Privacy Policy

This Privacy Policy (“Privacy Policy”) is incorporated into our Terms of Use and Terms of Service, as applicable. Therefore, terms used in this Privacy Policy that have been previously defined will have the same meanings as provided in our Terms of Use or Terms of Service, as applicable. As with our Terms of Use and Terms of Service, if we make any changes to our Privacy Policy, we will post the revised Privacy Policy to the Site and update the “Last Revised” date of the Privacy Policy. Your use of our Site or Service following any such change means you accept the revised Privacy Policy.

We are committed to respecting the privacy of users of our Site and Service. We created this Privacy Policy to tell you how Direct Dermatology, Inc. (“DD”, “we”, or “us”) and Direct Dermatology Professionals and affiliates using the DD platform collect, use and disclose information in order to provide you with the Site or Service, as applicable.

By accessing or using the Service, you accept the practices and policies outlined in this Privacy Policy and you hereby consent that we will collect, use and disclose your information as set forth in this Privacy Policy. If you are using the Service on behalf of an individual other than yourself, you represent that you are authorized by such individual to accept this Privacy Policy on such individual’s behalf.

What Information Do We Collect?

In general, you can visit the Site without telling us who you are or revealing any personally identifiable information about yourself. However, you should be aware that sections of the Service (including restricted portions of the Site) allow for the submission of and collection through use of the Service of personally identifiable information, including, but not limited to: (1) your name and contact data (such as your e-mail address, phone number, and billing and physical addresses); (2) your login and password; (3) demographic and health and wellness data (such as your gender, date of birth, wellness background, weight, height, lifestyle information, medication history, and zip code); (4) your communications with a physician or other Health care provider conducted through the Service; and (5) any information you provide when you contact or communicate with us (credit card data). We may also collect information from you necessary to provide you with services you request from physicians and other Health care providers available on the Service, which may include, but is not limited to: (a) payment information; (b) insurance information; and (c) health and medical data (such as previous doctors or other healthcare providers you visited, your reason for visiting a healthcare provider, date of visit, medical history and condition, medications, images or videos and other medical and health information you share with us).

To protect your security and privacy, we require that you or your legal representative (as opposed to a third party on your behalf) enter the personally identifiable information that we collect and that the information be current. DD disclaims any legal duty to verify the accuracy of any personally identifiable information that you provide beyond what may be required by law for the particular purpose for which the information is to be used.

In addition to the information we collect directly from you, we may also collect certain information from physicians and other Health care providers who provide treatment or other services to you in connection with our Service. This information may include, but is not limited to, the Health care provider’s diagnoses, treatment plans (including prescription details) and notes. We may also receive information from third parties that pay for your care or provide you with treatment, laboratory care or prescription medication, which may include, for example, your prescription history, insurance policy, insurance eligibility and coverage, and laboratory test results.

We may automatically collect certain information from your device through which you access our Service. This information includes, but is not limited to, your language preferences, your phone number or other unique device identifier (the International Mobile Equipment Identity or the Mobile Equipment ID number), the IP address of your device, the manufacturer, model and operating system of your device, the name and version of the Service you are using, information regarding your browser and information that allows us to personalize the Service. We or our service providers may also collect information about how you interact with the Site, the Service and any other websites to which the Service or Site links, such as how many times you use a specific part of the Site or Service, the amount of time you spend using the Site or Service, how often you use the Site or Service, actions you take in the Site or Service and how you engage with the Site or Service. For more details about this type of data collection, please refer to the section below on cookies and web beacons.

We will obtain information regarding your location or the location of your device through which you access the Site or Service. Information regarding your location will be obtained directly from you when you provide us with your zip code. Alternatively, the Site or Service may obtain precise information about the location of your device with your express consent. Once you have consented to the collection of the precise location of your device, you may adjust this consent by managing your location services preferences through the settings of your device.

How Do We Use Your Information?

In connection with providing you with the Site or Service, we and our affiliates may use, compile, analyze and save, your information for a number of purposes, including, but not limited to: (a) verifying your identity and administering your account, including processing your payments and fulfilling your orders; (b) communicating with you about our Site, Service or your use of our Site or Service, and sending you communications on behalf of physicians and other Health care providers utilizing the Service to meet your needs; (c) ensuring quality customer service by providing you customer support, responding to your requests or concerns, ensuring that our Site or Service functions properly for you, and tailoring our Site or Service to meet your needs; (d) as applicable, facilitating the provision of healthcare services to you by a physician or other Health care provider, and ensuring the Health care providers the services and support necessary for health care operations; (e) sending you push notifications (notifications may be enabled or disabled through your device or app settings depending on your device type); or (f) detecting, preventing, investigating and responding to fraud, intellectual property infringement, violations of our Terms of Use, Terms of Service, or other misuse of our Site or Service or a Health care provider’s services.

