Last Modified: January 1st, 2020
Information we collect.
We have collected the following categories of information from consumers within the last twelve
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||Yes|
information listed under Cal. Civ. Code § 1798.80(e).
|A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||Yes|
classification characteristics under California or federal law.
|Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||No|
|Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||Yes|
|Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||No|
|F. Internet or other
similar network activity.
|Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||Yes|
|G. Geolocation data.||Physical location or movements.||Yes|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||No|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||Yes|
|J. Non-public education information.||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||No|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||Yes|
Certain information that we collect identifies, relates to, describes, references, is capable of
being associated with, or could reasonably be linked, directly or indirectly, with a particular
consumer or household (“personal information”).
Personal information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- Information included in categories D and G is collected and used in a de-identified and/or aggregated manner.
- Information excluded from the CCPA’s scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; or
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s PrivacyProtection Act of 1994.
Categories of sources from which information is collected.
- Directly from you, such as when you register with us.
- Indirectly from you, such as information we may collect in the course of providing the Services.
- Directly and indirectly from your activity related to our Services.
- From third parties that interact with us in connection with the Services.
Use of personal information.
Each of categories A, B, F, I and K described above may be used for the following business
- Provision of the Services. We may use your personal information to provide and improve the Services, and to develop new Services.
- Member Profiles. We may associate your personal information with respect to your use of the Services with your registration information and any other information we have about you, as described in this privacy notice, thereby creating a profile of you that we may update from time to time (“Member Profile”).
- Communications. By registering with us, we may use of your registration information and other information collected about you as described in this privacy notice to communicate with you about the Services and other information that may be of interest to you. These communications may be conveyed through a variety of channels, subject to applicable law, including emails and may contain advertisements and other promotional materials from third party sponsors, including pharmaceutical companies.
- Personalize the Services. We may personalize the Services, including the advertising you see within our products, on third party websites and in our email communications, based on information included in your Member Profile. For example, members who identify themselves as ophthalmologists may receive specific advertisements that differ from those that appear to members identified as neurologist.
- Account Management. We may use your information to administer your account, respond to your inquiries, fulfill your requests and send you administrative communications about the Services.
Sharing your personal information
Personal information disclosed for a business purpose
- Service Providers. We work with third party service providers to help us provide the Services and to otherwise assist us in the operation of our products, including in the areas of email management and deployment, analytics, marketing, advertising, market research, identity and professional credential validation, content distribution, customer service, payment fulfillment, event logistics, website maintenance and data storage and security. We may provide these service providers with personal information about users of our Services so that they can fulfill their responsibilities to us, and we require that they agree to limit their use of this personal information to the fulfillment of these responsibilities.
- Market Research. From time to time, we may invite you to participate in sponsored or unsponsored market research surveys. We may provide aggregate information from the survey results to third parties including the survey sponsor, if applicable. If you receive payment for participating in a sponsored survey, we may be required to provide the sponsor with personal information for its record keeping and regulatory reporting purposes. We will not provide any sponsor with your survey responses on an identifiable basis unless we obtain your consent prior to your participation in the survey. If you participate in a survey administered by a third party market research company, this company may identify you when you participate in the survey. We require these companies to agree that they will not provide the survey sponsor with personally identifiable information about you based on your participation in the survey, nor will they market to you based on such participation.
- Sponsored Content. When you engage with content on the QxMD platform, you may be presented with advertisements, promoted research and/or opportunities to engage in industry-sponsored informational programs consisting of sponsor-selected materials. All sponsored content and advertisements will be identified to you by the label Promoted, Advertisement, Information from Industry, Sponsored or some similar designation indicating that the content has been selected by a third-party sponsor. When you choose to engage with sponsored content, you may be asked to provide personal information which may be used to supplement information about you that we have already received during member registration. The personal information that you provide when you engage with sponsored content will be used to provide the services you have requested or authorized, respond to your questions, provide you the specific services you select and to send you emails about new programs and selected information from our sponsors as it relates to your specialty or area of clinical practice. You may also receive invitations to engage with other sponsored content from the same sponsor. When you are exposed to sponsored content or an advertisement through the Services, QxMD may identify you by name to the sponsor. We may also provide the sponsor with your specialty and country where you reside, based on your registration profile. We will not provide a sponsor with your personal contact information such as email or postal address. We are not responsible for how the sponsor and its agents use your information and manage your privacy. Further, we may use non-personally identifiable information for research purposes, and we may provide this information in the aggregate to third parties.
