Effective Date: May 20, 2019
This Privacy Policy (“Policy”) describes the data collected (“Collected Data”) by or on behalf of Harrow Health, Inc. (“ImprimisRx,” “we,” “us,” or “our”) and its vendors through this website (“Site”), and how Collected Data is used and shared. If you have questions or concerns about this Policy, please contact us.
By using the Site or placing any order, you agree on behalf of yourself and any organization that you represent (together, “you”) that you have read and understand this Policy. We may modify this Policy at any time. All changes will be effective immediately upon posting to the Site. Material changes will be conspicuously posted on the Site or otherwise communicated to you. By using the Site after changes are posted, you agree to those changes.
We Collect Data You Provide
Protected Health Information. To the extent that Collected Data is Protected Health Information (“PHI”) as that term is defined under the Health Insurance Portability and Accountability Act of 1996 and any regulations promulgated thereunder (“HIPAA”), that data is governed by ImprimisRx’s HIPAA Privacy Policy, and not this Privacy Policy. Unless specifically stated otherwise, references to Collected Data in this Privacy Policy do not include PHI. We protect PHI and will only use or disclose it as required or permitted by applicable federal and state laws, including HIPAA, and in accordance with any contractual obligations that we may have with your health care provider. It may be necessary for us to share PHI with third parties, including vendors that we engage to provide services in connection with the Site. If we share PHI with any third party, we will share only the minimum necessary data to enable the third party to provide the services for which we have engaged them, and we will ensure that third party agrees to use and disclose PHI only as required or permitted by applicable federal and state laws, including HIPAA. For additional information about how we may use or disclose your PHI and your associated rights, please refer to our HIPAA Privacy Policy.
Personal Information. If you elect to provide information that personally identifies you (“Personal Information”) such as your name, email, mailing address, phone number, or payment data, we will collect, use, and share it pursuant to this Policy and applicable law.
Personal Information is required to use certain Site features, for example, to create online accounts, purchase products or services, contact us via email, phone, or our Contact Us form (where we may retain your message’s content and our response), submit job application materials, receive or request data from us (e.g., newsletters or order status), and respond to communications from us (e.g., surveys and promotional offers).
Order & Payment Data. To make purchases through the Site, you must submit your name, credit or debit card type, number, expiration date, security code, and billing address. All credit and debit card data is provided directly to our PCI-compliant third-party payment processor. We do not directly access, handle, or store your credit or debit card data. We may keep a record of your purchases. We store your payment card’s last four digits and tie that data to your account to facilitate future orders.
Marketing Communications; Opt Out. To subscribe to our email newsletter, you must (1) identify yourself as a patient, healthcare provider, payor, potential investor, or other, (2) note if you are interested in ophthalmology, optometry, integrative medicine, or other, (3) submit your email address, and (4) check the box that you would like to subscribe to the email newsletter. To request marketing materials, you must submit your name, clinic/surgery center name, email address, phone number, and mailing address. We use this data to send you promotional and other electronic and hardcopy communications. We may use third-party providers to deliver communications to you. You may opt out of such emails by using the unsubscribe link in the email or contacting us at info@imprimisrx.com with “Unsubscribe” in the subject line. To opt out of other communications (e.g., postal marketing and telemarketing), please contact us. Opting out of marketing communications does not opt you out of communications about your account or transactions.
Job Application Materials. To submit job application materials, you will be redirected to our online job applications portal, which is hosted by ADP. All data related to job applications is submitted directly to ADP and will be shared with us. We encourage you to review ADP’s terms and privacy policy. If you submit job application materials, we may use the contents to evaluate your qualifications and respond to you. Submission of materials does not require us to review them or consider you for employment.
Data Automatically Collected
Account Activity. We will collect data about how you use (i) your online account, and (ii) the Site when you are logged into your account.
IP Addresses, Cookies, & Similar Tracking Technologies. When you use the Site, we and our Site vendors use technologies such as cookies (i.e., small pieces of data stored on your device’s hard drive by your browser), web beacons, pixel tags, and similar technologies to automatically collect internet protocol addresses assigned to the computers and other devices you use, your internet service provider, device ID number, approximate geographic location, browser type, Site pages visited, websites you access before and after visiting the Site, and data related to how and when you use the Site (e.g., date and time stamps, clickstream data, and data about search terms and websites that direct you to the Site). We may combine this Collected Data with other Collected Data (including Personal Information) and data obtained from third parties.
