Privacy Policy

This Privacy Policy (this “Policy”) describes how Gifthealth, Inc. (“Gifthealth”) collects, uses, and shares the information you provide to us when you visit our website, Gifthealth.com, or our other websites and microsites operated by or for Gifthealth, our mobile applications, and other Gifthealth platforms (collectively, our “Platforms”) and our forums, blogs, and other online offerings, when you communicate through calls, text, chat or email with us, when you interact with our Social Media Pages, and when you use our services that we provide both online and offline (“Services”). This Privacy Policy also describes your rights and choices, and how you can contact us about our privacy practices. “Social Media Pages” are the official social media pages we operate on Facebook, Instagram, Twitter, YouTube, LinkedIn and other social media platforms.

By accessing, downloading, or otherwise using our Platforms and Services, you accept and agree to be bound by this Privacy Policy in full. If you do not accept this Privacy Policy, do not access, download or otherwise use our Platform and Services.

To the extent that information collected through the Platforms and Services is Protected Health Information, as defined under the Health Insurance Portability and Accountability Act of 1996 and any regulations promulgated thereunder (“HIPAA”), Gifthealth will only access, use, or disclose such Protected Health Information as permitted by applicable federal and state laws, including HIPAA. For more information, please see our Notice of Privacy Practices.

Medical disclaimer

In case of a medical emergency, please call 911. Our Platforms are not designed to provide assistance for medical emergencies.

1. What Information Is Collected

Gifthealth collects, processes, and retains your information when you interact with our Platforms and Services.

Information that we collect from you includes:

Location: We use various technologies to learn your geographic location, by collecting your IP address or other device information, which may depend on your device’s settings for location services.
Device Information: When you visit our Platforms, interact with our Social Media Pages or online ads, or open our emails, we may learn about your IP address, browser type, device type, domain names, access times, and referring website addresses.
Demographic Information/Characteristics of protected classifications: We have access to demographic details about our customers such as ZIP code, and other similar details.
Medical Information: You may choose to provide medical information on our Platforms when you choose to receive health plan related information or other communications.
Platform Interactions: We keep track of the website and pages users visit within our Platforms in order to better understand your Platform use.
Contact Information: We may collect personal information you voluntarily provide to us including your name, email address, and phone number.
Other Identifiers: We may collect other identifiers that you provide to us, such as account name, or other similar identifiers.
Call, Chat, Text or Email Records: If you call, chat, text or email Gifthealth, we may keep records of those conversations.
Social Media Usage: We collect information about people who visit and interact with our Social Media Pages.
Submitted Content: We collect any content you submit to our Platforms and Social Media Pages, including photos, videos, or comments.
Log-In Information: We may collect log-in credentials (such as user ID and password) and security questions and answers in connection with your account.
Account Information: We collect your name, date of birth, email address, and contact information when you register for an account.
Platform and Service Communications: We collect any information you choose to include in your messages or responses when interacting with us through our Platforms and Services, including via online forums, inquiry forms, our support portal and messaging services.
Payment Information: We collect your payment information and associated contact information when you engage in transactions.
Prescription Information: We collect the standard information required to fill your prescription, such as your prescribing physician’s information, insurance information, and prescription information. We use this information in order to provide you with our prescription delivery services.
Job Applications: If you apply for employment, we have access to the content you provide such as your resume, cover letter, and any information contained therein.
Inferences: We may use any of the above information to draw inferences from these categories of information such as consumer preferences, behavior, and characteristics.
Unsubmitted Content: We may collect information that you type into search bars or other submission areas, even if you do not click submit.
Other information that we collect or you provide, such as when contacting us or through the course of visiting or using our Platforms or otherwise interacting with us, including engaging with our Social Media Pages.

