PHARMBILLS Privacy Policy: Our Commitment to Protecting Your Information

Introduction

Welcome to our privacy policy. We respect your privacy and take it very seriously. We are PHARMBILLS and this is our plan of action to protect your personal data. The following describes how we collect and process your personal data when you use our website and platform. This privacy policy is designed to help you understand how your personal data is used, inform you of your rights and how to exercise those rights.

Audience

This policy applies to you when you visit our website, use our application, platform, or order our products or services as a customer.

What type of personal data do we collect and how do we use it?

The personal data we may collect about you includes the following:

‍

1. Account Information: When you register for our service or product, we collect details like your full name, email address, employment type, job title, and contact information.
2. Profile Information: When you create a username and password for your profile, we collect any information you provide.
3. Log-In to the Platform: We may use Single Sign-On (SSO) services like Google, which accesses user information based on SSO privacy settings.
4. Third-Party Service Information: When integrating with third-party services it may involve sharing your personal data, subject to privacy settings.
5. Live Chat: We may collect your name, email, and chat content for inquiries made via the live chat function.
6. Newsletter: We may collect your email address for newsletter registrations, with an option to opt out.
7. Interactions: We may collect additional personal data from the website, contests, surveys, events, user behavior (including but not limited to clicks, pageviews, or time spent), and cooperation applications, etc.
8. Usage Information: We may collect log data, device information, and location information subject to applicable laws.
9. Special category data: Depending on the services you use, we may also collect special category data such as health data.

Use of your personal data

We utilize the personal data we collect for various business purposes such as:

‍

1. Providing Requested Services: We collect personal data to enable authorized users to operate the platform, facilitate services for customers, and assist in inquiries.
2. Improvement and Development of Services: We gather personal data to enhance services, gather feedback, maintain user-friendly interfaces, and improve business management.
3. Maintaining a Safe and Secure Environment: We utilize personal data to detect and prevent fraud, abuse, and security incidents, enhancing the safety and security of the platform.
4. Personalized Content, Advertising, and Marketing: We use data to match users' needs and interests, optimizing content and providing personalized experiences.
5. Compliance, Fraud Prevention, and Safety: We may disclose personal data to law enforcement or government authorities to protect various rights, privacy, safety, or property, and to enforce our terms and conditions.
6. Communication: We may send you service-related, technical, and administrative notifications through various communication channels, including email, messaging apps, push notifications, phone calls, or other means.

‍

Additionally, we may periodically send informational or marketing messages, including updates about new features, special offers, or news related to us.

‍

Overall, we process personal data for various purposes, ensuring compliance with our legal obligations and respecting users' rights to privacy.

‍

When can we use your personal data?

We may process your personal data to fulfil our obligations to you. We will only process your personal data:

‍

• with your explicit consent;
• where it is necessary to carry out actions for the conclusion or performance of a contract with you;
• where it is necessary for us to comply with a legal obligation; or
• where we can show legitimate grounds for processing your personal data.

How do we share personal data?

We share personal data in accordance with our privacy policy and legal obligations, with the following entities:

‍

1. Corporate Affiliates: Personal data may be shared with our corporate parent, subsidiaries, and affiliates.
2. Service Providers: Third-party companies and individuals providing services on our behalf, such as customer support, hosting, analytics, etc., may access personal data as directed by us.
3. Professional Advisors: Personal data may be disclosed to professional advisors like lawyers, bankers, auditors, etc., as necessary for the services they provide to us.
4. Compliance, Fraud Prevention, and Safety: Personal data may be shared for compliance, fraud prevention, and safety purposes, including legal obligations and security threats.
5. Business Changes: During mergers, acquisitions, bankruptcies, or similar business changes, personal data may be shared or transferred subject to appropriate confidentiality arrangements.

Where do we transfer personal data?

The personal data that we collect from you may be transferred to, stored and processed by our affiliates, properly vetted sub-processors and third-party service providers. We may transfer your personal data outside of the country where it was collected to a foreign country.

‍

We rely on the following transfer mechanisms depending on the recipient: (i) the EU-U.S. Data Privacy Framework (EU-U.S. DPF) for transfers to PHARMBILLS LLC entities in the United States; (ii) Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to other third-party recipients outside the DPF scope; and (iii) adequacy decisions where applicable.

