PLEIO PRIVACY POLICY

At Pleio, we believe we are making a difference in the lives of patients on new medication. Through our GoodStart® program we offer the delivery of tailored support programs that help patients get started on to a good routine.  And your privacy is important to us.

At Pleio, Inc. (also referred to as “we” or “our”) we respect the relationships we have with our customers and we respect the privacy of individuals whose personal information we may process in the delivery of our services and performance of our business operations.

This Policy explains how we may collect, hold, use and disclose personal information. Our intention is for this policy and its practices and procedures to support timely compliance with applicable privacy laws and regulations.

Scope of this Privacy Policy

Our privacy commitments to you with respect to our website are governed by our published website policy. Our commitments to employees are governed by our internal employment policies. Our privacy commitments to customers, service providers, and business partners are additionally covered by separate Data Processing Addendums or Business Associate Agreements. This policy applies to the personal information we may collect and process to provide our GoodStartTM service on behalf of our customers and business partners.

Collecting Personal Information

We do not sell any data, including your personal information. We may collect personal information about you from our customers and business partners and we will only process this data in providing contracted services for our customers and business partners, all in accordance with applicable data protection and privacy laws.

Data protection laws and privacy laws in certain jurisdictions differentiate between “controllers” and “processors” of personal information. A controller decides why and how to process personal information, while processors process personal information on behalf of a controller based on the controller’s instructions. When Pleio processes your personal information, it is acting as a processor to its customers and business partners who are acting as a controller.

In performing our services, we may collect and process two types of information about you:

Personally Identifiable Information

Personally identifiable information identifies you or can be used to identify or contact you. Examples of personally identifiable information we may collect include your name, telephone number, and e-mail address.

Non-Personally Identifiable Information

Non-personally identifiable information is information, any single item of which, by itself, cannot be used to identify or contact you, including demographic information (such as gender, zip code). Certain non-personally identifiable information may be considered a part of your personally identifiable information if combined with other identifiers (for example, combining your zip code with your street address) in a way that enables you to be identified. But the same pieces of information are considered non-personally identifiable information when they are taken alone or combined only with other non-personally identifiable information. Examples of non-personally identifiable information we may collect include drug prescriptions and date of birth.

Minors

We are committed to protecting the privacy of children. The Pleio Service is not designed for individuals under the age of 18. If we become aware that we have collected personal information from someone under the age of 18, we de-identify the information to remove any personally identifiable information.

How we use Personal Information

We use the personal information collected to provide our GoodStartTM Service and to improve and optimize our services, including to analyze trends in reliance on our legitimate interests.

We may also use your personal information to carry out other legitimate business purposes, such as invoicing, audits, fraud monitoring and prevention.

Sharing Personal Information

We engage with independent vendors, consultants, suppliers, and contractors (collectively, “service providers” or “sub-processors”) to provide specific services and products related to the Pleio Service, such as hosting. In the course of providing products or services to us, these sub-processors may have access to or process information collected through the Pleio Service, including your personally identifiable information. We require that these sub-processors agree to (1) protect the privacy of your personal information consistent with this Privacy Policy and (2) not use or disclose your personal information for any purpose other than providing us with the products or services for which we contracted or as required by law.

A list of Pleio sub-processors can be provided to you. Such requests can be sent to privacyofficer@pleio.com.

We may also share your personal information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

Except as described, we will not disclose personal information to third parties outside of Pleio.

Automatic Decision-Making

We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Retention

We will retain your personal information as long as reasonably required to fulfill the purposes set out in this Privacy Policy. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Security

We care about protecting personal information and we take precautions to protect the security of your information. Physical, technical, and organizational controls are in place to help safeguard, prevent unauthorized access to, maintain data security, and correctly use your information.

Data Location

We operate in the United States, currently serving customers in the United States. Your data, including personal information that we collect about you, is collected in, stored at and processed by us and other third parties in the United States.

