This Privacy Policy (“Policy”) will inform you about True RX Health Strategists (“True Rx,” “we,” “us,” or “our”) practices for collecting, using, maintaining, and disclosing information which identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household (“Personal Information”) when you visit any of our website located at https://truerx.com/ and its subdomains (our “Site”), use our mobile or web application (“App”) or otherwise interact with us (the Site, App, and related services, collectively, referred to as the “Services”), and certain rights you may have regarding your Personal Information and how to exercise those rights.
To the extent that information collected through the Services is subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) (e.g., identifiable patient or member information related to care or payment for care), the terms of the applicable HIPAA Notice of Privacy Practices, and not this Policy, will apply to such information. If you have questions about whether this Policy applies to the information you have submitted, please do not hesitate to contact us using the contact information listed below in Section 10.
PRIVACY LAWS AND GUIDELINES ARE PART OF A CONSTANTLY CHANGING ENVIRONMENT. WE RESERVE THE RIGHT IN OUR DISCRETION TO MODIFY OR UPDATE THIS POLICY AT ANY TIME. ALL CHANGES WILL BE EFFECTIVE IMMEDIATELY UPON POSTING TO THE SITE AND APP. MATERIAL CHANGES WILL BE POSTED ON THE SITE, THROUGH THE SERVICES, OR OTHERWISE COMMUNICATED TO YOU.
California Residents: If you are a California resident, please see the California Privacy Rights Notice below for additional rights and terms that may apply to you.
Categories of Personal Information We Collect
We may collect Personal Information about you when you use our Services. The information we collect falls into three categories: (a) information you provide to us; (b) information we collect through automated methods when you use our Services; and © information we collect from other sources (as further detailed below).
You can use some of our Services without submitting Personal Information to us. However, Personal Information is required to use certain features and functionality of our Services, for example, to contact us via email or phone (where we may retain your message’s content and our response), receive or request information from us via email, to register for a user account, and to use certain other tools and features of the Services. In such circumstances, we may be unable to provide you with such Services unless you provide your Personal Information.
Information You Provide to Us
We collect Personal Information that you provide directly to us. If you elect to provide data that personally identifies you such as your first and last name, email address, mailing address, zip code, phone number, or telephone number, we will collect, use, and share such Personal Information pursuant to this Policy and applicable law. Our collection of Personal Information from you may occur in the following ways.
Online Accounts. To register for an online account for the use of our Platform, and depending upon your relationship with True Rx (e.g., whether you are a consumer, plan sponsor, or designee) you may be required to provide your first and last name, mobile number, email address, and create a password. Depending upon the method of registration, you may also need to provide your date of birth, Member ID, and Group Number. This data is used to populate a profile within your account.
Webinars. When you register to gain access to our on-demand webinar content on our Site, we will ask for your first and last name, email address, the company you are associated with, your job title, and your position with the company.
Contacting Us; Customer Service. If you contact us via email, phone, or through our “Contact Us” form on the Site to inquire about our Services, you may be required to provide your contact information including your first and last name, your employer/health plan, job title, email address, geographical location, or zip code. . We may retain your message’s content and our response, including through audio recordings when you call us.
Job Applications. If you submit a job application through the Site, you may need to register for an account by providing your first and last name, email address, primary phone number and creating a password. We will collect your resume and all other materials and information that you provide in the course of submitting that application, including your citizenship status, employment status, whether you are over the age of 18, and information you opt to provide related to your education and prior employment. If you send us your job application materials, we will only use and share those job application materials to evaluate your qualifications to work with True Rx.
Communications
If we receive your contact information through the Site, including when you request to receive information about our services, we may use this information to send you information about other programs that we think may be of interest to you, as well as promotional and marketing communications. To opt-out of marketing emails by using the unsubscribe link in the email or by contacting us at hello@truerx.com with “Unsubscribe” in the subject line or by using the “Unsubscribe” link within any promotional message from us. Opting out of marketing communications does not opt you out of other non-marketing communications such as communications relating to the Services. We will not use health information subject to HIPAA for marketing purposes without your prior authorization.
