What's New:Thank you for using MedsChat.com. This page explains what, how, and why we collect information when you use our services. Please know that we are committed to safeguarding your privacy. Therefore, this policy details how we treat your Personal Information as well as the choices available to you regarding the use of, your access to, and how to update and correct such information.
- Added a section for California Privacy Rights (CCPA)
- Shortened data request response time from thirty to ten days
- Added a dedicated privacy email address
- New section for our policy regarding minors
This privacy statement applies to services provided through our website www.medschat.com which is owned and operated by MedsChat.com, a subsidiary of Limelight Innovations L.L.C., a State of Colorado limited liability company. We operate an online community which allows individuals to discuss drug related topics with one another.
EU-U.S. Privacy Shield
MedsChat.com is responsible for the processing of personal data that it receives, under the Privacy Shield Framework, and subsequently transfers to third party Service Providers (as outlined in this privacy statement) acting on its behalf. MedsChat.com complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
In compliance with the Privacy Shield Principles, MedsChat.com commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact MedsChat.com via our contact form.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, MedsChat.com is subject to the regulatory enforcement powers of the United States Federal Trade Commission (FTC).
Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
California Privacy Rights
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or "CCPA".
For more details about the personal information we have collected over the last 12 months, how we use or share it, and what your rights are, please see Data Collection and the subsequent sections below.
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any "sales" that may be occurring, and to not be discriminated against for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us at [email protected] or via our contact form. We will verify your request using the information provided to us, including email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.
To block our use of third-party cookies for analytics and interest based advertising (which may fall under the classification of "selling" information), please visit our do not sell page.
If you have any questions or comments, or if you have a concern about the way in which we have handled any privacy matter please use our contact form or email us at [email protected] to get in touch. You may also reach us via postal mail at:
9888 W Belleview Ave #5000
Denver, CO 80123
We collect information about our users in a variety of ways, some of which is automatic. When we collect information automatically, it is used to help us measure, optimize, and secure our website. Other Personal Information collected from users (such as an Email Address) is voluntary (opt-in) on their part. MedsChat.com is the sole owner (controller) of data which we collect from our users and it is only shared with Service Providers (processors) as outlined in this privacy statement or as required by law. Specifics of our data collection practices are further outlined below:
Automatically Collected Data
We collect and store certain information inside log files and cookies automatically. This helps us to track high level statistics about our visitors, how our site is most used, and it helps us to secure our website. Furthermore, this allows us to ensure that we are providing the best possible service and to tailor content to users more appropriately. At a high level we record how you arrived here, what pages you view within our site, and some basic information about your computer and location. Please note that this information does not tell us who you are. It simply shows us that somebody visited our site.
Statistics which we track:
- Date & Time a user accesses our site
- Pages which are viewed and accessed on our site
- Website address of the referring page / domain which brought a visitor to us
- Browser and operating system version of the device which is being used
- Which pages from our site are bookmarked or shared
- When an email message which we send to our users is opened
- Internet Protocol (IP) address provided by the Internet Service Provider (ISP) or Proxy Service through which someone accesses the Internet. While this is generalized information (for example, we cannot know a name, address, telephone number, or any other personal details just from knowing the IP address), it does give us a general idea of the geographic location (such as City, State, Country, and Internet Service Provider). If you are interested in learning more about IP addresses we recommend that you see the Wikipedia reference.
We use Google Analytics to measure visits to our website and when an email which we send is opened. This includes a unique ID stored in the form of a cookie inside your browser so that the Analytics service can identify new vs repeat visitors and provide us with aggregate data as outlined above. Please note, however, that our Google Analytics settings block the transmission of your full IP address or any other Personal Information (using their IP Anonymization method). Furthermore, we have disabled Advertising Features in our Analytics account for added privacy. Lastly, we reviewed and accepted their Data Processing Amendment for the General Data Protection Regulation on 5 April, 2018. If you wish to completely opt out of Google Analytics tracking, please visit: https://tools.google.com/dlpage/gaoptout.
Because we employ multiple Google technologies (such as Analytics and Ads) you may also be interested in their page "How Google uses data when you use our partners' sites or apps"
In using our service you may choose to provide us with your Email Address. This is collected and processed if you: Choose to receive notifications from one or more Discussion Threads; Subscribe to our Health Newsletter; Email yourself a Prescription Discount Card; Share a page from our site via the "Email a Friend" form; Send us a message via our Contact form or through your email account. This information is collected on a voluntary (opt-in) basis and is not required for you to view pages on our site. We expressly prohibit the posting of any Personal Information in our discussion threads (such as an individual's full name, address, telephone number, or email address). Such information will be promptly removed by our moderators once discovered.
Please note that your Email Address is not shared outside of our organization, support staff, and our Email Service Providers (see the Service Providers section for more details). As part of our internal security, we may tie your Email Address to the statistics which we automatically collect above.
If you share a page from our website via the "Email a Friend" form, we will also collect and process your friend's Email Address. We only use this information to transmit the email message for sharing content from our website on your behalf. Your friend's Email Address is never stored on our servers, but a copy of the outgoing email message (including the sender and recipient's Email Address) is retained by our Email Service Provider for up to 30 days. This is so that we can track and diagnose any issues which arise with our outgoing email.