Your Rights

CCPA

If you are a resident of California, you have the right to access the personal information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your personal information be corrected, updated, or erased.

GDPR

If you are a resident of the EEA, you have the right to access the personal information we hold about you, to port it to a new service, and to ask that your personal information be corrected, updated, or erased.

You have the right to file a complaint concerning our processing of your personal data with your national (or in some countries, regional) data protection authority.

Exercising your rights

As a data processor, most of your rights regarding the data we may process about you would be exercised through one of our customers or business partners (the data controller). If you would like to exercise these rights or if you would like to designate an authorized agent to submit requests on your behalf, please contact us through the contact information below and we can provide you with the guidance you need to exercise your rights.

Note that to protect your privacy and security, we may take reasonable steps to verify your identity, which may require government identification or a declaration as to your identity, and/or additional information.

Your authorized agent may make a request on your behalf upon our verification of the agent’s identity and our receipt of a copy of the valid power of attorney given to your authorized agent. Absent a valid power of attorney, you must provide your agent with written and signed permission to exercise your privacy rights on your behalf, provide the information we request to verify your identity and provide us with written confirmation that you have given the authorized agent permission to submit the request.

Cookies

As a part of our commitment to a high standard of transparency in our Privacy Policy, we’ve created this guide to explain the tracking technologies we use on our sites.

What are cookies?

Cookies are small data files sent from a server to your web browser or mobile device that may be stored on your browser cache or mobile device. There are ways you can control your cookies preferences and set whether you want to accept or reject cookies (see what your options are below).

What do we do with these technologies?

We use cookies for a few general purposes like:

    1. To allow our sites to function correctly.
    2. To understand how our sites are functioning and to inform any improvements in performance and our services.
    3. To enhance your experience on our website.

The cookies we use do not extract personal information about you and we do not attempt to associate cookies with identifiable individuals.

We might sometimes partner with third-party services who may use various tracking technologies to provide certain services or features on our sites, including targeted online marketing or relevant on-site messaging. These third-party services use cookies to anonymously collect data and allow them to recognize your computer or mobile device each time you visit any of our sites. The data they collect is kept separate from the personal information about you as a user that we collect.

We do not serve any advertising on our website and we do not track your internet activity once you leave the site.

Do Not Track (DNT)

DNT is the concept for a mechanism that allows internet users to control the tracking of their online activities across websites. Currently, most mainstream browsers offer a DNT option that will send a signal to websites visited by the browser user about the user’s DNT preference. You can usually access your browser’s DNT option in your browser preferences or settings.

While no industry DNT standard has been established, we currently honor Do Not Track signals from the browser.

Your options when it comes cookies, web beacons and similar technologies

You can always change your web browser’s settings to reflect your cookie preferences. Use these links to learn more information about how to control cookie settings for these common browsers:

    1. Internet Explorer
    2. Microsoft Edge
    3. Google Chrome
    4. Mozilla’s Firefox
    5. Apple’s Safari

Also, you can opt out of many third-party advertising cookies at any time by visiting this page.

Keep in mind that if you disable cookies and similar technologies there might be some functionality that will not work or not operate correctly on our site.

If you want to learn more about cookies, or how to control, disable or delete them, please visit https://www.aboutcookies.org or https://www.cookiesandyou.com for detailed guidance. In addition, certain third party advertising networks, including Google, permit users to opt out of or customize preferences associated with your internet browsing. To learn more about this feature from Google, click here.

Changes

We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons. If we make material updates to this Privacy Policy we will update the last updated date at the bottom of the Privacy Policy.

Contact

If you have any questions, comments, or concerns about this Privacy Policy, if you would like to exercise any of your rights, or feel that we are not abiding by the terms of this Privacy Policy, please contact us in any of the following ways:

By email: privacyofficer@pleio.com

By postal mail or courier:
Privacy Officer
Pleio, Inc.
600 Third Avenue, Suite 200
New York, NY, 10016

Last updated: June 2021