II. Information We Collect
III. What are Cookies?
A cookie is a piece of data stored on the user’s computer tied to information about the user. We may use both session ID cookies and persistent cookies. For session ID cookies, once you close your browser or log out, the cookie terminates and is erased. A persistent cookie is a small text file stored on your computer’s hard drive for an extended period of time. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
IV. Managing Cookies
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
(c) http://www.opera.com/help/tutorials/security/cookies/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
Session ID cookies may be used by Fountain Pharmacy to track user preferences while the user is visiting the website. They also help to minimize load times and save on server processing. Cookies used on the Fountain Pharmacy website do not contain personally identifiable information.
V. Log Files
Like most standard websites, we use log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks to analyze trends, administer the site, track user’s movement in the aggregate, and gather broad demographic information for aggregate use. However, none of the information stored in our log files, including but not limited to IP addresses, is linked to personally identifiable information.
VI. Service Providers
While we respect our users privacy and do everything we can to limit sharing your personal information with third parties, your information may be shared with a third party due to the following reasons:
- To facilitate our Service;
- To provide the Service on our behalf;
- To perform Service-related services; or
- To assist us in analyzing how our Service is used.
We want to inform our Service users that these third parties may have access to your Personal Information as required for the above referenced reasons. We respect our Service Users privacy and acts as an intermediary between the customer and the third party service providers to limit access to your personal information.
VII. How we Use and Share this information
We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. We employ best practices including SSL, HIPAA Compliant storage of Personal Health Information with restricted access and other measures to protect your personal information. While we strive to do all we can to protect your personal information, please remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.
IX. Google Analytics
X. Special Offers and Updates
Our customers and users will occasionally receive newsletters or e-mails with information on products, services, or special offers. Out of respect for the privacy of our users, Fountain Pharmacy gives them the opportunity to opt-out from receiving these types of communications.
XI. Service Announcements
On rare occasions, it is necessary to send out a strictly service-related announcement, if, for instance, our service is temporarily suspended for maintenance. Generally, users may not opt-out of these communications, though they can deactivate their account. However, these communications are not promotional in nature.
XII. Legally-Required Disclosures
Though we make every effort to preserve your privacy, we may need to disclose personal information when required by law, or if Fountain Pharmacy believes that disclosure is necessary to protect Fountain Pharmacy’s rights and/or to comply with a judicial proceeding, court order, subpoena or other legal process. Fountain Pharmacy may also disclose information about you if we determine that for national security, law enforcement, or other issues of public importance, disclosure is necessary. Please see our Subpoena Policy for more information. In addition to the aforementioned disclosures, Fountain Pharmacy does everything in it’s control to remain HIPAA(Health Insurance Portability and Accountability Act) and FIPA(Florida Information Privacy Act) compliant. As required by HIPAA and FIPA laws we abide by the following breach notification rules:
- HIPAA Breach Notification Rule – The HIPAA Breach Notification Rule requires covered entities to notify affected individuals, HHS, and in some cases, the media of a breach of unsecured PHI. Most notifications must be provided without unreasonable delay and no later than 60 days following the discovery of a breach. Notifications of smaller breaches affecting fewer than 500 individuals may be submitted to HHS annually. The Breach Notification Rule also requires business associates of covered entities to notify the covered entity of breaches at or by the business associate.
- FIPA Breach Notification Rule – As outlined in Florida Statute 501.171 section 3, Fountain Pharmacy shall provide notice to the department of any breach of security affecting 500 or more individuals in this state. Such notice must be provided to the department as expeditiously as practicable, but no later than 30 days after the determination of the breach or reason to believe a breach occurred. A covered entity may receive 15 additional days to provide notice as required in subsection (4) if good cause for delay is provided in writing to the department within 30 days after determination of the breach or reason to believe a breach occurred.
XIII. Third Party Websites
XIV. Retaining and Deleting Personal Data
This Section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. Notwithstanding the other provisions of this Section XIV, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
XV. Maintenance of Information
The information provided to Fountain Pharmacy is saved indefinitely and may be stored on one or more databases directly or indirectly maintained by Fountain Pharmacy. Fountain Pharmacy employs industry-standard security measures to protect the confidentiality of the information. While we cannot guarantee that loss, misuse or alteration of data will not occur; we make every effort to prevent such occurrences. Any other particularly sensitive information is encrypted prior to transmission by you to Fountain Pharmacy. By accessing this site or using the Fountain Pharmacy services you consent to such transfers. While Fountain Pharmacy uses industry-standard measures to protect your information, no security measures are foolproof, and it is impossible to guarantee complete security of data sent or maintained via the internet.
XVI. Your Responsibility
You are responsible for the security of your Customer ID and passwords. Make sure you keep them in a safe place and do not share them with others. Always remember to log out after your session ends to ensure that others cannot access your private personal information. You should take this precaution even if you are not using a public computer, such as at a library or internet café, but even when using your private computer in your home. You are also responsible for keeping your contact information up to date. Certain information must be retained by Fountain Pharmacy, even after termination of your account, in order for Fountain Pharmacy to be able to provide the services requested, comply with its legal obligations, or to allow Fountain Pharmacy to resolve disputes or enforce its agreements.
XVII. Your Rights
We have summarized the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from local regulatory authorities for a full explanation of your rights.
(a) Your principal rights under data protection law are:
- the right to access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to complain to a supervisory authority; and
- the right to withdraw consent.
(b) You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. Requests will be responded to within 30 days of receipt. You may request a copy by emailing firstname.lastname@example.org.
(c) You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
(d) In some circumstances you have the right to the erasure of your personal data without undue delay.
Those circumstances include:
- the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw consent to consent-based processing;
- you object to the processing under certain rules of applicable data protection law;
- the processing is for direct marketing purposes;
- the personal data has been unlawfully processed.
However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation; or
- for the establishment, exercise or defense of legal claims.
(e) In some circumstances you have the right to restrict the processing of your personal data.
Those circumstances are:
- you contest the accuracy of the personal data;
- processing is unlawful but you oppose erasure;
- we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and
- you have objected to processing, pending the verification of that objection.
Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
(f) You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
(g) You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
(h) You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To the extent that the legal basis for our processing of your personal data is:
- consent; or
- that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and
- such processing is carried out by automated means; you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
(j) If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
(k) To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
(l) You may exercise any of your rights in relation to your personal data by providing written notice to us. To make such a request, please send an email to email@example.com or write to us:
Fountain Pharmacy LLC
ATTN: Privacy Rights
1331 W. Broadway St.
Oviedo, FL US 32765
XVIII. Your California Privacy Rights
California Civil Code Section 1798.83 permits our visitors who are California residents to request certain information regarding the disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org or write to us:
Fountain Pharmacy LLC
ATTN: Privacy Rights
1331 W. Broadway St.
Oviedo, FL US 32765
XIX. Changes to this Privacy Statement