Retention Period”).  

13.2 At the end of the Retention Period or when you delete your user account, whichever comes first, we may permanently destroy, erase, delete, encrypt or disable access to your Personal Information in a manner designed to ensure that it cannot be reconstructed or read.  You will not be able to recover such Personal Information later.  

14. Security of Your Personal Information

The security of your Personal Information is very important to us.  Directly or through our Associates, we use physical, technical, and administrative safeguards designed to protect your Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction.  However, we cannot warrant the security of any Personal Information that you send us.  There is no guarantee that your Personal Information will not be unlawfully accessed or destroyed by a hacking incident, cyberattack or other breach of our physical, technical or administrative safeguards.  

15. Policy Updates

We may update this Policy from time to time.  The date provided at the beginning of this Policy is the latest revision date of this Policy.  To request a prior version of this Policy, please contact us.