2. How We Collect Your Information

We may collect the information described above directly from you, from third parties we partner with, or through cookies or other automated means. The categories of sources we collect personal information from include:

You: We collect information directly from you, whenever you: visit our Platforms; contact us with questions or comments; upload content; sign up for communications; attend events; respond to a survey; write a review; submit pictures, videos, or other testimonials; enter our contests, sweepstakes, or giveaways or contests, sweepstakes, or giveaways we are affiliated with; consent to receive our promotional emails, or communicate with us; create an account; or otherwise communicate or interact with us in any fashion.
Healthcare Professionals: We collect information about you from your health care providers.
Your Device or Browser: Certain information is automatically collected from your device or browser and analyzed when you visit our Platforms, interact with our Social Media Pages or online advertising, or open our emails.
Third Parties: We work with third parties who provide services to us such as analytics, survey providers, data suppliers, advertising companies, or other service providers. Your information may be collected and processed independently in accordance with the third party’s own privacy notices. These third parties share information they have collected with us to the extent permitted.
Social Media Platforms: Social media platforms share information with us. You can learn more about how social media platforms collect and use your information by reviewing their privacy policies and settings.
Cookies, Device Identifiers, and Similar Technologies: We use cookies (small data files stored on your device or browser), pixel tags (tiny graphic images embedded in a website or email), and other similar technologies to automatically collect information when you visit our Platforms or interact with our emails. Through the use of cookies, we may link information about your interactions with our Platforms or emails over time. Any information collected by us or by third parties through the use of cookies or similar technologies may be linked with other information we collect about you. For more information, see Use of Cookie Technologies, below.

3. How We Use Your Information

We may use your information for the following purposes:

Services: Fulfilling your requests, including, but not limited to, delivering the Services you or your healthcare provider have requested.
Advertising: To the extent you have permitted, presenting advertising online and via email, or other communication channels, including through social media platforms and internet search engines.
Understanding Our Customers: Analyzing your activity with us (including your interactions with our Platforms, Social Media Pages, and all other forms of communication, and monitoring the effectiveness of our advertising and communications. To track and display consumer behavior, such as tracking historical transactions, payments, invoices, receipts, and past order information.
Content: Serving content on our Platforms and Social Media Pages, developing and analyzing our services, and improving our customers’ experience, including but not limited to, troubleshooting customer service issues and improving site functionality and effectiveness.
Personalization: Using your preferences and other collected information to personalize our relationship with you, including presenting customized communication, advertising, and experiences on our Platforms and in a call, text, chat and email.
Research: Conducting testing, research, analysis, and development, including to develop and improve our Platforms and Services.
Business Transactions: Evaluating business transactions such as conducting a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which information held by us about you is among the assets transferred.
Communications: Communicating with you about our services and responding to your inquiries.
Security: Protecting us and our customers from fraud, security threats, and other illegal or harmful activity.
Legal Obligations: To the extent permitted by law and to comply with legal and regulatory requirements and responding to requests from courts or other government bodies.

Additionally, if you use our Platforms to connect with a third party service, you authorize us to use information from and about you, on your behalf, to interact with these third party services based on your requests.

4. With Whom the Information Is Shared

We may share your information with the following parties:

Service Providers: We partner with third parties to assist with many aspects of our business, such as sending you email or postal mail, providing customer support, arranging for deliveries, performing data services (e.g. maintenance, backup and analysis), and analyzing your interests and activity on our Platforms and Social Media Pages. These third parties may provide services related to any of the purposes described above in How We Use Your Information, and we may share with them any types of information described above in What Information Is Collected. We may also receive information collected by these third parties and combine it with the information we have collected. Your information may also be collected and processed by third parties, who will process your information independently in accordance with their own privacy notices.
Marketing Providers: We partner with third parties to assist with the advertising and marketing of our business. We may share with them the types of information described in How We Use Your Information.
Other Third Parties: We will disclose information about you, including to government bodies or law enforcement agencies, when we believe it to be necessary for compliance with the law or to protect our Platform users, our Platforms, or the public.
Parties to a Business Transaction: If Gifthealth were ever merged with or acquired by another company, or it acquires another company, or is involved in a corporate reorganization or other change in corporate control, your information could be shared with that business entity.
Internally: Gifthealth may share your information with our affiliates and subsidiaries to perform services for you.

