CA Privacy Policy

QxMD – California Privacy Policy

Last Modified: May 18, 2020

This PRIVACY NOTICE FOR CALIFORNIA RESIDENTS supplements the information contained in the Privacy Policy of QxMD Software, Inc. (“we,” “us,” or “our”) and applies solely to our users who are residents of the State of California (“consumers” or “you”) in relation to your use of our apps, websites, emails and educational content, including Calculate by QxMD, Read by QxMD, Learn by QxMD and Pedi STAT (collectively, the “Services”).

We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in our Privacy Policy or in the CCPA have the same meaning when used in this notice.

Information we collect.

We have collected the following categories of information from consumers within the last twelve (12) months:

Category	Examples	Collected
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.	Yes
B. Personal information listed under Cal. Civ. Code § 1798.80(e).	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.	Yes
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	No
D. Commercial Information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	Yes
E. Biometric Information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	No
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.	Yes
G. Geolocation data.	Physical location or movements.	Yes
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	No
I. Professional or employment-related information.	Current or past job history or performance evaluations.	Yes
J. Non-public education information.	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	No
K. Inferences drawn from other personal information.	Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	Yes

Certain information that we collect identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”).

Personal information does not include:

Publicly available information from government records.
De-identified or aggregated consumer information.

Information included in categories D and G is collected and used in a de-identified and/or aggregated manner.

Information excluded from the CCPA’s scope, like:

health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; or
personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

Categories of sources from which information is collected.

As described in our Privacy Policy, we may obtain the categories of personal information listed above from the following categories of sources:

Directly from you, such as when you register with us.
Indirectly from you, such as information we may collect in the course of providing the Services.
Directly and indirectly from your activity related to our Services.
From third parties that interact with us in connection with the Services.

Use of personal information.

Each of categories A, B, F, I and K described above may be used for the following business purposes:

Provision of the Services. We may use your personal information to provide and improve the Services, and to develop new Services.
Member Profiles. We may associate your personal information with respect to your use of the Services with your registration information and any other information we have about you, as described in this privacy notice, thereby creating a profile of you that we may update from time to time (“Member Profile”).
Communications. By registering with us, we may use of your registration information and other information collected about you as described in this privacy notice to communicate with you about the Services and other information that may be of interest to you. These communications may be conveyed through a variety of channels, subject to applicable law, including emails and may contain advertisements and other promotional materials from third party sponsors, including pharmaceutical companies.
Personalize the Services. We may personalize the Services, including the advertising you see within our products, on third party websites and in our email communications, based on information included in your Member Profile. For example, members who identify themselves as ophthalmologists may receive specific advertisements that differ from those that appear to members identified as neurologist.
Account Management. We may use your information to administer your account, respond to your inquiries, fulfill your requests and send you administrative communications about the Services.
Investigations. We may use your information to detect, investigate and defend against fraudulent or unlawful activity, violations of the Medscape Terms of Use and to otherwise establish, exercise and defend our legal rights.

Sharing your personal information

Personal information disclosed for a business purpose

Service Providers. We work with third party service providers to help us provide the Services and to otherwise assist us in the operation of our products, including in the areas of email management and deployment, analytics, marketing, advertising, market research, identity and professional credential validation, content distribution, customer service, payment fulfillment, event logistics, website maintenance and data storage and security. We may provide these service providers with personal information about users of our Services so that they can fulfill their responsibilities to us, and we require that they agree to limit their use of this personal information to the fulfillment of these responsibilities.
Market Research. From time to time, we may invite you to participate in sponsored or unsponsored market research surveys. We may provide aggregate information from the survey results to third parties including the survey sponsor, if applicable. If you receive payment for participating in a sponsored survey, we may be required to provide the sponsor with personal information for its record keeping and regulatory reporting purposes. We will not provide any sponsor with your survey responses on an identifiable basis unless we obtain your consent. If you participate in a survey administered by a third party market research company, this company may identify you when you participate in the survey. We require these companies to agree that they will not provide the survey sponsor with personally identifiable information about you based on your participation in the survey, nor will they market to you based on such participation.
Sponsored Content. When you engage with content on the QxMD platform, you may be presented with advertisements, promoted research and/or opportunities to engage in industry-sponsored informational programs consisting of selected materials from our sponsors, which may include third-party advertisers and pharmaceutical companies. We may personalize the Services, including the advertising you see within our apps and websites, on third party websites and in our email communications, based on information included in your Member Profile. For example, a user who we believe is a cardiologist or who has browsed cardiology content on one of our apps may be served an advertisement promoting a particular cardiac product within our apps and websites, on third party websites and/or within an email that a user who we believe is a neurologist or has not browsed cardiology content will not see. All sponsored content and advertisements will be identified to you by the label Promoted, Advertisement, Information from Industry, Sponsored or some similar designation indicating that the content has been selected by a third-party sponsor. We may provide your personal information to third party sponsors of advertisements, subject to applicable law. Specifically, when you are exposed to an advertisement through the Services, whether on one of our websites or apps, in an email or through some other means, or when you engage in a sponsored program, QxMD may provide your personal information, such as your name and specialty (but not your email or postal address) to the applicable sponsor and/or its agents on the sponsor’s behalf. We may also provide such third parties with details about your engagement with the advertisement or sponsored program (e.g., whether you viewed or otherwise interacted with certain content), your answers to any questions contained in the sponsored program and information about you that we have received from third parties. Except as otherwise provided by applicable law, we are not responsible for how these third parties use your information. Further, we may use non-personally identifiable information for research purposes, and we may provide this information in the aggregate to third parties.
Member Profiles. Subject to applicable law, WebMD may provide Member Profiles, and portions thereof, (excluding contact information and information about your participation in specific named CME and CE activities) to third parties, including our advertising customers, which these third parties may use for their business purposes including marketing.
Continuing Medical Education. If you elect to collect Continuing Medical Education (CME) or Continuing Education (CE) credit, you may be asked to provide personally identifiable information such as your name, zip code and NPI. In addition to personally identifiable information, aggregated non-personally identifiable information about the activities undertaken by CME/CE participants is recorded. Information that you provide in connection with your participation in CME activities, either when registering or requesting credit, may be used as follows:

