Version 2.1, Effective as of November 2021
- Introduction
Welcome to CarepathRx Technology Solutions’ (CTS) Privacy Policy.
We respect your privacy and are committed to protecting your Personal Data and other information. “Personal Data” means any information (including but not limited to Personal Health Information (“PHI”)) relating to an identified or identifiable natural person; where an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, date of birth, location data, phone number, an online identifier or to one or more factors specific to that natural person.
Because the CTS services may operate in conjunction with the pharmacy services provided to you by the pharmacy from whom you purchase your prescriptions (“Pharmacy”), you are also subject to the Notice of Privacy Practices of your Pharmacy, and you should review your Pharmacy’s website for the applicable Notice of Privacy Practices.
This Privacy Policy tells you about our policies and procedures for collecting, using, and disclosing your Personal Data and other information. It also tells you about your privacy rights and how the law protects you.
Users may access our software and services (the “Services”) through our websites, and other affiliated sites, including but not limited to CTS’s software application sites and URLs (the “Sites”), applications on Devices, through APIs, and through third-parties (including our third-party technology partners or affiliates). A “Device” is any computing mechanism used to access the Services, including without limitation a desktop, laptop, mobile phone, tablet, or other Internet-enabled electronic device. This Privacy Policy governs your access of the Services, regardless of how you access it, and by using our Services you consent to the collection, transfer, processing, storage, disclosure and other uses described in this Privacy Policy.
This Privacy Policy refers to different categories of users, specifically:
“Visitor” refers to a user who accesses the Sites or Service but does not register with or purchase any services or goods from CTS;
“Registered User” refers to a user who is authorized to access a specific an account with the Services, or otherwise agrees to provide Personal Data for specific communication with, or from, CTS;
“Subscriber” refers to a Registered User who purchases a subscription plan for the Services, has a contractual relationship with CTS for the provision of Services, or purchases products or Services from CTS through the Sites. All Licensees of CTS and their “Authorized Users” or “Named Users” as defined in CTS Agreements are Subscribers.
All of the different forms of data, content, and information described below, including without limitation Personal Data, are collectively referred to as “Information.”
Our Privacy Policy explains:
- What information we collect and why we collect it.
- How we use that information.
It is our policy to respect the privacy of our users regarding any information that we may collect while operating our website and our mobile or web-based products.
- Important information and who we are
Controller and Processor
CTS (sometimes referred to as “Company”, “we”, “us” or “our” in this Privacy Policy), depending upon the circumstance is both a Controller responsible for your Personal Data and a Processor, who collects and retains your data on behalf of another party (our clients).
We regularly review this Privacy Policy, and will make adjustments, if necessary, to ensure that we comply with applicable laws and regulations. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights (see below), please contact us using the details set out below.
Contact Details
Full name of legal entity: Semita, Inc. DBA CarepathRx Technology Solutions
Name or title of data privacy manager: Brad Hall
Email address: legal@semitarx.com
Address: 500 Winderley Place, Suite 226, Maitland, FL 32751
- What Personal Data and other Information do we collect and store, and how is it collected?
Personal Data You Provide to Us. The types of Personal Data collected this way may include, among other information, your name, date of birth, username, email address, address, telephone number, fax number, name of the file emailed/printed/stored by you when using our Services, and browser/mobile device information.
Files. We may collect and store the files you upload, download, or access with the Services (“Files”).
Files filled out by users may be stored on our servers. However, these Files and the users’ information contained therein are accessible only to the account of the Subscribers in which they are stored. .
Log Data. When you use the Services, we (ourselves or through contracted third-party services) may automatically record some information from your Device, its software, and your activity using the Services, which can sometimes be correlated with Personal Data and so associated with you. This may include the Device’s Internet Protocol (“IP”) address, browser type, the web page visited before you came to our website, information you search for on our website, locale preferences, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your Files, and other interactions with the Services.
Cookies. We also use “cookies” to collect information and improve our Services. A cookie is a small data file that we transfer to your Device.
We may use:
- “Persistent cookies” to save your registration ID and login password for future logins to the Services;
- “Session ID cookies” to enable certain features of the Services, to better understand how you interact with the Services and to monitor aggregate usage and web traffic routing on the Services.
You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit, including our Sites. If you disable or refuse cookies, please note that some parts of our software (including websites, if any) may become inaccessible or not function properly.
Geo-Location Information. Some Devices allow applications to access real-time location-based information (for example, GPS). Also, some of the information we collect from a Device, for example IP address, can sometimes be used to approximate a Device’s location.
- If you fail to provide Personal Data
Where we need to collect your Personal Data by law, or in order to provide services under an agreement we have with you or are trying to enter into with you and you fail to provide that data when requested, we may not be able to perform the agreement we have or are trying to enter into with you (for example, to provide you with our Services). In this case, we may have to cancel the contract but we will notify you if this is the case at that time.
- How do we use information we collect?
We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data in the following circumstances:
- Where we need to do so to fulfill a contract with our Clients to which you have consented to participate.
- Where we need to do so to perform a contract we have entered into with you, or to take steps at your request before entering into such a contract. This applies particularly where we use your Personal Data to administer your use of the Services.
- Where it is necessary for a legitimate interest and your interests and fundamental rights do not override those interests. A legitimate interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. This applies particularly where we use your Personal Data to better understand your needs and interests, to improve our Services, to personalize and improve your experience, to provide or offer software updates or otherwise to do anything with your Personal Data that we consider to be necessary for our legitimate interests (and typically also to be for the benefit of our users and Subscribers, and therefore also for your benefit, whether directly or indirectly).
