This Privacy Policy ("Privacy Policy") covers "Personal Information" collected by Medaflo from clients, third parties at the direction of users, and client systems as well as through the operation of websites, mobile applications, and software by Medaflo, LLC and its affiliates and subsidiaries ("Medaflo," "we," and "us"), including www.medaflo.com and my.medaflo.com (collectively "Medaflo Service"). The Privacy Policy describes how Medaflo collects, uses, and discloses "Personal Information."
"Personal Information" means information that alone or when in combination with other information may be used to readily identify, contact, or locate you, such as: name, address, email address, phone number, social security number, and insurance-issued ID numbers. "Personal Information" also includes identifiable health information collected about you. We do not consider Personal Information to include information that has been anonymized so that it does not allow a third party to easily identify a specific individual.
Medaflo provides health service providers and medical sales representatives with the Medaflo Service to manage drug samples, personal health records, communications, and other related activities. Other than information gathered through our website at www.medaflo.com, Medaflo acts as a service provider for health service providers and medical sales representatives and does not own or control the information that is submitted to us through the Medaflo Service. The information that is submitted through the Medaflo Service will be held subject to the requirements specified by our health service provider and medical sales representative clients, as well as applicable law, such as the Health Insurance Portability and Accountability Act (HIPAA).
This Privacy Policy does not reflect the privacy practices of Medaflo's health service provider or medical sales representatives clients and Medaflo is not responsible for our clients' privacy policies or practices. Medaflo does not review, comment upon, or monitor our health service provider or medical sales representatives clients' privacy policies or their compliance with their respective privacy policies, nor does Medaflo review our client's instructions to determine whether they are in compliance or conflict with the terms of a client's published privacy policy or applicable law.
The Medaflo Website. You may visit the websites of Medaflo without revealing any Personal Information. However, in some instances, Medaflo may require certain Personal Information, such as business contact information, so we can respond to your inquiries or provide you with requested information.
The Medaflo Service. The Medaflo Service may collect information, including Personal Information and health information, about you from a health service provider.
Customer Support. We may collect Personal Information through your communications with our customer-support team.
Cookies, Automatic Data Collection, and Related Technologies. Medaflo and our third-party partners, such as analytics service providers, may automatically receive and record certain non-Personal Information from users using cookies, web beacons, server logs and other similar tools. For example, Medaflo may collect information about how you visit and navigate through the Medaflo Service, when you click on a link or open a web page, use certain elements of the Medaflo Service, or open an email sent by Medaflo. Medaflo may use this information to provide certain functionality, improve the tools and services, and monitor the use of the tools and services. For example, we use these tools to save user preferences, preserve session settings and activity, help authenticate users, allow users to auto-fill sign-in pages of websites they frequently visit, and debug and evaluate the performance of the Medaflo Service. Our partners also may collect such information about your online activities over time and on other websites or apps. You may be able to change browser settings to block and delete cookies when you access the Medaflo Service through a web browser. However, if you do that, the Medaflo Service may not work properly.
Internal and Service-Related Usage. We use information, including Personal Information, for internal and service-related purposes and may provide it to third parties to allow us to facilitate the Medaflo Service. We may use and retain any data we collect to provide and improve our services.
For example, we may use Personal Information for the following purposes:
Consents and Authorizations. Medaflo may request your consent or authorization in connection with the use or sharing of Personal Information about you. In some instances, this will be because this Privacy Policy or applicable law or regulations require us to obtain such consent. In other instances, such consent will be for informational purposes. Any request to obtain your consent does not narrow the scope of this Privacy Policy. By using the Medaflo Service, you accept and agree to Medaflo's information handling practices in the manner described.
Surveys and Ratings. The content of feedback you provide to Medaflo is presumed public. Medaflo will let you know in advance how it will use survey or rating feedback in any such request for such information.
Protect the Medaflo Service and data it stores. We may use the information collected through the Medaflo Service to investigate potential or suspected threats to the Medaflo Service or to the confidentiality, integrity or availability of the information Medaflo stores and maintains.
Communications. We may send email to the email address you provide to us to verify your account and for informational and operational purposes, such as account management, customer service, or system maintenance. We may also send you marketing emails if you request more information about our products and services. Emails are often transactional or relationship messages, such as reminders and other notifications. Medaflo may not offer you the option of opting out of receiving some of these messages although Medaflo may allow you to modify how often you receive such messages. If you opt-in to receiving marketing announcements from Medaflo, we will allow you to opt-out of receiving those announcements.