‍

We will take all steps reasonably necessary to ensure that your personal data is treated securely. All sub-processors and third-party service providers are under appropriate contractual obligations to ensure the safety and confidentiality of your personal data.

‍

By submitting your personal data, you agree to us transferring, storing, or processing it in a foreign country. We require our partners with whom we share personal data to implement appropriate security measures to protect your personal data.

EU-U.S. Data Privacy Framework (EU-U.S. DPF)

PHARMBILLS LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. PHARMBILLS LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF.

‍

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit:

https://www.dataprivacyframework.gov/

‍

The Federal Trade Commission has jurisdiction over PHARMBILLS LLC’s compliance with the EU-U.S. DPF.

Accountability for Onward Transfers

In cases of onward transfer to third parties of personal data received pursuant to the EU-U.S. DPF, PHARMBILLS LLC remains potentially liable if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless PHARMBILLS LLC proves that it is not responsible for the event giving rise to the damage.

Dispute Resolution — JAMS

In compliance with the EU-U.S. DPF Principles, PHARMBILLS LLC commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States.

‍

JAMS is a member of the ADR.org dispute resolution forum. Information about JAMS and its dispute resolution services can be found at:

https://www.jamsadr.com/dpf-dispute-resolution

‍

If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Binding Arbitration

You may have the option, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. For additional information, please visit:

https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction

EU Data Subject Rights under DPF

EU individuals have the right to access personal data about them, and to limit the use and disclosure of their personal data. To exercise these rights, please contact us at privacy@pharmbills.com.

Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). This section supplements the rest of our Privacy Policy and applies solely to individuals residing in California. As a California resident, you may have the right to:

‍

• Know the categories of personal information we collect, use, disclose, and share about you.
• Access a copy of the personal information we hold about you.
• Request deletion of your personal information, subject to certain legal exceptions.
• Correct inaccurate personal information we maintain.
• Opt out of the “sharing” of personal information for cross-context behavioral advertising (if applicable).
• Not be discriminated against for exercising your privacy rights.

‍

You can exercise these rights at any time by contacting us at privacy@pharmbills.com.

‍

We do not sell your personal information. If we ever engage in “sharing” personal information for cross-context behavioral advertising, you will be provided with a clear and accessible way to opt out.

‍

Notice of Right to Opt Out of Sale or Sharing

California residents have the right to opt out of the sale or sharing of their personal information for cross-context behavioral advertising. Although we do not currently sell personal information, to submit an opt-out request or to be notified if this practice changes, please use our Privacy Request Form or contact us at privacy@pharmbills.com.

‍

You may also use the following alternative opt-out method: send an email to privacy@pharmbills.com with the subject line “CCPA Opt-Out Request”, including your full name, email address, and state of residence.

Notice of Right to Limit Use of Sensitive Personal Information

California residents have the right to limit our use and disclosure of sensitive personal information to purposes permitted by the CPRA (Cal. Civ. Code § 1798.121). We do not use sensitive personal information for purposes beyond those permitted by law.

‍

To submit a request to limit the use of your sensitive personal information, please use our Privacy Request Form or contact us at privacy@pharmbills.com.

Sensitive Personal Information

The categories of sensitive personal information we may collect include: health data (where applicable to the services used). We do not use or disclose sensitive personal information beyond the purposes for which it was collected or for purposes authorized by the CPRA.

Privacy Request Form

To exercise any of the above California rights, please submit a request via the form available on our website at the “Do Not Sell or Share My Personal Information” or “Limit the Use of My Sensitive Personal Information” links in our website footer. We will respond to verified requests within 45 days as required by law.

Marketing

You are always in control of your personal data, and if you choose to stop receiving our marketing information, you may click on the unsubscribe link at the bottom of our marketing material.

‍

You can rest assured that, even if you unsubscribe, you will still receive the necessary emails for the management of your account (for example, if you forget your password).

Links to other websites

This website or platform may provide links to other websites. This privacy policy does not cover the personal data practices exercised by other providers of products or services, advertisers or other websites, companies or individuals, which are not owned or controlled by us. We suggest that when linking to another website, you always read that website’s privacy policy before volunteering any personal data.

