WEB AND MOBILE PRIVACY POLICY

Rheumatologist OnCall and its affiliates and/or wholly owned subsidiaries (collectively referred to as “Rheumatologist OnCall,” “we,” “us,” or “our”), makes certain rheumatology-related information and services available to you and/or facilitates your access to specialized rheumatology, chronic autoimmune condition management, and second opinion services (“Rheumatologist OnCall Services”).

This Privacy Policy applies to visitors of the following publicly available website: https://rheumatologistoncall.com/ and any related publicly accessible domains or mobile applications owned and operated by Rheumatologist OnCall (collectively, the “Websites”). For the purposes of this Privacy Policy, “you” and “your” means you as the visitor of the Websites.

Scope of this Web and Mobile Privacy Policy

This Privacy Policy describes the types of Personal Information we collect from visitors of our public Websites and our practices for using, maintaining, sharing, and protecting it. It also describes the rights and choices you may have with respect to your Personal Information and how you may contact us.

This Privacy Policy does not apply to information collected from visitors who register and log in (“Members”) to the password-protected and secure portions of our sites, including login and registration pages (“Secure Platforms”).

The Secure Platforms allow eligible Members to use Rheumatologist OnCall Services.

All information collected and stored by Rheumatologist OnCall or added by our Members into such Secure Platforms is considered Protected Health Information (“PHI”) and/or medical information and is governed by applicable laws, including the Health Insurance Portability and Accountability Act (HIPAA). How Rheumatologist OnCall uses and discloses such PHI is in accordance with the Rheumatologist OnCall Notice of Privacy Practices.

Please review our Notice of Privacy Practices to understand how we use and disclose PHI, including data. Rheumatologist OnCall will not use or disclose PHI information for advertising, marketing, or other use-based data mining purposes and will not combine it with other data or sell it. However, technology required and/or data collected to make those or similar connections are subject to this Privacy Policy.

This Privacy Policy also does not apply to collecting and using certain employment-related information. If you are a current or former Rheumatologist OnCall job applicant, employee, owner, director, officer, or contractor, please get in touch with us at contact@rheumatologistoncall.com for the appropriate notice.

California and Virginia residents should read the information available below about the categories of personal information to be collected from them and the purposes for which the personal information will be used.

This Privacy Policy is not a contract and does not create any contractual rights or obligations.

TYPES OF PERSONAL INFORMATION WE COLLECT

While using our Websites, you may provide us with certain information about yourself. We or our advertising partners may also automatically collect information through the use of cookies and other tracking technologies (see below).

Personal Information collected through your use of the Websites may include IP Address, Device ID, and online identifier. We may use that Personal Information and link it to the Internet or other electronic network activity information, and we may draw inferences about you from the information we collect. We may also collect your name, title, business contact information, phone number, date of birth, state, country, zip code, your health plan, email address or login identification information only if you provide such information directly to us when you begin registration to use a Secure Platform or complete a web form seeking more information. If you are a member, this may be considered PHI and governed by our Notice of Privacy Practices and not this Privacy Policy.

HOW WE COLLECT PERSONAL INFORMATION

We may collect Personal Information using the following methods:

• Directly from you when you provide it to us (such as information you enter into web forms, inquiries, responses, activity on the Websites, and during registration to use a Secure Platform).
• From third parties, such as analytics and email marketing service providers.
• Automatically through tracking technologies such as cookies, web beacons (also known as pixels), and log files, including over time and across our own and third-party websites or other online services.

“Cookies” are small files that a website stores on a user’s computer or device. The Websites may use cookies for various purposes, including to keep the information you enter on multiple pages together. Some of the cookies we use are “session” cookies, meaning that they are automatically deleted from your hard drive after you close your browser at the end of your session. Session cookies are used to optimize the Websites’ performance and limit the amount of redundant data downloaded during a single session. We may also use “persistent” cookies, which remain on your computer or device unless deleted by you (or by your browser settings). We may use persistent cookies for various purposes, such as statistical performance analysis to ensure the’ ongoing quality of our services. We and third parties may use session and persistent cookies for analytics and advertising, as described herein. Most web browsers automatically accept cookies, but you may set your browser to block certain cookies (see below). As required under applicable laws, we will obtain your consent to utilize cookies or similar tracking technologies.