We use information regarding your location or the location of your device through which you access our Site or Service for a number of purposes, including, but not limited to: (a) identifying physicians and other Health care providers who may provide you with healthcare services; (b) providing you with a list of nearby pharmacies that may fulfill any prescriptions provided to you by your physician or other Health care provider; (c) identifying other Health care providers whom you may visit at the recommendation of your physician or other Health care provider; and (d) analyzing the demographics of the individuals who access the Site and use the Service.

How Do We Disclose Your Information?

We may disclose your information to third parties in connection with the provision of our Service or as otherwise permitted or required by law. For example, we may disclose your information to: (a) our third- party service providers that provide services such as the hosting of our Site or Service, data analysis, IT services and infrastructure, customer service, e-mail delivery, auditing and other similar services; (b) Health care providers to schedule and fulfill appointments and provide health care services as part of the Service; (c) Health care providers to whom you send messages through our Service; (d) Health care providers for other treatment, payment or healthcare operations purposes upon your request; (e) third parties as we believe necessary or appropriate to comply with applicable laws; and (f) to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, liquidation or other disposition of all or any portion of our business, assets or stock. DD has a general policy of not disclosing your information to third parties unless you have consented to such sharing. However, we may share the information about you that you provide to us with other companies collecting and using the information you provide to us to better understand the offers, promotions, health and wellness benefits, insurance trends, employer related trends, and types of advertising that are most appealing to our customers. After the information is collected by these third parties, it is aggregated so it is not personally identifiable or tied to you or any other user.

We may also collect and group demographic and preferences information, responses to surveys and other personally identifiable information that we collect from you into an aggregate, non-personally identifiable form for disclosure to our existing or potential business partners, affiliates, sponsors, regulators as part of further product development, including as part of a pre-market submission with the FDA, or other third parties. However, please be assured that this aggregate data will in no way personally identify you or any other parties participating in the Service. When you submit personally identifiable information to us as part of the Service, you may be given an opportunity to opt in to receiving additional information from or on behalf of DD and/or selected third parties. If you opt in, you may be added to our list of Secure Users who will receive additional features, promotional and marketing communications from us, our partners and/or other third parties. If you initially opt in to receiving such communications and you later decide that you no longer want to receive them, you may opt out of receiving promotional and marketing communications from us and/or our partners and other third parties by contacting us. If you discontinue your use of the Service for a period of ninety days or more we may require you to re-register or otherwise stop communicating with you electronically.

How do we store information?

DD will store archives of information subject to this Privacy Policy from Secure Users for no less than the required legal period, but may retain some or all of the information indefinitely in DD’s sole discretion.

Can you request a copy of information subject to this Privacy Policy?

With respect to all active Secure Users of the Services, upon the detailed and reasonable written request of an active Secure User and the payment of any applicable fees DD may charge to copy and distribute materials, DD shall make copies of information subject to this Privacy Policy and identifying the requesting Secure User maintained by DD to such Secure User within a reasonable time of the request.

Use by Minors

If you are under 18 years of age, we must obtain valid and verifiable consent by your parent,or legal guardian to this Privacy Policy and our Terms of Service before you can use the Services or the Site. Such consent will be obtained via reasonable methods, as determined by us in our sole discretion. If we determine that the consent obtained is inadequate, we will notify you and you may not use or access the Service or Site at any time or in any manner. However, if you are a parent, legal guardian or personal representative of a minor child under 18 years of age, you may, in compliance with the Terms of Service use our Service on behalf of such minor child. Any information you provide us on behalf of your minor child will be treated in accordance with this Privacy Policy. We do not knowingly collect information for individuals under the age of 18 for whom we have not obtained adequate consent pursuant to the above. If we learn that we have received any information for an individual under the age of 18 for whom we have not obtained adequate consent pursuant to the above, we will only use that information to respond directly to that child (or a parent, legal guardian or personal representative) to inform him or her that he or she cannot use our Service, and subsequently we will delete that information from our own servers.

Jurisdictional Issues

We intend to provide our Service in the United States; accordingly, this Privacy Policy, and our collection, use, and disclosure of your information, is governed by the laws of the State of California and the United States. We do not represent or warrant that our Service is appropriate or available for use in any particular jurisdiction. If you choose to access or use our Service from jurisdictions other than the State of California, the State of Hawaii, or the State of New Mexico, including from outside the United States, you do so on your own initiative and at your own risk and acknowledge that the Service may not be available expect for individuals within these jurisdictions at the time of the healthcare provider patient encounter. You acknowledge that our Service is subject to laws of the State of California and the United States.