- Member Profiles. Subject to applicable law, WebMD may provide Member Profiles, and portions thereof, (excluding contact information and information about your participation in specific named CME and CE activities) to third parties, including our advertising customers, which these third parties may use for their business purposes including marketing.
- Continuing Medical Education. If you elect to collect Continuing Medical Education (CME) or Continuing Education (CE) credit, you may be asked to provide personally identifiable information such as your name, zip code and NPI. In addition to personally identifiable information, aggregated non-personally identifiable information about the activities undertaken by CME/CE participants is recorded. Information that you provide in connection with your participation in CME activities, either when registering or requesting credit, may be used as follows:
- QxMD partners with educational organizations such as those accredited by the Accreditation Council for Continuing Medical Education (ACCME) to provide continuing education to physicians. Your personal information is shared with our CME partner(s) who certify CME/CE activities offered, as necessary for their fulfillment of their reporting obligations to the ACCME and other accrediting bodies. These reports may include personal information about you and credits issued to you, for the purpose of maintaining records and contacting you about additional CME opportunities.
- QxMD may use personal information, including registration information and evaluation data, in assessing educational needs and evaluating its educational activities.
- Consent. We may disclose your personal information to a third party in a manner not addressed by this privacy notice subject to your consent at such time.
- Social Widgets. We may include social widgets within our websites and apps which enable you to interact with the associated social media services, e.g., to share an article. These widgets may collect browsing data which may be received by the third party that provided the widget, and are controlled by these third parties. You may be able to manage your privacy preferences directly with the applicable social network platform.
- Business Transfers and Affiliates. We may share your information with any member of our group of companies (meaning our subsidiaries, our ultimate holding company and its subsidiaries) for their use for the purposes set forth in this privacy notice, including to market to you through a variety of channels as described herein, subject to applicable law.
- Legal Requirements. We may release personal information when we believe release (i) is required to comply with valid legal requirements such as a law, regulation, search warrant, subpoena or court order and to meet national security or law enforcement requirements; or (ii) is reasonable in response to a physical threat to you or others, to protect property or defend or assert legal rights of us or others.
In the preceding twelve (12) months, we may have disclosed your personal information included in each of categories A, B, F, I and K for each business purpose described above depending on your use of the Services described herein.
We disclose your personal information for a business purpose to the following categories of third parties: (i) service providers, and (ii) third parties to whom you or your agents authorize us to disclose your personal information in connection with the Services.
Personal information “sold” to third parties
We do not sell your personal information as defined under the CCPA, and we do not sell the personal information of consumers that we know are minors under 16 years of age.
The CCPA provides California consumers with specific rights regarding their personal
information. This section describes your CCPA rights and explains how to exercise those rights.
Access to specific information and data portability rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- the categories of personal information we collected about you.
- the categories of sources for the personal information we collected about you.
- our business or commercial purpose for collecting or selling that personal information.
- the categories of third parties with whom we share that personal information.
- the specific pieces of personal information we collected about you (also called a data portability request).
- if we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
You may only make a verifiable consumer request for access or data portability twice within a
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- debug products to identify and repair errors that impair existing intended functionality.
- exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s
achievement, if you previously provided informed consent.
- enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- comply with a legal obligation.
- make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising access, data portability and deletion rights
To exercise the access, data portability and deletion rights described above, please submit a
request to us by either:
- Calling us at (866) 967-1410.
- Clicking here.
By calling the toll-free number or using the above form, you will be asked to provide certain identifying information, such as name, email, residency and date of birth, which we will only use to process or verify your request. You will be asked to validate your request by clicking a validation link in an email that will be sent to the email address provided.
The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
If you are exercising your right to access, portability or deletion, you may be asked to provide further verifying documentation, such as proof of residency and identity.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. If you are making a request through an authorized agent acting on your behalf, such authorized agent must provide proof of written authorization to do so, and you must verify your identity directly with us, unless such authorized agent provides proof of a power of attorney pursuant to Probate Code sections 4000 to 4465.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will cover a period of no less than 12 months preceding the receipt of a verifiable consumer request. The response we provide will explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting
discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
We may provide a different level of Services if the difference is reasonably related to value
provided by your data.
Changes to this privacy notice
We reserve the right to change or modify this privacy notice and any of our Services at any time and any changes will be effective upon being posted unless we advise otherwise. By continuing to use the Services after changes are made to this privacy notice, you agree to such changes. We encourage you to periodically review this privacy notice for the latest information on our privacy practices.
If you have any comments, questions or concerns regarding this privacy notice, please contact
us at privacy@QxMD.com.
Effective Date: January 1, 2020