Last Updated: January 9, 2020
Service or Services. Our website, other online products and services, products, and software as accessed by a user whether or not a user has an account.
Personal Information. Personal Information is information that can identify, relate to, describe, is reasonably capable of being associated with you, or could reasonably be linked to you or your household either alone or in combination with other information. For Refera, Personal Information includes sensitive or special categories of personal information such as health information, information related to health and wellness, medications, tests ordered and related results, medical records including information related to HIV and/or other sexually-transmitted diseases, mental and behavioral health conditions and treatment, substance abuse conditions and treatment, other health issues, and payment-related data, collected, transmitted, and stored through our Services. Please review the Section entitled “Information We Collect from You” for more details.
De-identified Information. De-identified information does not identify you based on individual pieces of information or combinations of information. Your direct information (e.g., name) and indirect information (e.g., Device ID) are removed, such that you cannot be reasonably re-identified as an individual.
Aggregate Information. Your personal information is combined and compiled with other individuals’ personal information for the purpose of analysis and improving our Services. The aggregation process involves de-identification of Personal Information such that you and other individuals cannot be reasonably re-identified as specific individuals.
Healthcare Providers. Healthcare providers contract with Refera to incorporate our Services as a component or feature of their products or services.
COLLECTION OF INFORMATION
Information You Provide to Us
We maintain user and patient Personal Information in compliance with applicable privacy and security rules and our contractual obligations with our Healthcare Providers.
When you create a user profile, we ask you to provide your job description, name, email address, mailing address, and phone number. We also collect information when you communicate with us through customer support, fill out a survey, participate in any interactive features of the Services (like send a message through the Services), give us your contact information at an event, or otherwise communicate with us. When you create a patient profile, we also ask you to provide your patients’ contact and payment information, social security number, reason for referral, medical information including medical records, medical history, payment-related information and appointment information in compliance with applicable law.
Automatically Collected Information
When you access or use our Services or transact business with us, we automatically collect information about you, including:
Transactional Information: When you make a purchase, we collect information about the transaction, such as product details, purchase price, and date and location of the transaction.
Log and Usage Information: We collect information related to your access to and use of the Services, including the type of browser you use, app version, access times, pages viewed, your IP address, and the page you visited before navigating to our Services. You may interact with our support team during the use of our Services, in which case, we would collect information about your communications.
Device Information: We collect information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, unique device identifiers, IP address and browser type, Internet service provider (ISP), mobile advertising ID, media access control (MAC) address, language preferences and location, date and time of your access to the Services, internet service provider, internet domain and host name, or referral URL, and mobile network information.
Location Information: We may also use your IP address to estimate your approximate location. For more details, please see Your Choices below.
Information Collected by Cookies and Similar Tracking Technologies: We (and our service providers) use different technologies to collect information, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits. Web beacons (also known as “pixel tags” or “clear GIFs”) are electronic images that may be used in our Services or emails and help deliver cookies, count visits, and understand usage and campaign effectiveness. For more information about cookies and how to disable them, see Your Choices below.
Information We Collect from Other Sources
For patients, we obtain information about you from your Healthcare Provider. Please refer to “Information You Provide to Us” for more details.
For users, we may also obtain information about you from other sources. For example, we may collect information about you from third parties, including but not limited to third party social media sites, but always in accordance with the authorization procedures and privacy settings you establish with such third parties. We may collect information about you from third parties, including but not limited to, mailing list providers, and publicly available sources.
USE OF INFORMATION
We use the information we collect to provide the Services to you. We also use the information we collect to:
Process your registration and related transactions for the Services, including authenticating your identity and access to the Services, and creating and managing your online account and profile;
Maintain and improve our Services;
Send you technical notices, updates, security alerts, and support and administrative messages and to respond to your comments, questions, and customer service requests;
Communicate with you about services and events offered by Refera and others, and provide news and information we think will be of interest to you (see Your Choicesbelow for information about how to opt out of these communications at any time);
Develop, enhance, and provide the Services you request or that are reasonably anticipated within the context of our ongoing business relationship, such as by completing transactions and performing our contractual obligations;
Respond to your requests and any other communications from you, including providing customer service;
Monitor and analyze trends, usage, and activities in connection with our Services;
Conduct internal research and development;
Detect security incidents and protect against malicious, deceptive, or illegal activity, including fraudulent transactions, error, negligence, and breach of contract, and to protect against harm to the rights, property or safety of Refera and our users, customers, employees or the public;
Debug, identify and repair errors that impair existing intended functionality of our Services;
De-identify your data to create Aggregate Information which we may use and disclose for any purpose;
Facilitate contests, sweepstakes, and promotions and process and deliver entries and rewards;
Carry out certain short-term activities and other reasonable internal purposes related to the products or services you purchase from us or your ongoing relationship with us; and
Comply with our legal obligations.
SHARING OF INFORMATION
We will not share data except in the following circumstances:
a. With our Service Providers. We share personal data with unaffiliated companies or individuals we hire or work with that perform services on our behalf, including customer support, practice management software vendors, software providers, web hosting, information technology, payment processing, fraud control, events, contest, sweepstakes and promotion administration, and analytics services. We only share with service providers the personal data that they need to perform services for us.
b. In Connection with a Corporate Transaction. Personal data may be disclosed or transferred as part of, or during negotiations of any purchase, sale, lease, merger, amalgamation or any other type of acquisition, disposal, securitisation or financing involving Refera.
c. With our Professional Advisors. We share personal data with our legal, financial, insurance and other advisors in connection with the kinds of corporate transactions described above or in connection with the management of all or part of Refera’s business or operations.
d. With Law Enforcement Authorities and Individuals Involved in Legal Proceedings. We disclose personal data when we believe doing so is reasonably necessary to comply with applicable law or legal process (including an enforceable request from authorities), to respond to claims (including inquiries by you in connection with your purchases from Refera), or to protect the rights, property or personal safety of Refera, our users, employees or the public.
e. With Your Consent or at Your Direction. We share personal data with third parties when we have your consent to do so. For example, if you decide to participate in certain interactive areas or features of our events or Services, such as creating a public profile and posting your goals, you consent to the disclosure of this information to other users of our websites. We may also share your personal data with third parties when you intentionally direct us to do so or when you use our Services to intentionally interact with third parties.
f. With Third Parties. We do not share Personal Information with unaffiliated companies or individuals for their own services and or marketing purposes.
We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.
ADVERTISING AND ANALYTICS SERVICES PROVIDED BY OTHERS
Refera takes reasonable measures including reasonable technical, physical, and administrative controls, designed to protect your Personal Information from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. We maintain safeguards such as data backup, audit controls, access controls, and data encryption. However, no data transmission or storage system is guaranteed to be 100% secure. If you have questions about security or possible reason to believe that your interaction with our Services is no longer secure (e.g., you feel that your account’s security may be compromised), please contact us immediately at email@example.com.
We store the information we collect on you for as long as is necessary for the purpose(s) for which we originally collected it, or for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations.
TRANSFER OF INFORMATION TO THE U.S. AND OTHER COUNTRIES
Refera is based in the United States and we process and store information in the U.S. Therefore, we and our service providers may transfer your information to, or store or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it.
You may update certain account information you provide to us at any time by logging into your account. If you wish to deactivate your account, please email us at firstname.lastname@example.org, but note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for a certain period of time.
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.
You may opt out of receiving promotional emails or text messages from Refera by following the instructions in those emails or text messages or contacting us at email@example.com. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
YOUR CALIFORNIA PRIVACY RIGHTS