The Site may use session, persistent, and flash cookies (local stored objects) to collect and store data about your preferences and navigation to, from, and on our Site. Session cookies are used to complete transactions and for other purposes such as counting visits to certain webpages. Session cookies are eliminated when you exit your browser. Persistent cookies may be stored on your computer by your browser. When you log in, persistent cookies tell us if you have visited the Site before or if you are a new visitor.
Flash cookies differ from browser cookies regarding the amount and types of data collected and how the data is stored. Cookie management tools provided by your browser will not remove and cannot manage Flash cookies. To learn about managing your Flash cookie settings, visit the Flash player settings page on Adobe’s website here.
Most browsers automatically accept cookies. You can disable this function, but disabling cookies may impact your use and enjoyment of the Site.
Analytics. We may occasionally enable and implement various analytics tools, such as Google Analytics, which is an analytics tool provided by Google to collect and process Collected Data consisting of certain telematics about your use of the Site. Google sets and reads cookies to collect such Collected Data and your web browser will automatically send such Collected Data to Google. Google uses this data to provide us with reports that we use to improve the Site’s structure and content.
We may occasionally enable and implement additional add-on services to Google Analytics, such as Demographics and Interest Reporting. Demographics and Interest Reporting uses cookies to collect data about our Site traffic by tracking users across websites and across time to provide us with analytics on our user base.
To learn more about how Google uses data, visit Google’s Privacy Policy and Google’s page on “How Google uses data when you use our partners’ sites or apps.” You may download and install the Google Analytics Opt-out Browser Add-on for each web browser you use. Using the Google Analytics Opt-out Browser Add-on does not prevent the use of other analytics tools. To learn more about Google Analytics cookies, visit Google Analytics Cookie Usage on Websites.
Social Media. We are active on social media, including Facebook, Twitter, YouTube, and LinkedIn (“Social Media”). You may comment on Social Media regarding ImprimisRx and our products and services.
Anything you post on Social Media is public information and will not be treated confidentially. We may post (or re-post) on the Site and our Social Media pages any comments or content that you post on our Social Media pages. You agree to hold ImprimisRx and its affiliates harmless and without liability for the results of any and all content you post on ImprimisRx’s Social Media.
Your use of Social Media is governed by the privacy policies and terms of the third parties that own and operate those websites and not by this Policy. We encourage you to review those policies and terms.
The Site may use advertising networks and services offered by Social Media to deliver advertising content. Use of these services requires Social Media to implement cookies or pixel tags to deliver ads to you while you access the Site.
Videos; Embedded Content. The Site may contain videos and embedded content provided by ImprimisRx or third parties, including visible content and/or feeds scripts embedded in the Site’s code. ImprimisRx and such third parties may collect data about how you interact with such content. By watching the videos and interacting with such content, you agree to the collection and use of such data.
Data from Other Sources. We may obtain data about individuals from various third-party companies and public sources and we may combine that data with Collected Data. This enhances our existing data about our users and customers (e.g., adding address data) and improves our marketing efforts.
How We Use & Share Collected Data
Beyond the uses and sharing described above, ImprimisRx and its vendors may use and share Collected Data (including Personal Information) as described below. We do not sell or rent Collected Data except as stated in this Policy and as permitted by applicable law.
Purpose Collected & Communication with You. We use and share Collected Data for the purpose for which it was collected. For example, if you place an order through the Site, we use Collected Data to communicate with you regarding your order. If you contact us for support or assistance, we may use Collected Data to contact you and assist you with your request. We may use Collected Data to notify you of Site changes (e.g., changes to our Terms of Use or this Policy), and if you opt in, to send you marketing communications.