5. Your Privacy Choices

You can control the information we collect and use in the following ways:

Location Information: You can disable location-based services on your mobile device or web browser by adjusting the settings on your device or browser. This will prevent our Platforms from accessing your location information. Note that some services may not be available if you disable location-based services.
Emails: If you want to unsubscribe from receiving promotional or commercial emails from us, you can click the unsubscribe link at the bottom of any email or email us at: privacy@gifthealth.com. We will comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing-related emails from us, we may still send you important administrative messages.
Social Media: This privacy policy does not cover the privacy and security practices of social media platforms on which we have Social Media Pages. Please review the terms, policies, and settings of those social media platforms if you have questions about how they collect and use your data.
Online Advertising: For information about opting out of third party advertising, visit: NAI Opt-Out and DAA Opt-Out (you will leave our Platforms for a separately managed online site where you can specify your preference under those programs). You can also click on the icon that may appear on some of our advertising served through these technologies. We may use more than one third party company for placing this advertising, which would require you to opt out of each company.
Cookies and Similar Technologies: You may block cookies and similar technologies in your browser or device settings, as and if permitted by such device. If you elect to block cookies from our Platform you may be unable to take advantage of some of the opportunities and online features offered by our Platforms.
Account Information: You may update, review, or correct your account information by accessing your online account via website or by contacting our support team.
Google Analytics: We use Google Analytics on our Platforms. Google uses the data collected to track and monitor the use of our Platforms. This data is shared with other Google services, and Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can opt out of Google Analytics on our Platforms by installing the Google Analytics opt out browser add-on, available here. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/.

6. How Long Information is Retained

We will retain your information to fulfill the purpose for which your information was collected and delete information, including Sensitive Data as defined by applicable state laws, in a timely manner, or as otherwise necessary to satisfy our legal obligations. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information, whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your information for research or statistical purposes in which case we may use such anonymized information indefinitely.

7. Children's Privacy

Our Platforms and Social Media Pages are intended for adults. We do not knowingly collect personal information of children under the age of 18. If we learn that we have collected the personal information of a child under 18, we will make reasonable efforts to delete that information from our records. To request deletion of personal information relating to a child under 18, please email privacy@gifthealth.com.

8. Use of Cookie Technology

When you visit or use our Platforms and Services, we and our partners may use “cookies” and other technologies to help you personalize your online experience. A cookie is a small text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. Other tracking technologies, such as pixel tags (also known as web beacons and clear GIFs), page tags, and script, may contain small transparent image files or lines of code to, among other things, track the actions of users (such as email recipients), measure the success of our marketing campaigns and compile statistics about usage of our Platforms and Services.

We may use cookies and other tracking technologies for any of the following purposes:

Site operations, including to enable features on our Platforms and Services, such as remembering your preferences, tracking the number of times you have been shown an advertisement, generating aggregate statistics about how people use our Platforms and Services, and for error management and troubleshooting.
Analytics, including to allow us to understand how our Platforms and Services are being used, track the performance of our Platforms and Services and make improvements.
Target Advertising, including to deliver tailored communications or advertising based on your preferences or interests across services and devices and measure the effectiveness of advertisements.
Social media, including to enable the sharing of content from our Platforms through social networking and other sites.

You can accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of our Platforms.

‍

9. Links To Other Websites

For your convenience, our Platforms may contain links to other websites. We are not responsible for the privacy practices, advertising, products, services or the content of such websites. Links that appear on our Platforms should not necessarily be deemed to imply that we endorse or have any affiliation with the linked Platforms. We encourage you to review the separate privacy policies of each website you visit.

10. Supported Web Browsers and Do Not Track Signals

We recommend that you use the latest web browser versions to optimize your experience. Older web browser versions may not be able to access or utilize all pages on our website as intended. We may not be able to receive or honor “Do Not Track” signals and our Platforms may continue to collect information in the manner described within this privacy notice.

11. Security

We take steps to help protect the confidentiality and security of your information. Although we use measures to protect your information, in general, information transmitted through the Internet may not be completely secure. Accordingly, we cannot guarantee the security of information provided over the Internet or stored in our databases. Your transmissions are, therefore, at your own risk and you acknowledge that: (a) there are security and privacy limitations inherent to the Internet which are beyond our control; and (b) security, integrity, and privacy of any and all information and data exchanged between you and us through our Platforms cannot be guaranteed.

