Privacy Policy
Effective Date: April 26th, 2024
To enable us to provide you with a delightful pharmacy experience, you may be asked to share personal information with us, including health information. Extra Care is committed to safeguarding the privacy and security of the information that you provide to us or that others provide to us on your behalf.
By using or accessing Extra Care’s services, website, mobile application and products, you understand and agree that your information will be subject to the practices and policies outlined in this Privacy Policy, and you consent to the collection, use, and sharing of your information in the ways outlined in this Privacy Policy.
This Privacy Policy is effective with respect to you on or after, depending on when you first use or access the Services, the Effective Date.
What does this Privacy Policy cover?
This Privacy Policy covers how we treat identifiable information about you that we collect. When we say, “information about you” or “your information”, we mean any information that identifies you and includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules, and regulations.
This Privacy Policy doesn’t cover the practices of third parties that we don’t own, control, or manage including any third-party websites or services. While we try to only work with third parties that share our respect for your privacy, we don’t take responsibility for their policies, so we encourage you to carefully review the privacy policies of the third-party websites or services that you access.
Certain health-related information that Extra Care collects may be considered “protected health information” or “PHI” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Please make sure to carefully review our HIPAA Notices of Privacy Practices (“HIPAA Notice”) which applies to the protection and use of PHI.
How do we collect information about you?
From You or Your Family Members. We collect information about you when you sign up for an account, place an order, communicate with us, or otherwise make use of or interact with any of the Services. This information may include your name, address, contact information, birth date, and health plan information. If a family member is using the Services on your behalf, we may also collect information about you through them.
From Your Use of the Services. We may gather information about your geographic location, either from your IP address or from your use of the Services, or from location-based information that you elect to provide through your use of a mobile device or Internet-enabled vehicle. We may also receive information through Cookies (as defined below).
From Our Service Providers and Business Partners. We may receive information about you from our service providers or business partners who assist us with, for example, marketing or promotional services, advertisements, or communications.
We may use analytics providers to collect and analyze information about how you interact and engage with the Services.
From Health Care Providers and Health Plans. When you use certain Services, you may provide us with PHI. We may also receive PHI and other information from third parties, such as your doctor or health plan, who are permitted under applicable law, like HIPAA, to disclose this information to us.
How do we use your information?
We may use the information we collect about you in the following ways:
- To personalize your experience and provide you with the Services you’ve requested;
- To respond to communications that we receive from you, to contact you when necessary or requested, and to send you information about Extra Care or the Services;
- To allow us to better service you in responding to your customer service requests;
- To improve the Services, including testing, research, internal analytics, and product development;
- To market the Services to you;
- To fulfill our legal obligations under applicable law, regulation, court order or other legal process;
- To protect the rights, property, security or safety of you, customers of the Services, or the public;
- To resolve any disputes and enforce any agreements with you;
- To provide you with information that we believe will be of value to you in protecting and managing your health, which may be customized based on prescriptions you’ve filled at Extra Care or other information you’ve provided us;
- To provide any legitimate business service or product.
How do we share your information we collect with third parties?
We never share information about you unless you’ve given us permission to share that information or we’ve given you prior notice that the information will be shared and with whom (such as in this Privacy Policy). We may share, without notice or permission, aggregated, de-identified information about you to third parties as permitted by applicable law. Disclosures of your PHI will in all instances be governed by HIPAA, as further described in our HIPAA Notice.
We may share your information with third parties for the following reasons:
- To our service providers and business partners who have been engaged to enable us to provide the Services to you or perform business functions on our behalf;
- To your other health care providers to enable them or us to provide you with certain Services that you’ve requested, particularly related to your health care;
- To your health plan to enable us to receive reimbursement of your prescription purchase;
- To partners whose products or services you’ve requested, in order to deliver those products or services to you;
- To a law enforcement agency or other government agency in response to a subpoena, court order, or other request from such agency;
- To a third party if such disclosure is required in order for us to fulfill our legal obligations under applicable law, regulation, court order, or other legal process;
- To establish or exercise our legal rights, or to defend against claims;
- To protect the rights, property, security, or safety of you, our customers, or the public;
How do you correct and update your information?
You can correct or update your personal information by updating your account through the website or by contacting us at info@myextracare.com. It may take us up to 30 days to process your request. Our HIPAA Notice provides details on how to update your PHI.
How do we safeguard your information?
Extra Care follows generally accepted industry best practices for protecting your information. Although we work to protect the security of your account and information, please be aware that no method of information transfer over the Internet or electronic data storage is completely secure and therefore we can’t guarantee the absolute security of your information during its transmission or its storage in our systems.