Feedback. When you provide comments or feedback about our Services (“Feedback”), we will not treat that Feedback as confidential, and we may use that Feedback for any purpose in our sole discretion so long as it does not personally identify you. Feedback will be used without attribution or compensation to you.
Business Contracts with Us. When a business contracts directly with us, we may collect business contact information of those involved with the transaction and additional information such as Personal Information regarding health plan beneficiaries. The processing of any information in such a business context is governed by the contracts between that business and True Rx.
Information We Collect Automatically
We may use automated technologies to collect Personal Information from your computer system or mobile device when you use our Services. This may include the following:
Cookies & Other Tracking Technologies. We may use cookies, web beacons, pixel tags, social widgets, UTM codes and other tracking technologies (collectively “Tracking Technologies”) on our Site and in our email and other electronic communications with you. Most browsers automatically accept Tracking Technologies. You may be able to disable Tracking Technologies by changing your browser settings, depending on your browser, but disabling Tracking Technologies may impact your use and enjoyment of the Site. Not all features or functions of the Site may work properly if you disable Tracking Technologies. You cannot disable all Tracking Technologies, such as those that are essential to the functioning of the Site.
The Tracking Technologies on our Site may collect information such as:
IP addresses assigned to the computers and other devices you use
Domain server
Type of device
Browser type, language and resolution
Internet service provider
Operating system
Access date and time
Clickstream data and mouse movement
Information From Third-Party Sources.
We may obtain Personal Information about individuals from third party administrators and we may combine that with Personal Information or other data we collect from you directly through your account in the App.
Social Media. We are active on social media, including Facebook, Instagram, X (formerly Twitter), LinkedIn, and other similar platforms (“Social Media”). Anything you post on Social Media will not be treated confidentially. We may post (or re-post) on the Site and our Social Media pages any comments or content that you post or otherwise disclose on Social Media pages.
Video Content. The Site contains videos and embedded content that may be hosted by Vimeo and other parties, including visible content and/or feeds scripts embedded in the Site’s code. Vimeo and such other parties may collect data about how you interact with such content. If you are signed into your Vimeo account when you visit our Site and view the embedded videos, Vimeo may associate information collected when you view such videos with your Vimeo account. By watching the videos and interacting with such content, you agree to the collection and use of such data. Please see Vimeo’s privacy policy to learn about how Vimeo collects, uses, and shares Personal Information.
How and Why We Collect Personal Information
In addition to the uses described elsewhere in this Policy, we may collect, use and disclose any of the Personal Information described in Section 1 above for the following purposes:
As Stated or Agreed to at the Point of Collection. We may use Personal Information for the purposes stated or agreed-to (or as is obvious) at the point of collection. For example, we use Personal Information to respond to your questions, comments, or complaints, to send you information about your programs and services, and to enroll you in the True Rx Advantage Discount Card Program. We may also use Personal Information as requested or consented to by you.
Administration
We use Personal Information for administrative purposes, such as providing customer support, facilitating transactions, managing accounting records, complying with internal audit requirements, obtaining and maintaining insurance coverage, managing risks, obtaining professional advice, understanding the Services’ demographics and user preferences, for evaluating applications, and managing profiles.
Services Management
We use Personal Information for Site and App management, such as troubleshooting problems, improving the content and functionality of the Site and App, statistical and other analyses of the Site and App, and customizing the Site and App for you and our other users.
Communications and Advertising
We may use Personal Information to send you promotions, notify you of new products or programs, to notify you of new features of our Services, to notify you of changes to our Terms or this Policy, and for other similar communications.
Security and Protection of Rights
We may use Personal Information to protect our legal rights or interests, or those of third parties, including to bring a legal action against you or anyone who may be causing harm to us, our Site, the App, or to other users of the Site or the App. We may also use Personal Information to seek business, financial, or legal advice, and to respond to other legal requests.
To Receive Feedback and Improve User Experience
We may collect Feedback from you through surveys and other formats. We may use all such information that we collect to improve user experience, our products, and our Services.
