WHAT INFORMATION DO WE COLLECT?
Information Collected via the Website
We automatically collect certain information when you visit, use or navigate the Website. This automatically collected information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your anonymized or actual IP address, browser characteristics, language preferences, referring URLs, approximate location, information about when and how you use our Website and other technical information. This information is primarily needed to maintain the security and operation of our Website, and for our internal analytics and reporting purposes.
You may also voluntarily provide further data and Personal Information to us on our Website when you do the following:
- Fill in web forms, including when you send us a message using our contact form, enter data in our public demo application, or contact our sales team;
- Purchase auto-renewing licenses and/or recurring services;
- Complete a survey; and
- Sign up to receive Rx Studio newsletters, offers, product updates, or other emails.
When you engage in any of these activities, we may collect your name, email address and other contact information, job title, the name and address of the healthcare center you are affiliated with (if applicable), how you heard about us, your areas of interest (for purposes of newsletters and offers) and any information you provide to us as part of that request (such as information about your clinical goals and needs in response to a survey). If you choose to purchase a subscription, we require that you provide us or our third-party payment processor with certain financial and billing information (including payment card information, bank details, and email addresses used for invoicing).
Information Collected via the Platform
We collect further information on our users operating the Platform. Some of this information is collected automatically for security and compliance reasons or for our internal analytics and reporting purposes. This includes IP address, country, and user activity history (such as buttons and links clicked). Other information is voluntarily provided when you do the following:
- Register and create an account on our Platform;
- Input data or upload a document, image, or other data file which includes Personal Information or PHI for the purpose of storage or processing (including for the purpose of user-requested precision dosing calculations and PK/PD modeling); and
- Contact us to ask a question, provide feedback, or request customer services.
For instance, when you create an account on our Platform, we collect your name, email address and other contact information, job title and professional affiliation, and may collect a profile photo or organization logo. If you contact us by email, through our branded social media accounts; through any integrated chat providers we may offer, or by telephone, SMS, or physical mail, we may collect your name, username, email address, phone number, physical address and any information you choose to provide in your communication. We only use this information to provide the service or support requested. Similarly, we collect any information you choose to provide when you input data or upload files for storage or processing via the Platform. We use this information strictly to provide the requested service and in accordance with our agreements with our healthcare providers.
Information Collected Outside of the Services
We may also receive or proactively gather information about you from sources outside the Services and add it to information we otherwise have about you in the following circumstances:
- Payment Processors. If you purchase a subscription to our Services, we require that you provide us or our third-party payment processor with certain financial and billing information, including payment card details. If a third-party payment processor is used, we may receive limited information from that processor, such as the last four digits of your card, the country of issuance, and the expiration date.
- Another Individual at Your Organization. We may collect your Personal Information from another individual at your organization who may provide us with your business contact information in order to invite you to create a user account on our Platform.
- Publicly Available Sources and Other Third Parties. We may obtain Personal Information about you from other sources, including public records, publicly available information on internet sites, and third parties that help us update, expand, and analyze our records.
- Third-Party Services. Our Services may allow users to enable a variety of third-party services on the Platform. Once enabled, the provider of a third-party service may share certain information with us, such as the username and email address associated with that user on the third-party service as well as additional information that the third-party service has chosen to make available to Rx Studio to facilitate the integration. You should check the privacy settings and privacy policies of these third-party services to understand what information may be shared with us.
- Third-Party Authentication Providers. Rx Studio allows you to sign up and log in to our Services using third-party authentication providers, such as Google Auth. If you choose to sign up and log in in this manner, the third-party authentication service will ask your permission to share certain information with us, including your name and email address. You can control the information that we receive from third-party authentication providers using the privacy settings in your accounts with those services.
We may combine the information we collect from and about you from these various sources. If a combination of information identifies you as an individual, we will treat the combined information as Personal Information.
WHAT COOKIES DO WE STORE?
We collect some of the information above using cookies and similar technologies. A “cookie” is a small text file that websites send to a visitor’s computer or other internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser.
WHAT IS OUR LEGAL BASIS FOR PROCESSING THIS INFORMATION?
The laws in some jurisdictions require companies to tell you about the legal grounds they rely on to process your Personal Information. To the extent those laws apply, we rely on the following grounds:
- Legitimate Interests. In most cases, we process your Personal Information on the grounds that it is reasonably necessary to achieve our legitimate business interests and those interests are not outweighed by the interests or fundamental rights and freedoms of the affected individuals. This includes providing the Services; marketing our business; protecting our customers, personnel, and property; and analyzing and improving our business.