Changes in Privacy Policy
We may change this Privacy Policy at any time. However, we’ll give you prior notice of any major changes by placing a notice on the website by sending you an email, or by some other manner, and we’ll let you know when the modified Privacy Policy will become effective. Your continued use of the Services after the new effective date will be considered assent to the new Privacy Policy.
What else do you need to know?
Children’s Privacy. Parents or guardians are permitted to use the Services on behalf of a child under their care and these parents or guardians may provide us with their child’s information. However, Extra Care doesn’t knowingly collect information directly from children themselves. If you’re under the age of eighteen, please don’t use or access the Services. Information Retention. We retain information about you for as long as you have an active account with us or as otherwise necessary to provide you with our Services. In some cases, we retain information for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule, or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.
Summary of Personal Information We Collect
Throughout this Privacy Policy, we describe the personal information we collect, the sources of that information, and how we use and share it. Under the CCPA, we also have to provide you with the “categories” of personal information we collect and disclose for “business purposes” (as those terms are defined by applicable law).
Those categories are identifiers (such as name and email address); commercial information (such as transaction history); financial data (such as financial account information); internet or other network or device activity (such as IP address or usage data); geolocation information (such as general location); health data; inference data about you; legally protected classifications (such as gender); professional or employment information (such as job title); sensory data; (such as voice recordings made during calls with our customer support team); or other information that identifies or can be reasonably associated with you. Your Privacy Rights. You have the following rights under the CCPA with respect to your personal information.
Right to Know. You’ve the right to request details of the personal information about you that we’ve collected and used subject to our receipt and confirmation of your verifiable consumer request. Specifically, we’ll disclose to you:
- The categories of personal information we collected about you;
- The categories of sources for personal information we collected about you;
- Our business or commercial purpose for collecting your personal information;
- The categories of third parties with whom we shared your personal information;
- Types of personal data collected: This should include a list of the types of personal data you collect, such as name, address, email, phone number, etc.
- Purpose of collection: Explain the reasons why you collect personal data, such as for account creation, to provide services, for marketing, etc.
- Data storage and retention: Explain where and for how long the personal data will be stored.
- Data sharing: Explain with whom you may share the personal data, such as service providers, third-party advertisers, etc.
- User rights: Explain the rights of the users regarding their personal data, such as the right to access, correct, delete, or restrict the processing of their personal data.
- Data security: Explain the measures you have taken to protect personal data from unauthorized access, misuse, and unauthorized disclosure.
- Changes to the privacy policy: Explain the process for updating the privacy policy and the steps you will take to inform users of any changes.
Right to Delete
You’ve the right to request the deletion of your personal information that is collected or maintained by us subject to our receipt and confirmation of your verifiable consumer request. Under the CCPA, this right is subject to certain exceptions: for example, we may need to retain your information to provide you with the Services or complete a transaction or other action you’ve requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.
CONSENT STRING
A consent string is a string of characters that encodes information about user consent for the collection and usage of personal data for online advertising purposes. Your consent string contributes to your compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Whether you need a consent string may depend on your location and the laws that apply to your business. If you operate in the European Union or California and are collecting and using personal data for online advertising purposes, you may need to obtain user consent and use a consent string to store and convey this information. It is advisable to consult a legal expert to determine the specific requirements that apply to your business. However, to utilize the Pearl Diver service, we required this out of an abundance of caution.
How you add a consent string to your website varies depending on where you host your website. Different hosts have different ways to add a consent string, either through an inbuilt function they already offer or a recommended plugin they recommend implementing with their software. You can also utilize a third-party software to run and manage consent strings. We recommend discussing options with us directly, or discussing with an IT or development contact who was involved with your website management.
Right to Non-Discrimination.
We may not discriminate against you because you’ve exercised any of the privacy rights described above. Exercising Your Rights. To exercise the rights described above, you (or your authorized agent) must send us a request that (1) provides sufficient information to allow us to verify that you’re the person about whom we’ve collected personal information, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Satisfaction of both criteria means your request is a “verifiable consumer request” and we’re not required to respond to requests that don’t meet these criteria. We’ll only use personal information provided in a request to verify your identity and complete your request. You don’t need an account to submit a request. We’ll work to respond to your request within 30 days of receipt.
Contact Information
If you have questions about privacy at Extra Care, including requests to opt out, unsubscribe, access or delete your data, you can contact us:
Email Address: info@myextracare.com