QxMD partners with educational organizations such as those accredited by the Accreditation Council for Continuing Medical Education (ACCME) to provide continuing education to physicians. Your personal information is shared with our CME partner(s) who certify CME/CE activities offered, as necessary for their fulfillment of their reporting obligations to the ACCME and other accrediting bodies. These reports may include personal information about you and credits issued to you, for the purpose of maintaining records and contacting you about additional CME opportunities.
QxMD may use personal information, including registration information and evaluation data, in assessing educational needs and evaluating its educational activities.

Consent. We may disclose your personal information to a third party in a manner not addressed by this privacy notice subject to your consent at such time.
Social Widgets. We may include social widgets within our websites and apps which enable you to interact with the associated social media services, e.g., to share an article. These widgets may collect browsing data which may be received by the third party that provided the widget, and are controlled by these third parties. You may be able to manage your privacy preferences directly with the applicable social network platform.
Business Transfers and Affiliates. We may collect and disclose your personal information to our affiliates to provide Services, targeted campaigns and improve your experience by showing relevant content and advertisements, subject to applicable law.
Legal Requirements. We may release personal information when we believe release (i) is required to comply with valid legal requirements such as a law, regulation, search warrant, subpoena or court order and to meet national security or law enforcement requirements; or (ii) is reasonable in response to a physical threat to you or others, to protect property or defend or assert legal rights of us or others.

In the preceding twelve (12) months, we may have disclosed your personal information included in each of categories A, B, F, I and K for each business purpose described above depending on your use of the Services described herein.

We disclose your personal information for a business purpose to the following categories of third parties: (i) service providers, and (ii) third parties to whom you or your agents authorize us to disclose your personal information in connection with the Services.

Personal information “sold” to third parties

In the preceding twelve (12) months, we may have “sold” the personal information included in each of categories A, B, F, I and K described above to our commercial clients in connection with our sponsored programs described under Sponsored Content above.

We do not sell the personal information of consumers that we know are minors under 16 years of age without affirmative authorization as required under the CCPA.

Your rights

The CCPA provides California consumers with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to specific information and data portability rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

the categories of personal information we collected about you.
the categories of sources for the personal information we collected about you.
our business or commercial purpose for collecting or selling that personal information.
the categories of third parties with whom we share that personal information.
the specific pieces of personal information we collected about you (also called a data portability request).
if we sold or disclosed your personal information for a business purpose, two separate lists disclosing:

sales, identifying the personal information categories that each category of recipient purchased; and
disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period.

Deletion rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
debug products to identify and repair errors that impair existing intended functionality.
exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
comply with a legal obligation.
make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Right to opt out of the sale of your personal information

You have the right to opt out of the sale of your personal information subject to certain exclusions as described below. Once we receive your request, we will not sell your personal information, unless an exclusion applies. We may request that you authorize the sale of your personal information after 12 months following your opt-out.

The CCPA excludes certain transfers of your personal information from what constitutes a sale thereof:

As directed by you:

When you direct us to intentionally disclose your personal information or use the Services to intentionally interact with us or a third party (provided that third party does not sell your personal information, unless that disclosure would be consistent with the CCPA).

Opt-out signal:

We may share an identifier for you if you have opted out of the sale of your personal information for the purposes of alerting third parties of your election.

Service provider:

We may share your personal information with a service provider that is necessary to perform a business purpose as described above if both of the following conditions are met:

we provide notice of the sharing and your opt-out right as described herein.
the service provider does not further collect, sell, or use the personal information of the consumer except as necessary to perform the business purpose.

Change of control:

We may transfer to a third party your personal information as an asset that is part of a merger, acquisition, bankruptcy, or other transaction subject to certain requirements described in the CCPA.

Exercising access, data portability and deletion rights

To exercise the access, data portability and deletion rights described above, please submit a request to us by either:

Calling us at (866) 967-1408.
Clicking here.

By calling the toll-free number or using the above form, you will be asked to provide certain identifying information, such as name, email, residency and date of birth, which we will only use to process or verify your request. You will be asked to validate your request by clicking a validation link in an email that will be sent to the email address provided.

The verifiable consumer request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

If you are exercising your right to access, portability or deletion, you may be asked to provide further verifying documentation, such as proof of residency and identity.

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. If you are making a request through an authorized agent acting on your behalf, such authorized agent must provide proof of written authorization to do so, and you must verify your identity directly with us, unless such authorized agent provides proof of a power of attorney pursuant to Probate Code sections 4000 to 4465.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Exercising opt-out right

You may exercise your opt-out right by clicking the “Do Not Sell My Personal Information“ link on our website or in our apps.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will cover a period of no less than 12 months preceding the receipt of a verifiable consumer request. The response we provide will explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

We may provide a different level of Services if the difference is reasonably related to value provided by your data.

Changes to this privacy notice

We reserve the right to change or modify this privacy notice and any of our Services at any time and any changes will be effective upon being posted unless we advise otherwise. By continuing to use the Services after changes are made to this privacy notice, you agree to such changes. We encourage you to periodically review this privacy notice for the latest information on our privacy practices.

Contact information

If you have any comments, questions or concerns regarding this privacy notice, please contact us at [email protected].

Effective Date: May 18, 2020