- Performance of a Contract. Where we have entered into a contract with you, we may process your Personal Information to fulfill the terms of our contract.
- Legal Obligations. We may use and disclose your Personal Information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
- Vital Interests. We may process your Personal Information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
- Consent. Where required by law, and in some other cases, we handle Personal Information on the basis of implied or express consent. For instance, in relation to direct marketing, we will obtain and rely on your consent for such processing
HOW DO WE USE THIS INFORMATION?
We use Personal Information collected in connection with our Services for a variety of business purposes, including the following:
- To Provide our Services (including creating your account and authenticating you at sign in; managing your access to and use of our Services; fulfilling your requests, registrations, and purchases; and sending you technical notices, updates, security alerts, and support and administrative messages. We also use PHI shared by our users as model inputs to PK/PD models to simulate drug dosing regimens as requested by the user.);
- To Communicate with You (including responding to your requests, inquiries, comments, and suggestions);
- To Diagnose Technical Issues that may Arise with our Services (including identifying and troubleshooting bugs and service errors);
- To Keep our Services Safe and Secure (including preventing and detecting fraud, unauthorized access, and other unlawful behavior);
- To Further our Networking, Marketing, and Social Strategies (including posting testimonials; notifying you about products, services, offers, promotions, and events we think you may be interested; and promoting our products and services);
- To Conduct Internal Data Analysis (including identifying usage trends, determining the effectiveness of our promotional campaigns and evaluating and improving the user experience on our Website, Platform and other Services);
- To Conduct External Data Analysis (including de-identifying and/or aggregating information, and using and disclosing it for additional business purposes such as to perform research and provide statistical information and data regarding trends to our partners, to the extent such analysis is permitted by law and our agreements with healthcare providers);
- To Support our General Business Operations (including maintaining our business and legal recordkeeping, enforcing our terms, conditions, and policies, and complying with legal or regulatory requirements);
- To Respond to Legal Requests and Prevent Harm (including inspecting the data we hold to determine how to respond to a legal request or subpoena); and
- To Carry Out any Other Purpose Described to You at the Time the Information was Collected.
WILL YOUR INFORMATION BE SHARED WITH ANYONE?
We may share information about you with certain third parties in the following circumstances:
- Companies under Common Control. We may share Personal Information between and among any current or future parents, subsidiaries, affiliates, and other companies under common control and ownership with Rx Studio.
- Vendors and Service Providers. We may share Personal Information with vendors and service providers who need to access the data in order to perform services on our behalf, such as providing cloud-hosting or cloud-storage services. For more information about the third-party vendors and services providers we rely on please see the section entitled WHAT VENDORS AND SERVICE PROVIDERS DO YOU SHARE INFORMATION WITH?
- Third Parties at the Direction of Healthcare Providers. If you are a healthcare provider, pursuant to our agreement, we may share information with third parties you have elected to establish integrations with, or who seek to establish integrations with you and to facilitate, maintain, and monitor the use of such integrations.
- Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- Legal Requirements. We may share Personal Information when we believe it is necessary to comply with a legal obligation, including lawful requests from public authorities to meet national security or law enforcement requirements. We may also share Personal Information when we believe it is necessary to protect Rx Studio’s rights and property, to protect the safety of our users, and to defend against legal liability.
- Consent. We may process your data if you have given us specific consent to use your Personal Information in a specific purpose, including if we notify you that the information you provide will be shared in a particular manner and you provide that information.
- De-identified Information. Subject to our agreements with healthcare providers, we may also share aggregate or de-identified information, which cannot reasonably be used to identify you, for various purposes including compliance with various reporting obligations; for business or marketing purposes; or to assist third parties in understanding our users’ habits and usage patterns for certain features, content, services, advertisements, promotions, and/or functionality available through the Services.
WHAT VENDORS AND SERVICE PROVIDERS DO YOU SHARE INFORMATION WITH?
We currently use the following vendors and service providers for collecting, storing and processing Personal Information:
- Google Analytics, a service operated by Google, Inc., provides us with information about how our Website is used, such as which countries our visitors and users are browsing from, and what pages are the most popular. The data gathered is anonymous and cannot be used to identify individual users, as we do not use tracking cookies, nor do we log your actual IP address. You may block the collection of such data at https://tools.google.com/dlpage/gaoptout?hl=en .