Our Websites may use Google Analytics, a vendor’s service that uses cookies, web beacons, web pixels and/or similar technology to collect and store information about you. You can learn more about Google Analytics’ privacy policy and ways to opt out of Google Analytics tracking by visiting Google Analytics’ website.

Our Websites may use Adobe’s analytics and on-site personalization services, which use cookies, web beacons, web pixels, and/or similar technology to collect and store information about you or your device or browser. You can learn more about how Adobe may handle information collected through our services and your options for controlling this activity by visiting Adobe’s website.

HOW WE USE YOUR INFORMATION

We may use your Personal Information for the following purposes:

• Operate, maintain, supervise, administer, and enhance the Websites, including monitoring and analyzing the effectiveness of content on the Websites, aggregating site usage data, and other usage of the Websites, such as checking your eligibility and assisting you in completing the registration process.
• We aim to provide you with a tailored and user-friendly experience as you navigate our Websites, as well as promote and market our Websites to you.
• To complete the activity you specifically requested, e.g., register on a Secure Platform, obtain more information, request a demo, or request an RFP.
• Conduct research on users’ demographics, interests, and behavior based on information provided using our Websites. o Aggregate information for analytics and reporting.
• Respond to law enforcement requests and court orders and legal process and carry out our legal and contractual obligations and enforce our rights.
• Authenticate use, detect potential fraudulent use, and otherwise maintain the security of the Websites and users’ safety.
• Develop, test, improve, and demonstrate the Websites. o Any other purpose with your consent.

HOW WE SHARE YOUR INFORMATION

We may share Personal Information with third parties, including service providers, in certain circumstances or for certain purposes, including:

• For business purposes. We may share your Personal Information with vendors and service providers, including our data hosting and data storage partners, analytics and advertising providers, technology services and support, and data security. We may also share Personal Information with professional advisors, such as auditors, law firms, and accounting firms. We may disclose your name, email address, date of birth, phone number, and address if you provided it to us via a form on the website or during an incomplete or failed registration to Service Providers.
• If you request it or direct us to do so, we may share your personal information with third parties with your direction or consent. This includes your use of social media widgets on our Websites.
• With affiliates within our corporate group, we may share your Personal Information with any subsidiaries or affiliates within our corporate group.
• Compliance with law. We may share your Personal Information to comply with applicable law or any obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries.
• In the context of a transaction. We may share your Personal Information in connection with an asset sale, merger, bankruptcy, or other business transaction.
• For other business reasons. We may share your Personal Information to enforce any applicable Legal Disclaimer, and to ensure the safety and security of the Websites and/or our users.
• For advertising. Using cookies and web beacons, we may disclose Personal Information regarding your activity on our Websites to third-party advertising partners to optimize marketing. See Section 7 for additional details.

We may also disclose de-identified information. Note that if you make any Personal Information publicly available on the Websites, anyone may see and use such information.

SOCIAL FEATURES

Certain features of the Websites permit you to initiate interactions between the Websites and third-party services or platforms, such as social networks (“Social Features”). Social Features include features that allow you to click and access Rheumatologist OnCall pages on certain third-party platforms, such as Facebook, Instagram, Youtube, Twitter and LinkedIn as applicable, and from there to “like” or “share” our content on those platforms. Use of Social Features may entail a third party’s collection and/or use of your data. If you use Social Features or similar third-party services, information you post or otherwise make accessible may be publicly displayed by the third-party service you use. Both Rheumatologist OnCall and the third party may have access to information about you and your use of both the Websites and the third-party service. Rheumatologist OnCall has no control over and is not responsible for the privacy practices of such third parties. This Privacy Policy does not apply to the extent Rheumatologist OnCall does not own or control any linked websites or features you visit or use. We recommend that you familiarize yourself with the privacy practices of those third parties.

THIRD-PARTY WEBSITES AND LINKS

Our Websites may contain links to other online platforms operated by third parties. We do not control such other online platforms and are not responsible for their content, their privacy policies, or their use of your information. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms (such as Facebook, Instagram, YouTube, LinkedIn or Twitter or other social media platforms) may also be viewable by other users of the Websites and/or users of those third-party online platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators except as disclosed on the Websites. We expressly disclaim any and all liability for the actions of third parties, including but without limitation to actions relating to the use and/or disclosure of Personal Information by third parties. Any information you submit directly to these third parties is subject to that third party’s privacy policy.