Affiliates, Vendors, & Other Partners. We may share Collected Data with our affiliates, third-party vendors, service providers, suppliers, consultants, agents, distributors, and other partners (including Site management and hosting, payment processing, online storefronts, marketing and public relations, communications providers, and email services) that provide data processing services to us (e.g., to support the delivery of, provide functionality on, or help to enhance the security of the Site or our products and services) or otherwise process Collected Data for purposes described in this Policy or communicated to you when we collect such data. The parties described in this paragraph are authorized and may use and disclose Collected Data as needed to provide the applicable services to us and as provided by their own privacy policies.
Detection and Prevention of Fraud. We may use Collected Data and share it with third party vendors to help detect and prevent potential fraudulent transactions.
Aggregated Data. We may use Collected Data to create anonymous aggregate data. We may use and share such aggregate data with our affiliates, vendors, and other third parties to: (1) analyze, develop, and improve the content, products, and services that we make available, (2) inform business strategies, (3) understand the Site’s demographics and user preferences, (4) customize promotional emails and users’ Site experience, and (5) for other lawful purposes.
Security & Protection of Rights. We may use Collected Data and share it with third parties if we believe it is needed to operate the Site or to protect our rights or the rights of others, including sharing data needed to identify, contact, or bring legal action if our contracts, terms, or policies are violated or if required by law.
Business Transactions. All Collected Data is exclusively our property. If we undergo a change or contemplated change in control, acquisition, merger, reorganization, or asset sale, all Collected Data may be transferred, sold, shared, or otherwise shared with potential and actual successors, which will be bound by this Policy as it applies to Collected Data.
With Your Consent. With your consent, we may use or share Collected Data in ways not specifically described in this Policy.
Children
We are committed to protecting children’s privacy. The Site is not directed at children under 13 years of age. We do not knowingly collect, use, or share data from children under 13. If a parent or legal guardian learns their child provided us with Personal Information without his or her consent, please contact us.
Data Security
We use commercially reasonable technical and organizational measures to help secure all Collected Data against loss, misuse, and alteration. While we cannot guarantee it, we use industry-standard protections to help safeguard against such occurrences. If a breach of our systems occurs, we will notify you of the breach only if and as required under applicable law.
You understand that no data transmission over the internet or a mobile device can be guaranteed to be 100% secure. While we strive to protect your Personal Information, we do not guarantee the security of Personal Information and you provide Personal Information at your own risk.
Access from Outside the United States
This Site is operated and maintained by Imprimis Pharmaceuticals, Inc. from the United States and is intended solely for a United States audience. If you access the Site from outside the United States, please be aware that Collected Data will be transferred to, stored in, and processed in the United States. U.S. data protection and related laws may not be as comprehensive as those from where you access the Site.
Third-Party Websites
The Site may link to, or be linked to, websites not controlled by us. We are not responsible for third-parties’ privacy policies or practices. This Policy does not apply to any third-party websites or to any data that you provide to third parties. You should read the privacy policy for each website that you visit.
Access & Update Your Personal Information
To access or update your Personal Information as it exists in our records, please visit any accounts you have created (if applicable) or contact us using the information below.
Contact Us
If you have questions or concerns regarding this Policy, contact us at:
ImprimisRx Corporate Headquarters
12264 El Camino Real, Suite 350
San Diego, CA 92130
Phone: 844.446.6979
Fax: 858.345.1745
info@imprimisrx.com
California Consumer Privacy Act (CCPA) Privacy Notice
Effective Date: August 19, 2020
If you are a California consumer, the information in this Privacy Notice, along with our general website privacy policy, applies to you. Certain terms used in this Privacy Notice have the meanings given to them in the California Consumer Privacy Act (“CCPA”) found at California Civil Code § 1798.100 et seq. The purpose of this Privacy Notice is to provide California consumers with a comprehensive description of our online and off-line practices regarding the collection, use, disclosure, and sale of personal information and the rights of California consumers regarding their personal information.
The CCPA defines “personal information” to mean information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include information that is publicly available, deidentified, or aggregate information. For purposes of this Privacy Notice we will refer to this information as “personal information.”