- To standardize the collection of user events and actions performed in our Services for the product analytics, customer support, and platform auditability, we use Mixpanel, Inc. Mixpanel will receive your IP address, your user id, the timestamp of events and related properties (e.g., which page was viewed), and any data included in your forms. It will not be shared with third parties for marketing purposes. Mixpanel is based in the USA, and complies with the requirements of CCPA, GDPR, HIPAA and other international privacy frameworks. Find more information at https://mixpanel.com/legal/privacy-hub/ .
- ReCAPTCHA is a service provided by Google, Inc. that allows us to confirm that only real people (and not spambots) are able to submit our contact forms or sign up to our newsletters on our Website and Platform. When you tick the box that says “I’m not a robot”, Google places a cookie called NID in your browser, that communicates information such as which language your browser is using, the date, how many mouse clicks you have made on the screen, and which other Google cookies you may have on your device. This information is used to calculate a risk score of human or bot behavior. Find more information at https://developers.google.com/recaptcha .
- We use Google Cloud Platform to authenticate our Platform users, to store data provided by the Platform users, and to handle contact form submissions on our Website, subscribe to product updates forms on our Website and Platform, and to track events on our Platform that we need to keep for auditing purposes. Google will retain your IP address, the originating page of the request, and all data included in your forms, including your user id. It will not be shared with third parties for marketing purposes. Find more information at https://cloud.google.com/security/privacy .
- We use Amazon Web Services to provide the computational back-end for the drug dosing simulations and to keep an audit log of user and system events in our Platform. Amazon will retain your IP, the originating page of the request, and all data included in your forms, including the user id, timestamp and other characteristics of an event. It will not be shared with third parties for marketing purposes. Find more information at https://aws.amazon.com/compliance/data-privacy-faq .
- To improve the reliability of sending automated product update emails to our subscribers, we use SendPulse Inc. SendPulse will retain your IP address and all data included in our “subscribe to our newsletter” form in their log files on their server. This data is retained only for the purposes of delivering the email and providing us with information should there be a problem with the delivery. It will not be shared with third parties for marketing purposes. Find more information at https://sendpulse.com/legal/pp .
- To improve the reliability of receiving emails via our contact form and other personal messages, we use Mailgun Technologies, Inc.. Mailgun will retain your IP address and all data included in our contact form in their log files on their server. This data is retained only for the purposes of delivering the email and providing us with information should there be a problem with the delivery. It will not be shared with third parties for marketing purposes. Find more information at https://www.mailgun.com/privacy-policy/ .
- For international payments, we use Paddle as our merchant of record. Paddle will have access to your invoicing name, address, email address, and the list of products and subscriptions paid. Paddle also accepts credit card payments, in which case card information will be processed through them. Find more information at https://security.paddle.com/ .
Protected Health Information (PHI) is only shared with vendors who have been audited to meet HIPAA security standards and with whom we have a Business Associate Agreement (“BAA”) in place, including Amazon, Google, Mixpanel and Mailgun.
IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
We may transfer, store, and process your information in countries other than your own.
If you are a resident in the European Economic Area, you may contact us at firstname.lastname@example.org to obtain information about the relevant mechanism we use to transfer Personal Information outside the EEA.
HOW LONG DO WE KEEP YOUR INFORMATION?
When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize such information, or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.
HOW DO WE KEEP YOUR INFORMATION SAFE?
We have implemented appropriate technical and organizational security measures designed to protect the security of any Personal Information (including PHI) we process. For instance, we only store, process and transmit PHI in services which have been audited to meet HIPAA security standards.
However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot and do not promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your information. Although we will do our best to protect your information, transmission of personal and health information to and from our Services is at your own risk. You should only access the Services within a secure environment.
DO WE COLLECT INFORMATION FROM MINORS?
We do not knowingly collect Personal Information from or market to children under 18 years of age. If we learn that Personal Information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you are a parent or legal guardian and think that your child under 18 has given us Personal Information without consent, please contact us at email@example.com .
WHAT ARE YOUR PRIVACY RIGHTS?
You have a variety of rights and choices related to our use of your Personal Information.
Opting Out of Promotional Communications. You can opt out of receiving our promotional emails at any time. You may do so by submitting a request to firstname.lastname@example.org or by following the opt-out instructions included in those communications. Please be aware that it may take up to 10 days for us to process your request, and you may continue receiving promotional communications from us during that period. If you opt out of receiving such communications, please note that we may continue to send you non-promotional communications (such as emails related to our business relationship or emails about changes to our legal terms).