COOKIES AND INFORMATION USED FOR ADVERTISING

As discussed above, on our Websites, we may collect and disclose Personal Information about your online activities for use in providing you with advertising about products and services tailored to your individual interests. This section of our Privacy Policy provides details and explains how to exercise your choices. You may see certain ads on other websites because we participate in advertising networks. Ad networks allow us to target our messaging to users through demographic, interest-based and contextual means. These networks track your online activities over time by collecting information through automated means, including through the use of cookies, web server logs, and web beacons (also known as pixels). The networks use this information to show you advertisements that may be tailored to your individual interests. The information our ad networks may collect includes information about your visits to websites that participate in the relevant advertising networks, such as the webpages or advertisements you view and the actions you take on the websites. This data collection takes place both on our Websites and on third-party websites that participate in the ad networks. This process also helps us track the effectiveness of our marketing efforts.

You may disable or delete browser cookies through your browser settings. Cookies generally are easy to disable or delete, but the method varies between browsers. If you disable or delete cookies or run third-party software that intercepts or deletes cookies, please note that some parts or functionality of our Websites may not work properly. Each type of web browser offers ways to restrict and delete cookies. For more information on how to manage cookies, visit the appropriate link below.

Microsoft Internet Explorer

Microsoft Edge

Mozilla Firefox

Google Chrome

Apple Safari

You can opt out of third parties collecting your Personal Information for targeted advertising purposes in the United States by visiting the National Advertising Initiative’s (NAI) opt-out page and the Digital Advertising Alliance’s (DAA) opt-out page.

Your browser settings also may allow you to transmit a “Do Not Track” signal when you visit various websites. Some of the Websites may not be configured to respond to “Do Not Track” signals received from browsers. To learn more about “Do Not Track” signals, you can visit here.

Finally, Rheumatologist OnCall maintains a cookie preference center, which allows you to customize your cookie preferences when visiting the Websites. If you have further questions regarding the specific information about you that we process or retain, as well as your choices regarding our collection and use practices, please contact us using the information listed below.

CHILDREN’S PRIVACY

Our Websites are not intended for children under 13 years of age, and we do not knowingly collect or sell Personal Information from children under 13. If you are under 13, do not use or provide any information on these Websites without your parent first providing consent.. If you are the parent or guardian of a child under 13 years of age whom you believe might have provided us with their Personal Information, you may contact us using the below information to request that it be deleted.

SECURITY OF PERSONAL INFORMATION

We take steps to secure Personal Information through administrative, technical, and physical safeguards designed to protect against the risk of accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use. Unfortunately, we cannot guarantee the security of information transmitted through the Internet, and where we have given you (or where you have chosen) a password, you are responsible for keeping this password confidential.

RETENTION OF PERSONAL INFORMATION

We generally retain records only as long as necessary and as required for our business operations, for archival purposes, and/or to satisfy legal requirements. When determining the appropriate retention period for Personal Information, we consider various criteria, such as the amount, nature, and sensitivity of the Personal Information; potential risk of harm from unauthorized use or disclosure; purposes for which we process your Personal Information; whether we can achieve those purposes through other means; and business operations and legal requirements. Because we maintain our Websites to protect from accidental or malicious loss and destruction, residual copies of your Personal Information may be retained in our backup and archival systems for a limited period of time, after which the information will be automatically deleted or put beyond use where deletion is not possible.

INTERNATIONAL USERS

The Websites are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. Any information you provide to us through use of our Websites may be stored and processed, transferred between and accessed from the United States and other countries that may not guarantee the same level of protection of personal data as the one in which you reside. However, we will handle your Personal Information in accordance with this Privacy Policy regardless of where your Personal Information is stored/accessed.

NOTICE TO CALIFORNIA AND VIRGINIA RESIDENTS

If you are a California resident, certain Personal Information that we collect about you is subject to the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

If you are a Virginia resident, certain Personal Information that we collect about you is subject to the Virginia Consumer Data Protection Act (VCDPA).

Please note that these laws may not apply to, among other things,

• Information that is lawfully made available from federal, state, or local government records; Protected health information that is collected by a covered entity or business associate governed by HIPAA; or

• Medical information is maintained by a health care provider governed by California’s Confidentiality of Medical Information Act (CMIA).

Collection of Personal Information

We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household—this type of information is referred to as “Personal Information,” and includes personal information as defined by CCPA/CPRA as well as personal data as defined by the VCDPA.