Reporting or Voting for a Post
If you choose to Vote on the helpfulness of a reply or Report a specific message inside our forums to us, we will store the IP address associated with the corresponding action. This is to identify usage patterns for preventing abuse to our service. We may also tie your IP address to other data which we collect from you as listed above.
When you choose to bookmark and share pages from our website using the buttons which we provide, you may be routed through the AddThis service and onto one or more social networks. Please note that AddThis and the target social network (as outside services) maintain their own privacy policies which govern the collection and use of the information collected on those sites.
Prescription Discount Card
We offer a branded Prescription Discount Card / Rx Savings Voucher to patients located inside the United States. When an individual uses it to claim a savings on their prescription from the pharmacy, the process is handled by third parties (which may include the dispensing pharmacy and benefit managers DataRx or RxCut) who maintain privacy and data collection practices which are separate from ours. We are provided with reports containing the Member ID, the Date that a prescription was filled, the Name & Location of the pharmacy, the specific Drug which was dispensed, and the Cost of filling the prescription (but not an individual's name, address, or social security number). This data is collected so that we may understand how the discount card is being used as well as evaluating our marketing efforts of this service. If you do not wish for this information to be known by us, please do not use our discount card.
We may share your information with the following third parties who provide services on our behalf to help with business activities as described below. These companies are authorized to use your personal information only as necessary to provide these services to us.
We use MailGun as an outside service (processor) to transmit email messages on our behalf. Because of this, we must share your Email Address with them at the time of email transmission. MailGun maintains a Data Processing Agreement with their customers and they only store personal data on a temporary (as needed) basis to provide their service. For more details, please see https://www.mailgun.com/gdpr and https://www.mailgun.com/privacy-policy.
Incoming email archives for our service (such as when you send us a message directly through email) are stored in the Google Cloud Platform. You can read more about their Data Protection Commitments at https://cloud.google.com/security/gdpr/.
Our web service is hosted through Rackspace and Vultr cloud servers. We have engaged in Data Protection Agreements with them as processors of our service. More details are available at https://www.rackspace.com/en-us/gdpr and https://www.vultr.com/legal/vultr_gdpr_dpa.pdf
We use CloudFlare as our DNS & HTTP proxy. This helps to protect our servers from denial of service attacks and unauthorized access attempts. Please note that our use of CloudFlare results in a cookie being assigned to each individual called "__cfuid". As explained on their page What does the Cloudflare cfduid cookie do?, "The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis... This cookie is absolutely necessary for supporting Cloudflare's security features and cannot be turned off." Subsequently, we have engaged in a separate Data Processing Addendum with them per the instructions outlined at https://www.cloudflare.com/media/pdf/cloudflare-customer-dpa-20180612.pdf (PDF).
You have the right to request the correction or deletion of any personal data which is held about you. Please see the Data Requests heading below for more details.
We will retain and use your information as necessary for our security, to comply with our legal obligations, resolve disputes, and enforce our agreements.
Automatically Collected Data as outlined above is stored on our internal servers and corresponding backup devices for a period of 120 days before being deleted. User data tracked through Google Analytics is valid for a period of 26 months from the time of your last visit to our website (this applies to a unique cookie ID and does not include your Email or IP address). Outgoing email records sent through MailGun are stored for a period of 30 days.
In addition, we maintain a record of user data (including your IP address and Email if provided) if you: Choose to receive notifications from one or more Discussion Threads; Subscribe to our Health Newsletter; Email yourself a Prescription Discount Card; Report a Post in our discussion threads to us; Vote for the helpfulness of a reply inside our discussion threads; Share a page from our site via the "Email a Friend" form; Send us a message via our Contact form or directly through your email account. As mentioned before, this information is collected on a voluntary basis and is not required for you to view pages on our site.
You have the right to request the correction or deletion of any personal data which is held about you. Please see the Data Requests heading below for more details.
If you no longer wish to receive our Newsletter or other system-generated Emails, you may opt out by following the link included inside each message or by emailing us via our contact form.
Upon request we will let you know whether we hold any of your Personal Information. If you wish to request a copy of, or for us to update, delete, or restrict of any Personal Information which we hold or process for you, please use our contact form to reach us. We will respond to your request within ten days.
Policy Regarding Children
Our website is not intended for use by minors. We do not knowingly collect information from individuals under the age of eighteen. If you are a parent or guardian and believe we have collected information about your child in violation of this policy, please notify us as described under the Contacting Us heading.
We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. Our servers are located in a secured facility and we employ firewalls for additional protection. However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. If we discover that there has been a material breach of security which could have resulted in the unauthorized disclosure of your Personal Information, we will notify you via email within 72 hours.
If you use a discussion thread on this website, you should be aware that any personally identifiable information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the personally identifiable information you choose to submit in these forums.
If you have any questions about security on our website, you can send us a message via our contact form.
Links to Other Sites
Our service includes links to other websites (either directly or through advertisements) whose privacy practices may differ from those of MedsChat.com. If you submit Personal Information to any of those sites, your information is governed by their data collection practices and we are not responsible. We encourage you to carefully read the privacy statement of any website you visit. Neither party has authority to make any representations or commitments on behalf of the other.
In certain situations, MedsChat.com may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
As a result, we reserve the right to disclose your personally identifiable information as required by law, such as to comply with a subpoena or similar legal process, and when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process served on our website.
If MedsChat is involved in a merger, acquisition, or sale of all or a portion of its assets, we will post a prominent notice on this page of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.