Personal Information We Collect
During the 12-month period prior to the effective date of this Privacy Notice we may have collected and may presently collect the following categories of personal information about California consumers:
Personal Identifiers
Such as name, postal address, email address, or date of birth
Related Identifiers
Such as telephone number, last four digits of credit card number, last four digits of debit card number, medical information, or health insurance information
Employment Information
Such as occupation, title, or licenses
Education Information
Such as degree or school
Commercial Information
Such as records of health care products purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
How We Collect Your Personal Information
During the 12-month period prior to the effective date of this Privacy Notice we may have collected and may presently collect personal information about California consumers from the following categories of sources:
Interactions With Consumer
Interactions with Our Health Care Affiliates, Vendors, and Other Partners
Why We Collect Your Personal Information
For purposes of this Privacy Notice a “business purpose” means the use of personal information for our operational purposes and “commercial purposes” means to advance a person’s commercial or economic interests such as by inducing a person to buy, rent, lease, join, subscribe to, provide, or exchange products, goods or services, or enabling or affecting, directly or indirectly, a commercial transaction.
During the 12-month period prior to the effective date of this Privacy Notice we may have collected and may presently collect personal information about California consumers for the following health care business and commercial purposes:
Performing Health Care Services
Such as maintaining or servicing health care accounts, providing customer service, processing or fulfilling prescription orders and transactions, verifying customer information, or processing payments
Performing Hiring Activities
Such as vetting candidates for positions with the company
Site Administration
Such as site security such as detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
With Whom We Sell and Disclose Your Personal Information
We do not sell personal information.
During the 12-month period prior to the effective date of this Privacy Notice we may have disclosed for health care business or commercial purposes the following categories of personal information about California consumers to the following categories of third parties:
Personal Information
Personal Identifiers, Related Identifiers, Employment Information, Education Information, or Commercial Information
Third Parties
Health Care Affiliates, Vendors, and Other Partners
Right to Request Disclosure
A California consumer has the right to request that a business disclose what personal information it collects, uses, discloses, and sells. Using a method from the Contact Information section below, you may submit a request to know:
- The specific pieces information we collect about you
- The categories of personal information we collected about you
- The categories of sources from which we collected the personal information
- The business or commercial purposes for which we collected or sold the personal information
- The categories of third parties with whom we sold or disclosed personal information
- The categories of personal information about you that we sold or disclosed for a business purpose
For security purposes we will verify your identity prior to providing any personal information about you or the personal information we collected, disclosed, or sold using a variety of methods including, but not limited to, by sending you an email to confirm your request and asking you for additional information such as your last order amount, customer number, or other identifying information appropriate for verification.
Right to Request Deletion
A California consumer has the right to request (not more than twice in any 12-month period) that their personal information collected or maintained by a business be deleted. Using a method from the Contact Information section below, you may submit a request for us to delete personal information we have collected or maintain about you.
For security purposes we will confirm your request and verify your identity prior to deleting any personal information about you using a variety of methods including, but not limited to, by sending you an email to confirm your request and asking you for additional information such as your last order amount, customer number, or other identifying information appropriate for verification.
However, notwithstanding a verifiable request for deletion, we may retain certain personal information necessary for us to complete a transaction, provide a product or service, perform a contract, detect and protect against security incidents and malicious, deceptive, fraudulent or illegal activity, or prosecute those responsible, debug to identify and repair errors that impair functionality, enable solely internal uses, and to comply with legal obligations, record retention, and back-up practices, or for other lawful purposes.
Right to Non-Discrimination for Exercise of Privacy Rights
Businesses cannot discriminate against California consumers if they exercise any of the rights provided in the CCPA. This means that businesses cannot deny goods or services to that California consumer, charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties, provide a different level or quality of goods or services to the California consumer, or suggest that the California consumer will receive a different price or rate for goods or services or a different level or quality of goods or services. However, a business is permitted to charge a California consumer a different price or rate, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to the business by the individual’s data.
We will not deny, charge different prices for, or provide a different level or quality of goods or services if you choose to exercise these rights or live in California.
Contact Information
To submit a Request for Disclosure, Request for Deletion, or to contact us with questions or concerns about this Privacy Notice, you may contact us using the related web form here or by chatting with us on our website. To help protect your privacy and maintain security, we take steps to verify your identity before granting you access to your personal information or complying with your request.
If you use an authorized agent to submit a Request for Disclosure or a Request for Deletion, you will need to provide that authorized agent with written permission to do so and submit written proof to us that the agent has been authorized to act on your behalf.