Personal Information does not include de-identified or aggregate information; publicly available information that is lawfully made available from federal, state, or local government records; and information covered by certain sector-specific privacy laws. Rheumatologist OnCall collects the following categories of Personal Information about consumers (and to the extent such Personal Information is subject to the CCPA/CPRA, these categories were collected in the preceding 12 months):

• Identifiers, Internet Protocol (IP) address, online identifier, device identifier. We may collect your name, email address, date of birth, phone number, and address only if you provided it to us via a form on the website or during an incomplete or failed registration. o Commercial information, business contact information if you have provided it to us via a form (such to register for services, obtain more information, request a demo, request an RFP) on the website, including name, company name, physical address, email address, telephone, and fax number; information on actions taken on our Websites, which may include information about Websites considered and information about preferences and behavior that we collect on our Websites or purchase from third parties in order to target consumers for digital advertisements or to personalize content we deliver on our Websites.
• Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with the Websites, applications, or advertisements.

Rheumatologist OnCall does not collect or share Personal Information on the Websites from anyone under 16. Rheumatologist OnCall does not collect Sensitive Personal Information, as those terms are defined under the CCPA/CPRA and the VCDPA, of consumers who visit our public Websites.

Rheumatologist OnCall collects Personal Information from the following categories of sources:

• Directly and indirectly from you, including through your interaction with the Websites o Social media platforms
• Third-party partners, such as analytics or marketing providers
• Automatically through tracking technologies. Please note that if you have enabled a Global Privacy Control on your browser, our Websites are configured to recognize and respect those preferences with respect to Personal Information that falls under the CCPA/CPRA. We may use your Personal Information for the following purposes:
• Operate, maintain, supervise, administer, and enhance the Websites, including monitoring and analyzing the effectiveness of content on the Websites, aggregate site usage data, and other usage of the Websites such as checking your eligibility and assisting you in completing the registration process. – Provide you with a tailored and user-friendly experience as you navigate our Websites.
• Promote and market our Websites to you.
• To complete the activity you specifically asked for, e.g., register on a Secure Platform, obtain more information, request a demo, or request an RFP.
• Conduct research on users’ demographics, interests, and behavior based upon information provided during use of our Websites. o Aggregate information for analytics and reporting.
• Respond to law enforcement requests and court orders and legal process and carry out our legal and contractual obligations and enforce our rights.
• Authenticate use, detect potential fraudulent use, and otherwise maintain the security of the Websites and safety of users.
• Develop, test, improve, and demonstrate the Websites. o Any other purpose with your consent.

Rheumatologist OnCall will retain and/or archive Personal Information for a period of time no longer than required by applicable law or no longer than is necessary and proportionate to achieve purposes compatible with the context in which the Personal Information is collected. Rheumatologist OnCall will not further process Personal Information in a manner incompatible with the purposes noted above.

Disclosure of Personal Information in the Preceding 12 Months

Rheumatologist OnCall discloses Personal Information with the following categories of third parties and has disclosed the following categories of Personal Information for a business purpose, for commercial purposes, to comply with the law, in the context of a transaction, or for other business reasons:

Personal Information Third Parties Identifiers—–We may disclose IP address, device ID, or online identifier to service providers, advertising networks, internet service providers, and/or data analytics providers. We may disclose your name, email address, date of birth, phone number, and address if you provided it to us via the form on the website or during an incomplete or failed registration to Service providers. We may engage in delivering online advertising that is tailored to your interests using analytics and/or targeting cookies; however, we do not disclose your name, address, or phone number. Before using analytics and/or targeting cookies, the Websites deploy a banner seeking your consent, or opt-in, to the use of such cookies.

Commercial information—-     Service providers

Internet or other electronic network activity information—— Service          providers, advertising networks, internet service providers, and/or data analytics providers

To the extent such Personal Information is subject to the CCPA/CPRA, these disclosures occurred in the preceding 12 months.

You may have the following rights regarding your Personal Information maintained by Rheumatologist OnCall :

• Request to know and access the Personal Information we collect, use, and disclose; o Request deletion of Personal Information; o Request to Opt-out of the sale or sharing of Personal Information; o Right to Limit Use and Disclosure of Sensitive Personal Information and
• Not receive discriminatory treatment by Rheumatologist OnCall for exercising these rights.