12. Updates to this Privacy Policy

We reserve the right to change this Policy from time to time by posting revisions on our Platforms. Your continued use of the Platforms and/or Services after such modifications will constitute your: (a) acknowledgment of the modified Policy; and (b) agreement to abide and be bound by that Policy.

13. International Users

We are a United States based company. If you are using any of our Platforms or Services from outside the United States, please be aware that you are sending information, including personally identifiable information and data, to the United States where our servers are located. By providing us with your information, you agree to this transfer.

‍‍

14. How to Contact Us

If you have any questions about our information practices reflected in this Policy, please contact us by email privacy@gifthealth.com or by phone at (833) 614-4438.

15. Your State Privacy Rights

Residents of certain states may have rights concerning the processing and use of their personal information. The rights described herein are subject to exemptions under applicable law. For purposes of this section, the term “Personal Information” includes both “Personal Information” and “Personal Data” as defined by applicable law.

If your Personal Information is subject to a privacy law in your state, you may have certain privacy rights with regard to that information. You may have the right to:

Know, access, and confirm your Personal Information.
Delete the Personal Information we have about you, subject to exceptions under applicable law.
Correct inaccuracies in your Personal Information.
Obtain your Personal Information in a portable and readily usable format.
Opt-out of the use or processing of your Personal Information for profiling, targeted advertising, or cross-context behavioral advertising.
Opt-out of the sale or sharing of your Personal Information.

Under certain state laws, you may also have the right not to receive discriminatory treatment for the exercise of any of these privacy rights. We will not discriminate against you because you have exercised any of your rights.

Certain state laws may also provide you the right to appeal our decisions regarding your rights requests if we do not timely respond to your requests or do not take action regarding your requests. To appeal our decision with respect to your request, please contact us at (833) 614-4438. Additionally, if you are a resident of the state of California, you may have a right to pursue legal action for improper handling of your Personal Information.

Submitting a Rights Request

If you wish to exercise the rights listed above, and are a resident of a state that provides such privacy rights, you may submit a request by emailing privacy@gifthealth.com, by calling us at (833) 614-4438, or by completing our webform available at www.gifthealth.com. If you choose to submit your request via email, you must include “Privacy Rights Request” in the subject line and clearly provide us with the following information: what type of request you are making, your full name, email address, and valid residential address. You may only make one request per email.

We are required to provide you with access to your Personal Information or delete Personal Information only in response to verifiable or authenticated requests. We will compare the information you provide in your request with any information we may have in our possession in order to verify your request. We may also contact you to request additional information in relation to your request. The information you provide must match the information we have in our possession. This measure is in place to help ensure that Personal Information is not disclosed to any person who does not have the right to receive it. The information collected through this process will be used for verification purposes only. Certain state laws may limit the number of times you may make access requests in a 12-month period.

Authorized Agent

Please note that you may authorize an agent to exercise any of these rights on your behalf by contacting us by email at privacy@gifthealth.com. If you use an agent, we will take measures to verify your agent’s authorization similar to the verification described above for fulfilling any access or deletion requests. We may require more information to ensure proper verification of you and your agent’s identity and authorization.

Categories of Personal Information Collected and Disclosed

We collect the categories of Personal Information described in What Information Is Collected, and we share Personal Information with the parties listed in With Whom the Information is Shared. For more information about the purposes for which we disclose Personal Information, see How We Use Your Information.

Sources of Personal Information

We may collect your information from the categories of sources listed under How We Collect Your Information.

Categories of Personal Information Sold

We may disclose your Personal Information for the following purposes, which are not a sale: (i) for reasons mentioned above; (ii) if you direct us to share Personal Information; (iii) to comply with your requests under applicable law; and (iv) as otherwise required or permitted by applicable law.

We do not sell your Personal Information.

Categories of Personal Information Shared for Cross-Context Behavioral Advertising, Profiling, or Targeted Advertising

We may use any of the categories of Personal Information listed under What Information Is Collected for purposes of cross-context behavioral advertising, profiling, or targeted advertising.