How We Use Data Collected by Tracking Technologies
We use Tracking Technologies to: (i) make our Site function properly; (ii) provide personalized experiences; (iii) tailor our interactions with you; (iv) help with our marketing efforts; (v) provide us with valuable data and statistics about the usage and effectiveness of our Site (including conversion tracking) and to help us improve our Site; (vi) help us improve our Services; and (v) to provide targeted advertising, including abandoned cart and abandoned browse emails.
Our use of Tracking Technologies helps us to improve our Site and to deliver a better and more personalized service, including by enabling us to:
Estimate our audience size and usage patterns.
Store information about your preferences, allowing us to customize our Site according to your individual interests.
Speed up your searches.
Recognize you when you return to our Website.
Enable and support our security features and to help us detect malicious activity.
Google Analytics. We use Google Analytics to collect and process information about your use of the Services. Google sets Tracking Technologies on your device that will automatically send data to Google. Google uses this data to provide us with reports that we use to improve the Services’ and App’s structure and content and to learn more about our user base. This information may be stored on Google’s servers. Google may then use this information to provide us with reports about traffic to our Services and your visit to our Services (such as the domain from which you access the internet, the web address of the website from which you linked to our Services, the time and date of your visit to the web pages that you view and click-through). We will use this data to improve our Services structure and content.
reCAPTCHA. We may use and implement reCAPTCHA, a Google tool to help fight spam and misuse on our Site. As a result, certain personal information may be disclosed to Google for this purpose.
To learn more about how Google uses data, visit Google’s Privacy Policy and Google’s page on “How Google uses data when you use our partners’ sites or apps.” You may download the Google Analytics Opt-out Browser Add-on for each web browser you use, but this does not prevent the use of other analytics tools. To learn more about Google Analytics cookies, visit Google’s “Google Analytics Cookie Usage on Websites” page.
How We May Disclose Personal Information
We do not sell, rent or lease Personal Information to any third party, or share your Personal Information with third parties for advertising purposes. In addition to any disclosures described elsewhere in this Policy, we may disclose any of the Personal Information described in Section 1 above to the following categories of third parties:
Employees. We may disclose or allow access to Personal Information to our employees who have a need to know the information for our business purposes.
Service Providers and Vendors. We may disclose Personal Information to our vendors, consultants, agents, partners, and representatives that provide Site, App, or Services to us. These vendors may include but are not limited to our marketing and ad agencies, information technology vendors (e.g., cloud computing providers, data storage and warehouse providers, and information security providers), and customer service call vendors. Any disclosure of information subject to HIPAA to our vendors or service providers will be in accordance with HIPAA.
Government Officials and Law Enforcement. We may cooperate with law enforcement and other governmental agencies and may disclose Personal Information: (i) if we believe in good faith that we are legally required to disclose that Personal Information, or (ii) if we are advised to disclose Personal Information by our legal counsel.
Professional Advisors. We may disclose Personal Information to certain professional advisors, such as our attorneys, accountants, financial advisors, and business advisors, in their capacity as advisors to us.
Legal Proceedings and Protection of Rights. We may use Personal Information and disclose it to third parties if we believe doing so is necessary to provide you the contemplated Services or to protect our rights or the rights of others, including disclosing information necessary to identify, contact, or bring legal action in the event of a violation of our contracts, terms, or policies.
Change in Ownership. In the event True Rx is the subject of a change of control or in the event the Services changes ownership, in whole or in part, or in the event of a bankruptcy, receivership, or a similar transaction, and with respect to due diligence related to the foregoing, we may provide Personal Information to the subsequent (or prospective) owner(s).
Other. We may disclose Personal Information to third parties when explicitly requested by or consented to by you, or for the purposes for which you disclosed the Personal Information to us as indicated at the time and point of the disclosure (or as was obvious at the time and point of disclosure).
Use and Disclosure of De-Identified or Aggregated Information
De-identified information is information that cannot reasonably be associated with or linked to an individual and therefore is not Personal Information. We may collect, use, disclose, share, create, transfer, and otherwise process de-identified and aggregated information that we receive or create for any purposes in our sole discretion, in compliance with applicable laws. We will not attempt to re-identify any de-identified data that we maintain and use.
Children
The Services are not directed at children under 18 years of age. If a parent or legal guardian learns that their child provided us with Personal Information without his or her consent, please contact us and we will make commercially reasonable attempts to delete such Personal Information from our records consistent with applicable law.