Anonymized and Aggregate Data. We may anonymize and aggregate any data collected through the Medaflo Service, and use it for business purposes. For example, we may use such data for evaluating and profiling the performance of the Medaflo Service, including analyzing usage trends and patterns and measuring the effectiveness of content, features, or services.
We Use Vendors and Service Providers. We may share any information we receive with vendors and service providers retained in connection with the provision of the Medaflo Service. When protected health information is shared, such vendors and service providers will be bound by appropriate confidentiality and security obligations which include business associate contract obligations as required by HIPAA.
Marketing. We do not rent, sell, or share Personal Information about you with other people or non-affiliated companies for their direct marketing purposes, unless we have your permission.
As Required By Law and Similar Disclosures. We may access, preserve, and disclose collected information, if we believe doing so is required or appropriate to: comply with law enforcement requests and legal process, such as a court order or subpoena; respond to your requests; or protect your, our, or others' rights, property, or safety.
Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction as permitted by law and/or contract. We cannot control how such entities may use or disclose such information.
With Your Permission. We may also disclose your Personal Information with your permission.
Medaflo's collection, use, and disclosure of information are generally governed by service agreements with our health service provider and medical sales representatives clients. Information maintained to provide these services to our business clients is retained only for as long as we have a valid business purpose and in accordance with applicable law. Medaflo may retain archived information for a period of five years (or longer if required by law) as necessary to comply with legal obligations, resolve disputes and enforce our agreements and other authorized uses under this Privacy Policy.
Account Deactivation. If you desire to deactivate your account please contact us. Upon receiving such a request, Medaflo will deactivate your account and archive your Personal Information.
Limits to Your Requests for Access, Amendment, or Deletion. You may not be able to access, update, or delete information that you share with another user or other party through the Medaflo Service. Certain users, such as health service providers, may be required under HIPAA and other applicable laws to retain information about patients for extended periods of time. Medaflo will continue to retain such information on their behalf.
Medaflo indefinitely stores non-personal information, as well as any feedback you provide us.
In most cases, Medaflo obtains Personal Information on behalf of a health service provider. To request access to, correction, amendment, or deletion of this Personal Information, a patient or end user should contact the health service provider to which the data was provided.
Please see our Security Policy located at here.
No data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. Once we receive your transmission, we take steps to ensure security on our systems. Please note this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of such safeguards.
Medaflo provides its services to health service providers and medical sales representatives. When we process "protected health information" as defined by HIPAA on behalf of health service providers, we are acting as a "business associate" to them as regulated by HIPAA. Therefore, Medaflo must adopt and maintain appropriate physical, technical, administrative, and organizational procedures to safeguard and secure the protected health information we process. We also may not access, use, or disclose the protected health information except as permitted by health service provider clients and/or applicable law. Medaflo strives to protect the privacy of the Personal Information it processes, and to avoid inadvertent disclosure.
If Medaflo learns of a security system's breach, Medaflo maintains an incident response policy that includes notifications consistent with applicable law.
By using the Medaflo Service or providing Personal Information to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of this website.
Access to the Medaflo Service is administered in the United States and is intended solely for users within the United States.
If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the United States and processing globally. By providing your information you consent to any transfer and processing in accordance with this Privacy Policy.
The Medaflo Service is not intended for or designed to attract persons under the age of 13 ("child" or "children"). Medaflo does not knowingly collect personal information from children. If Medaflo learns that it has obtained personal information from a child, Medaflo will delete that information as soon as practicable. If your child has provided us with personal information without your consent, please contact us immediately.
Without limiting the above, the Medaflo Service does allow persons above the age of 18 years — such as health service providers - to provide, share and store personal information about others, including minors and children. Any user providing, storing or submitting information on behalf of a child assumes full responsibility over the submission, use, and transmission of such information.
Posting of Revised Privacy Policy. We will post any adjustments to the Privacy Policy on this web page, and the revised version will be effective when it is posted. If you are concerned about how your information is used, bookmark this page and read this Privacy Policy periodically.
New Uses of Personal Information. From time to time, we may desire to use Personal Information for uses not previously disclosed in our Privacy Policy. If our practices change regarding previously collected Personal Information in a way that would be materially less restrictive than stated in the version of this Privacy Policy in effect at the time we collected the information, we will make reasonable efforts to provide notice and obtain consent to any such uses as may be required by law.
If you have any questions, comments, or concerns about Medaflo or this Privacy Policy, please email us at hi@medaflo.com.
Last updated: April 15, 2021