Restricting Cookies/Do Not Track. Rx Studio does not change its behavior in response to web browser “do not track” signals. However, you can configure most browsers to reject cookies or to notify you when you are sent a cookie giving you a chance to decide whether or not to accept it. You can consult the help section of your browser to find out how to do this. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services. In the event that a universally accepted standard emerges on how organizations should respond to “do not track” signals, we will assess and provide an appropriate response to those signals.
Access, Update, or Delete Your Information. If you are already a Rx Studio user, you may access and delete any Personal Information (including PHI) you shared while operating our Services, subject to exceptions allowed by law (e.g., we need to keep audit logs of accessing PHI) or pursuant to our agreements with healthcare providers. You may request an automated deletion of your Platform account and data on your Profile page at https://app.rx.studio/profile/preferences , but you may also request to access and/or delete your information in writing addressed to email@example.com . We reserve the right to charge a fee for manual search and reporting of custom requests. Subject to the terms of your agreement with us, you may terminate your account by emailing us at firstname.lastname@example.org . Please note that we may keep certain Personal Information as necessary to comply with our legal obligations or for legitimate business purposes, such as to resolve disputes or enforce our agreements. We may also keep cached archived copies of Personal Information for a certain period of time. Please also note that if you have used our Services to share information with another user or third party, you will not be able to access, update, or delete that shared information.
Data Requests. Depending on where you reside, you may be eligible to request that we provide access to and/or a copy of certain Personal Information we hold about you; ask that your Personal Information be corrected, updated, or erased; object to our processing of your Personal Information; request that we restrict certain processing; transfer your Personal Information to a third party; or honor your withdrawal of consent for certain processing of your Personal Information. We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interest or to comply with a legal obligation. Before responding to your request, we may require that you provide us with additional information to confirm your identity. You have the right to lodge a complaint with the authorities applicable to your situation. However, we invite you to contact us with any concern, as we would be happy to try to resolve it directly.
- If you are resident in the European Economic Area, you can find contact information for your local data protection supervisory authority here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm .
- If you are resident in Switzerland, you can find contact information for your local data protection authority here: https://www.edoeb.admin.ch/edoeb/en/home.html .
- If you are a resident of Brazil, you can find contact information for your local data protection authority here: https://www.gov.br/anpd/pt-br .
If you are a resident of California, the California Consumer Privacy Act (“CCPA”) requires us to disclose certain additional information with respect to our collection, use, and disclosure of your Personal Information.
Notice of collection. Although the information we collect is described in greater detail above, the categories of Personal Information that we have collected - as described by the CCPA - including in the past 12 months are:
- Commercial information
- Internet activity
- Financial information
- Professional and employment-related information
- Sensory information
Right to know. California residents may request disclosure of the specific pieces and/or categories of Personal Information that we have collected about them, the categories of sources for that Personal Information, the business or commercial purposes for collecting the information, the categories of Personal Information that we have disclosed, and the categories of third parties with which the information was shared. In general, this information is covered in the “WHAT INFORMATION DO WE COLLECT?”, “HOW DO WE USE THIS INFORMATION?”, “WILL YOUR INFORMATION BE SHARED WITH ANYONE?”, and “WHAT VENDORS AND SERVICE PROVIDERS DO YOU SHARE INFORMATION WITH?” sections above. However, if you would like to make an individual request for this information, please contact us at email@example.com .
Right to opt-out. Rx Studio does not sell Personal Information to third parties for monetary value. However, the term “sale” is broadly defined in the CCPA. To the extent that “sale” under the CCPA is interpreted to include any of the data uses described in the “HOW DO WE USE THIS INFORMATION?” section above, California residents are entitled to opt out of the “sale” of their Personal Information at any time. To exercise this right, please contact us at firstname.lastname@example.org .
Right to deletion. You may request that we delete the Personal Information we have collected about you (subject to certain exceptions). Please be aware that we may keep certain information as required or permitted by applicable law. To exercise this right, please contact us at email@example.com .
Right to non-discrimination. Limiting use of, or deleting your Personal Information may affect features and uses that rely on that information. However, we will not discriminate against you for exercising any of your rights, including denying you goods or services, providing you with a different level or quality of services, or charging you different prices or rates for services.
Authorized agent. You may designate an authorized agent to make a request on your behalf. To do so, you must provide a valid power of attorney, the requester’s valid, government-issued identification, the authorized agent’s valid government-issued identification. To verify the request, we may contact you directly.
DO WE MAKE UPDATES TO THIS NOTICE?
Rx Studio Inc.
440 N Barranca Ave, #2086
Covina, CA 91723