Data Security
The privacy and the security of your Personal Information is very important to us. We use commercially reasonable administrative, technical, and organizational measures to help secure Personal Information against loss, misuse, and alteration appropriate to the type of Personal Information processed. Unfortunately, no measures can be guaranteed to provide complete security. Accordingly, we do not guarantee the security of Personal Information, and you are providing your Personal Information at your own risk. If a breach of your Personal Information occurs, we will notify you of the breach when required under applicable law.
Access from Outside the United States
If you access the Services from outside the United States, please be aware that Personal Information may be transferred to, stored in, and processed in the United States. Certain governmental authorities may not consider the level of protection of Personal Information in the United States to be equivalent to that required in other jurisdictions. Our online privacy practices are governed by the laws of the United States, which may differ from privacy laws in your home country. By using our Services, you understand that Personal Information will be transferred, processed, used, disclosed, and stored in the United States and other jurisdictions as set forth in this Policy.
Data Retention
We will retain your Personal Information in accordance with our record retention requirements and our internal policies, which reflect our business and legal considerations. Your Personal Information may be retained longer if required or permitted by applicable law. We take reasonable steps to delete the Personal Information we collect when: (1) we have a legal obligation to do so, (2) we no longer have a purpose for retaining the information, or (3) if you ask us to delete your Personal Information, unless we determine that doing so would violate our existing, legitimate legal, regulatory, dispute resolution, contractual, or similar obligations. We may also decide to delete your Personal Information if we believe it is incomplete, inaccurate, or that our continued storage of your Personal Information is contrary to our legal obligations or business objectives. When we delete your Personal Information, it will be removed from our active servers and databases; however, it may remain in our archives when it is not practical or possible to delete it.
Third-Party Websites
The Services may link to, or be linked from, websites not owned or controlled by us. We are not responsible for third-parties’ privacy policies or practices. This Policy does not apply to any third-party websites or to any data that you provide to third parties. This Policy does not apply to your health plan’s provision of Personal Information to us. We recommend that you read the privacy policy for each website that you visit.
Contact Us
If you have any questions, you may contact us as set forth below:
Address: 2495 E National Hwy, Washington IN, 47501
Email: legal@truerx.com
Phone: 866−921−4047
CALIFORNIA PRIVACY RIGHTS NOTICE FOR CALIFORNIA RESIDENTS
THIS SECTION PROVIDES ADDITIONAL PROVISIONS APPLICABLE ONLY TO RESIDENTS OF CALIFORNIA.
If any information in this section conflicts with the main body of this Policy above, the information in this Section controls for California residents. Capitalized terms used in this state-specific section but that are not defined in this Policy have the meanings set forth in the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 and its implementing regulations (collectively, the “CCPA”).
Collection, Sources, Purpose, Sharing and Retention of Your Personal Information
Categories of Personal Information We Collect. In the last twelve (12) months, we have collected the following categories of Personal Information:
Identifiers consisting of: real name, alias, postal address, unique personal identifier, online identifier, internet protocol address (“IP Address”), email address, or other similar identifiers.
Consumer information under Cal. Civ. Code 1798.80(e) consisting of: bank account number, credit card number, debit card number, signature, physical characteristics or description, telephone number, state identification number, health insurance number, insurance policy number, and any other financial information or medical information.
Protected Classifications consisting of: Age, citizenship, medical condition, physical or mental disability, sex (including gender), veteran or military status.
Commercial Information consisting of records of products or Services purchased, obtained, or considered.
Internet Activity consisting of: browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement.
Geolocation Data: approximate GPS geolocation, IP address, and other data from sensors on or around your device, depending in part on your device and account.
Employment Information: Professional or employment-related information.
Sensitive Personal Information: consumer’s account log-in, password, or credentials allowing access to an account; or union membership.
Categories of sources from which Personal Information is collected. The categories of sources from which Personal Information is collected is described in Section 1 (Categories of Personal Information We Collect).
Purposes for Collecting Personal Information. The purposes for collecting Personal Information are described in Section 2 (How and Why We Collect Personal Information).