The rights described below are limited to those provided under the CCPA/CPRA and VCDPA to the applicable residents of those states. The specific rights may vary based on whether the CCPA/CPRA or VCDPA applies, and should you have any questions regarding your rights, please contact us as per the information in Section 14.

Requests to Know and Access

You may have the right to request that we disclose to you the following information:

• Categories of Personal Information that Rheumatologist OnCall has collected about you, disclosed about you for a business purpose, or sold or shared;
• Categories of sources from which the Personal Information is collected;
• Categories of third parties with whom Rheumatologist OnCall shares or to whom Rheumatologist OnCall sells Personal Information;
• The business or commercial purpose for collecting and selling Personal Information; and
• Specific pieces of Personal Information that Rheumatologist OnCall has collected about you.

Instructions for submitting a verifiable request are provided below. You may only make a request for access twice within a 12-month period.

Requests to Delete

You may have the right to request that we delete Personal Information associated with you, subject to applicable law and certain exceptions. Instructions for submitting a verifiable request are provided below.

Request to Correct Inaccurate Personal Information

You may have the right to request that Rheumatologist OnCall corrects inaccurate Personal Information. Instructions for submitting a verifiable request are provided below.

Requests to Opt Out of the Sale or Sharing of Your Personal Information

You may have the right to submit a request to opt out of any sale or sharing of your Personal Information or the processing of your Personal Information for purposes of targeted advertising. However, Rheumatologist OnCall does not sell your Personal Information and does not use or share Personal Information collected from users of our public websites to engage in targeted advertising unless you have opted in to such use. And, in the last 12 months, Rheumatologist OnCall has not “sold” or “shared” Personal Information (as those terms are defined under the CCPA/CPRA). Instructions for submitting a verifiable request are provided below.

How to Exercise Your Rights

To submit a request to exercise any of your rights, email our Privacy Officer at [email protected] or call our office number listed at 650-525-4404.

As required under applicable law, we must take steps to verify your request before we can provide you with personal information, delete It, or otherwise process your request. To verify your request, we may require you to provide your name, physical address, email address, contact information, and information about your account or previous transactions with us. If you have only visited our public Websites and did not provide any Personal Information to us via a web form or through the registration process, we will need you to provide us with your IP address or device ID in order for us to determine if we have that information. We will not be able to determine if we have your IP address or device ID from your name, physical address, email address, contact information, or account information.

We will further verify and respond to your request in a manner consistent with applicable law, considering the type and sensitivity of the Personal Information subject to the request. We may need to request additional Personal Information from you, such as your date of birth or government identifier, to protect against fraudulent requests.

We will deliver Personal Information that we are required by law to disclose to you in the manner required by law within 45 days after receipt of a verifiable request, unless we notify you that we require additional time to respond, in which case we will respond within such further period of time required by law. We may deliver the Personal Information to you electronically or by mail at your option. If electronically, we will deliver the information in a portable and, to the extent technically feasible, in a readily useable format that allows you to transmit the information from one entity to another without hindrance.

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may designate an authorized agent to request any of the above rights on your behalf. You may make such a designation by providing the agent with written permission, signed by you, to act on your behalf. Your agent may contact us by the information provided in the “How to Contact Us” section below to make a request on your behalf. Even if you choose to use an agent, we may, as permitted by law, require verification of the agent’s authorization to act on your behalf, require you to confirm you have authorized the agent to act on your behalf, or require you to verify your own identity.

Right to Nondiscrimination

You have the right to be free from discriminatory treatment for exercising the privacy rights conferred by applicable law, including not being: denied goods or services; charged different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; provided a different level or quality of goods or services; or suggested that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

UPDATING THIS PRIVACY POLICY

This Privacy Policy may be updated periodically to reflect changes in our privacy practices. You are responsible for reviewing the Privacy Policy from time to time to view any such changes.

14.  HOW TO CONTACT US

Should you have any questions about our privacy practices or this Privacy Policy, please email us at [email protected].

Accessibility Statement

Rheumatologist OnCall is committed to ensuring digital accessibility for people of all abilities. If you are having difficulty viewing or navigating the content on this website, or notice any content, feature, or functionality that you believe is not fully accessible to people with disabilities, please email us at us at [email protected] and provide a description of the specific feature you feel is not fully accessible or a suggestion for improvement. We take your feedback seriously and will consider it as we evaluate ways to accommodate all of our customers and our overall accessibility policies.