Deletion Rights

You may request that we delete your Personal Information that we have collected directly from you. Under applicable law, we may decline to delete your Personal Information under certain circumstances, for example, if we need the Personal Information to complete transactions or provide services you have requested or that are reasonably anticipated, for security purposes, for internal business purposes (including maintaining business records), to comply with law, or to exercise or defend legal claims. Note also that we are not required to delete your Personal Information that we did not collect directly from you. We require a reasonable or high degree of certainty that the requester is the consumer for which a deletion request is applicable, depending on the sensitivity of the Personal Information.

Sensitive Data and Sensitive Personal Information

To the extent that you, or your healthcare provider, provide personal health information to us, or to the extent we use your information to determine your past, current, or future health status or diagnosis, such health-related information may constitute Sensitive Data or Sensitive Personal Information (as those terms are defined under applicable privacy law). We will not use your Sensitive Personal Information or Sensitive Data for any purpose other than that use which is necessary to perform the services or provide the products requested by you.

We will not process your Sensitive Data or Sensitive Personal Information (as those terms are defined under applicable privacy law) without your prior consent. We do not sell your Sensitive Data or Sensitive Personal Information or share your Sensitive Data or Sensitive Personal Information for purposes of cross context or behavioral advertising.

California Specific Disclosures

Categories of Personal Information Collected and Disclosed for a Business Purpose

We collect and disclose the categories of Personal Information that are indicated in the chart below. Note that the specific pieces of Personal Information we collect about you may vary depending on the nature of your interactions with us and may not include all of the examples listed.

Category of Personal Information Collected

Business Purposes for Collection, Use, and Disclosure

Identifiers (such as your name, address, email address, birthdate, online identifiers, or other similar identifiers)

Respond to your requests
Provide our Platforms and Services to you
Manage web traffic
Guide decisions about our Platforms, Services, tools, and communications
Prevent, detect, and investigate fraud, security breaches, and potentially prohibited or illegal activities
Comply with applicable laws and regulations

Records Information (such as your name, signature, Social Security number, address, telephone number, passport number, driver’s license or state identification card number, education, employment, employment history, bank account number, and credit or debit card)

Respond to your requests
Provide our Platforms and Services to you
Prevent, detect, and investigate fraud, security breaches, and potentially prohibited or illegal activities
Comply with applicable laws and regulations

Characteristics of protected classifications (such as your age, gender or race and ethnicity)

Respond to your requests
Provide our Platforms and Services to you
Personalize your experience by providing content through our Platforms
Inform our marketing practices

Commercial information (such as records of the services you have purchased, obtained, or considered)

Provide our Platforms and Services to you
Personalize your experience by providing content through our Platforms
Comply with applicable laws and regulations
Inform our marketing practices

Internet or other electronic network activity information (such as your IP address, device identifiers, device advertising identifiers, mobile network, operating system details, language preferences, referring URLs, length of visits, anonymous traffic data, pages viewed, and information regarding interactions with our services or advertisements)

Enhance your experience with our Platforms by remembering your preferences from a previous use of our Platforms
Guide decisions about our Platforms, applications, services, tools, and communications
Operations
Prevent, detect, and investigate fraud, security breaches, and potentially prohibited or illegal activities
Comply with applicable laws and regulations

Professional or employment-related information

Consider you for employment
Prevent, detect, and investigate fraud, security breaches, and potentially prohibited or illegal activities
Comply with applicable laws and regulations

Inferences used to create a profile reflecting your preferences, characteristics, and behavior

Inform our marketing practices
Guide decisions about our Platforms, Services, tools, and communications
Analytics
Comply with applicable laws and regulations

Sensitive Personal Information

Respond to your requests
Provide our Services to you

We may also collect Personal Information about you that does not directly fit within one of the categories listed above, which information is described in What Information Is Collected.

We share Personal Information about you with the parties listed in With Whom the Information is Shared for business purposes, such as operational purposes and other purposes related to providing you with the services you seek from us. For more information about the business purposes for which we disclose Personal Information, see How We Use Your Information.

California’s Shine the Light Law

We do not share Personal Information as defined by California Civil Code Section 1798.83 (“Shine the Light Law”) with third parties for their direct marketing purposes absent your consent. If you are a California resident, you may request information about our compliance with the Shine the Light Law by contacting us by using the Contact information at Contact Us. Any such request must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per individual each year, and we are not required to respond to requests made by means other than as provided herein.

‍