- Where we need to comply with a legal or regulatory obligation.
NOTE: We may process your Personal Data upon more than one lawful ground depending on the specific purpose for which we are using your data.
Your Personal Data is or may be used:
(i) to set up an account and profile for you and to enable you to access Services securely;
(ii) to administer your use of the Services and to provide and improve our Services;
(iii) to transmit information to your prospective or current employer at your, or the employer’s, request;
(iv) to better understand your needs and interests;
(v) to personalize and improve your experience; and
(vi) to provide or offer software updates and product announcements. If you no longer wish to receive communications from us, please follow the “unsubscribe” instructions provided in any of those communications.
We disclose potentially personally-identifying information (i.e. Personal Data) only to those of our employees, contractors and affiliated organizations that (i) need to know that information in order to process it on Company’s behalf or to provide services available at Company’s website and mobile platforms, or through the Company’s proprietary software products; and (ii) that have agreed not to disclose it to others.
Log Data and Cookies are or may be used in aggregated form. We aggregate Log Data and data collected through Cookies (as described above). If data collected from you is aggregated in this way, you can no longer be identified from it. We use this aggregated information for the above purposes and to monitor and analyze use of the Services, for the Service’s technical administration, to increase our Service’s functionality and user-friendliness, and to verify users have the authorization needed for the Services to process their requests. We may provide aggregated information to our partners about how our users, collectively, use the Sites, so that our partners may also understand how often people use their services and our Service.
Records of Communications. When you contact us, we may keep a record of your communication to help solve any issues you might be facing. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it (but in a manner that does not identify you) in order to help us clarify or respond to your request or to help us support other users.
Third-Party Marketing. We do not provide Personal Data to third parties for our own benefit or share your Personal Data with any entity outside of the Company and its affiliates for marketing purposes or use your Personal Data to market any third-party products or services to you.
Retention of Records. Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our Services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.
- Disclosure of Your Information
We may have to share your Personal Data and other information with third parties, as described below.
For legal reasons. We may disclose to parties outside Company, Files stored on the Services and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to: (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Company or its users; or (d) protect Company’s property rights. If, as stated above, Company has to turn over your Files to comply with a law, regulation or compulsory legal request, the Files that will be turned over will remain encrypted.
Business transfers. If we are involved in a merger, acquisition, or sale of all or a portion of our business or assets, your information may be transferred as part of that transaction, but we will notify you (for example, via email and/or a prominent notice on our website) of any change in control or use of your Personal Data or other information or Files, or if either become subject to a different Privacy Policy. We will also notify you of choices you may have regarding the information.
Non-private or non-Personal Data. We may share aggregated, non-Personal Data publicly and with our partners. For example, we may share aggregated, non-personal information publicly to show trends about the general use of our Services.
- Data Security
We have put in place appropriate security measures intended to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know, or to the specific Company client(s) to which you are applying for employment or are employed. Our employees, agents, contractors and other third parties will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
- Changing or Deleting Your Information
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
If you are a Registered User, you may review, update, correct or delete the Personal Data provided in your registration or account profile by changing information in your profile or account page. In some cases we may retain copies of your information if required by law. For questions about your Personal Data on our Service, please contact us. We will respond to your inquiry within 30 days.
- Data and File Retention
We will retain your Personal Data and other information for as long as your account is active or as needed to provide Services to you.
If you are a Registered User and wish to cancel your account or request that we no longer use your information to provide you Services, you may contact us and we will work with you to delete your account.
We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Consistent with these requirements, we will try to delete your information quickly upon request. Please note, however, that there might be latency in deleting information from our servers and backed-up versions might exist after deletion (although . In addition, although we will delete Files from your account, we do not delete from our servers copies of Files shared with and stored in the accounts of other Registered Users or Subscribers.
In some circumstances we may anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, or for purposes of aggregating it with other information in connection with improving our Services, in which case we may use this information indefinitely without further notice to you. We may retain your email address on opt-out lists and audit trails required to prove compliance with laws and regulations.
- Corporate Customers
If you are a Subscriber to our Services, then your account administrator(s) may be able to:
- access information in and about your account;
- disclose, restrict, or access information that you have provided or that is made available to you when using the Service; and
- control how your account may be accessed or deleted.
Please refer to your organization’s policies if you have questions about your administrator’s rights.
- Third Party Applications
We may share your information with a third party application with your consent, for example when you choose to access our Services through such an application. We are not responsible for what those parties do with your information, so you should make sure you trust the application and that it has a privacy policy acceptable to you.
- Enforcement and Your Legal Rights
Compliance. We regularly review our compliance with our Privacy Policy. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We will work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of Personal Data that we cannot resolve directly with our users.
Your legal rights. Under certain circumstances, you have rights under data protection laws in relation to your Personal Data. In particular you may have the right to:
- Request access to your Personal Data. This is commonly known as a “data subject access request”. This enables you to receive a copy of the Personal Data that we hold about you and to check that we are lawfully processing it.
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to retain or process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable,
- Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. We have no access to your Files of any Personal Data therein but the Service provides you means to export any Files.
- Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us at .
No fee usually required. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights described above). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
What we may need from you. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that your Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if, for example, your request is particularly complex or you have made a number of requests or we have received multiple requests. In this case, we will notify you and keep you updated about expected timing for response.
- Questions or Concerns?
If you would like to communicate with us about this Privacy Policy or our collection and use of your Personal Data or other information, please contact our data privacy manager through legal@semitarx.com.