Data Security

Security is critical to our objectives, and we take the security of personal data as a priority item. We use up-to-date industry standards and practices, appropriate technical and organizational measures to protect personal data from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the personal data we collect, process, and store, and the current state of technology.

‍

While we strive to use commercially acceptable means to protect your personal information, given the nature of communications and technology, we cannot guarantee that personal data in our care will be absolutely safe from intrusion by others during transmission through the internet or while stored on our systems or otherwise.

‍

We require our partners with whom we share personal data to implement appropriate security measures to protect your personal data. However, when you click a link to a third-party site, you will be leaving our site, and we don’t control or endorse what is on third-party sites.

Data Retention

We will retain your personal data in accordance with applicable laws, regulations, and contractual agreements. Generally, we do not retain personal data longer than necessary to provide our services and for reasonable business and lawful needs. This may include keeping interaction data for the period needed for us to pursue legitimate business interests, conduct audits, comply with legal obligations, resolve disputes, and enforce our agreements.

‍

When we no longer require your personal data, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

Children’s Data

The website and platform are not intended for children under the age of 16. We do not, knowingly, or intentionally, collect personal data about children who are under 16 years of age.

‍

If you are under the age of 16 you may not use the website and platform, unless parental or guardian consent is provided.

‍

If you believe that we may have any personal data from or about a person under the age of 16, please contact privacy@pharmbills.com.

Cookies

We will ask for your explicit consent to allow any cookies which identify you, your location or profile you before we place them on your device. We may use “cookies” or other technologies or files (collectively, “cookies”) to identify how visitors make use of our website and platform. This aggregated tracking of personal data may be used to help us improve and enhance the website and platform experience for all of our users.

‍

If you would prefer not to have cookies stored on your computer, you may reject non-necessary cookies through our website banner, modify your browser settings to reject most cookies, or manually remove cookies that have been placed on your computer. However, by rejecting the cookies, you may be unable to fully access the offerings on our website or platform.

‍

To find out more about cookies, visit www.allaboutcookies.org.

Your Rights

If you believe your rights regarding your personal data have been violated, you have the option to lodge a complaint with the relevant supervisory authority.

‍

You have the right at any time to request access or to modify your personal data. To exercise your data protection rights as listed below, please contact us at privacy@pharmbills.com. Note that we may ask that you verify your identity first.

‍

Your Rights Include:

‍

• Informed Being
• Accessing the personal data we process about you;
• Rectifying or updating the personal data you have provided;
• Requesting the deletion of your personal data;
• Opting out or objecting to certain uses of your personal data;
• Withdrawing consent at any time;
• Exercising the right to data portability; and
• Asking us to review any automated decisions made about your personal data.

For customers of our customers, please contact your system administrator to exercise your rights. We will do our best to assist our customer to fulfill your request.

Applicable Law and Dispute Resolution

We process your personal information in accordance with the applicable laws of your jurisdiction.

‍

If you have a concern or dispute regarding our handling of your personal data, we encourage you to contact us first at privacy@pharmbills.com so we can resolve it directly.

You may also have the right to lodge a complaint with your local data protection authority or regulatory body.

‍

For EU residents: unresolved disputes related to the EU-U.S. Data Privacy Framework will be referred to JAMS as described in the EU-U.S. DPF section above. See also the Binding Arbitration option under Annex I of the DPF Principles.

‍

Any disputes that cannot be resolved amicably will be handled in accordance with the laws and jurisdiction of your country of residence, unless a different jurisdiction is required by applicable law.

Questions regarding our Privacy Policy

If you would like to contact us to discuss any queries or concerns about this privacy policy or our data protection practices, contact us at privacy@pharmbills.com.

Our Data Protection Officer’s contact details are:

Iryna Skydan

Email: privacy@pharmbills.com

What about changes to our Privacy Policy?

We will occasionally update this privacy policy. When we do, we will post a prominent notice in this section of this privacy policy notifying users when it is updated. For material changes (i.e., substantially new practices you wouldn’t expect from us or that we didn’t previously tell you about), we may decide to give you notice via email.

Disclosure to Public Authorities

PHARMBILLS LLC may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, as permitted under applicable law.