Third Parties

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices, including data privacy and security processes and standards of any third parties, including physicians and other Health care providers using the Service, the manufacturer of your mobile device and other IT hardware and software, and any other third party mobile application or website to which our Service may contain a link. These third parties may at times gather information from or about you. We have no control over the privacy practices of these third parties.

Even though DD may not be a “covered entity” as defined in HIPAA, any physician or other Health care provider engaging through our Service may be a “covered entity” and therefore subject to the provisions of HIPAA from time to time. If you are using the Service, your acceptance of the Terms of Service and this notice incorporates your acceptance and consent to the Direct Dermatology Professionals Privacy Notice and Consent included on the Site. This notice describes how your physician or other Health care provider uses and discloses your protected health information (“PHI”). DD has agreed that its collection, use and disclosure of your PHI on behalf of your Health care provider will be done consistent with the Direct Dermatology Professionals Privacy Notice except to the extent you have expressly authorized additional uses and disclosures.

Cookies and Web Beacons

Please note that we may use “cookies”—a small data file that we transfer to your computer’s hard drive—to collect certain information about you and your use of our Service, such as IP addresses (the Internet access of a computer), domain names, and the type of computer, smart phone device, and operating system being used. We may also use cookies to identify your computer or smart phone device when you revisit our Service to, for example, recall your authentication information or to track statistical information related to navigation throughout the Site, as applicable. We may use both “session” cookies and “persistent” cookies in order to better operate the Service to enhance your experience while using the Service. A session cookie enables certain features of the Service and is deleted from your computer or smart phone device, as applicable, when you disconnect from or leave the Site. If a portion of the Service requires a password, you are giving us explicit permission to use a persistent cookie, which is a small data file that is generated when, as a registered user of the Service, you enter your assigned user ID and password to access the password-protected area of the Service. This file is stored on your computer or smart phone device. You may adjust your browser to refuse to accept cookies, remove cookies or notify you when a cookie is set by editing your web browser preferences or options. (Each browser is different, so check the “Help” menu on your browser to learn how to change your cookie preferences.) You do not have to accept all cookies sent to you by the Service; however, depending on the particular cookie you reject, you may not be able to use some features of the Service or some features may not function properly.

Please note that linked third-party websites may also use cookies. We cannot control the use of cookies by these third-party websites. For example, when you link from the Service to a third-party website, that website may have the ability to recognize that you have come from our Service by using cookies. If you have any questions about how third-party websites use cookies, you should contact such third parties directly.

We may also employ software technology known as “web beacons” or “clear GIFs,” which helps us keep track of what content on our Service is effective. Web beacons are small graphics with a unique identifier that are used to track the online movements of Internet users. Web beacons are embedded in the web pages you review, so they are not stored on your hard drive. The web beacons we may use will not track or collect any personally identifiable information about you and they are in no way linked to your personally identifiable information.

Security of Information and Disclosures

DD uses industry standard security measures to safeguard information concerning, and submitted by, users like you. Despite the security measures employed by DD, you should be aware that it is impossible to guarantee absolute security with respect to information sent through the Internet or as part of a mobile application.

DD will, to the extent possible, control your personally identifiable information, and, except as otherwise set forth in this Privacy Policy, we will not disclose your personally identifiable information to third parties. Although we are committed to maintaining the confidentiality of your personally identifiable information, if required by law, we reserve the right to disclose such information without first obtaining your consent.

We strive to use reasonable physical, technical and administrative measures to protect information under our control. However, you must keep your password secure and your account confidential, and you are responsible for any and all use of your account. If you have reason to believe that the security of your account has been compromised, please notify us immediately in accordance with the “Contacting Us” section below.

When using our Service, you may choose not to provide us with certain information, but this may limit the features you are able to use. You may also choose to opt out of receiving certain communications (e.g., newsletters, promotions) by emailing us your preference. Please note that even if you opt out, we may still send you service-related communications.

If you reside in California and have provided your personally identifiable information to us, you may request information once per calendar year about our disclosures of certain categories of your personally identifiable information to third parties for their direct marketing purposes. Such requests must be submitted in writing using the email address in the “Contacting Us” section below.

Contacting Us

If you have any questions about this Privacy Policy, please contact us by email or by regular mail at:

Direct Dermatology, Inc.
530 Lytton Avenue, 2nd Floor
Palo Alto, CA 94301

Last Revised: December 14, 2015