Categories of Service Providers and Third Parties to Whom Personal Information is Disclosed for a Business Purpose. In the last 12 months we disclosed all of the categories of Personal Information described above under the “Categories of Personal Information We Collect” in this Section for our business purposes. The categories of third parties and/or service providers with whom we disclosed Personal Information in the last 12 months are described in Section 3 (How We May Disclose Personal Information).
Categories of Third Parties Personal Information Sold or Shared. In the last 12 months we have not Sold or Shared Personal Information of any individual for compensation or cross-contextual behavioral advertising and we currently do not Sell or Share Personal Information.
We do not have any actual knowledge of selling or sharing Personal Information of any individual under the age of 16 for monetary compensation or for cross-context behavioral advertising.
Sensitive Personal Information. We have not used or disclosed Sensitive Personal Information for any reason other than the reasons for which it was provided to us. We do not use Sensitive Personal Information to infer characteristics about individuals.
Data Retention. We determine how long to retain Personal Information, which applies to all categories of Personal Information, based on our legal obligations, how long we need to retain your Personal Information for the purposes we collected it, and our internal data retention policies.
Your California Consumer Data Rights
Subject to certain limitations such as (a) exceptions permitted by applicable law and (b) verification of your identity, if you are a California resident, you may exercise the following rights with regard to your Personal Information:
Right to Request Access. You have the right to request access to, and receive a copy of, the specific pieces of Personal Information that we have collected in the last 12 months, and to have this delivered, either (a) by mail or (b) electronically in a portable format and, to the extent technically feasible, in a readily useable format.
Right to Request to Know. You have a right to request information about the Personal Information we have collected about you, including any of the following that occurred in the last 12 months:
the categories of Personal Information we collected from you,
the categories of sources from which the Personal Information was collected,
the business or commercial purpose for collecting, Selling or Sharing your Personal Information,
the categories of third parties with whom we disclosed, Sold or Shared your Personal Information,
the specific pieces of Personal Information we collected from you, and
a list of categories of Personal Information we Sold, Shared or disclosed for a Business Purpose.
Right to Request Deletion. You have the right to request that we delete Personal Information we collected from you. We will comply with such requests, and direct our service providers to do the same, subject to certain exceptions permitted by applicable law.
Right to Opt-Out of the Sale or Sharing of Your Personal Information. You have the right to request that we do not Sell or Share any Personal Information. As noted above, we do not “Sell” or “Share” any Personal Information as defined by CCPA.
Right to Request Correction of Inaccurate Personal Information. You have the right to request that we correct inaccurate Personal Information that we maintain about you. We will make commercially reasonable efforts to make any such corrections as required by applicable law.
Right to Limit Use and Disclosure of Sensitive Personal Information. You have the right to limit our use and disclosure of your Sensitive Personal Information to only uses that are necessary to perform the Services True Rx provides to you. We do not use or disclose Sensitive Personal Information for any purpose other than the purpose for which it was collected.
Right to Non-Discrimination. You have a right to not receive discriminatory treatment for exercising any of your rights under the CCPA. Should you wish to exercise any of your rights as detailed above, we will not discriminate against you by offering you different services based solely upon your exercise of the above rights.
CALIFORNIA’S “DO-NOT-TRACK” REQUIREMENT. WE CURRENTLY DO NOT HONOR “DO NOT TRACK” REQUESTS.
How to Exercise Your California Consumer Rights.
Submitting a Request. To exercise your California rights described in this Section, you may submit your request to us by contacting us at any of the following:
Call us at 866−921−4047
Email us at legal@truerx.com
Write to us at: 2495 E National Hwy, Washington IN, 47501
Verifiable Consumer Request. In order to verify your request, you must provide sufficient information to allow us to reasonably verify you are the person about whom we collected Personal Information, and you must describe your request with sufficient detail to allow us to properly understand, evaluate, and respond to your request. This information may vary depending on the Personal Information we already have. We will only use Personal Information we collect during the verification process for the purpose of verifying your identity. If you maintain an account with us, we may use that account to respond to your request and/or verify your identity. If we are unable to verify your identity as required by applicable laws and regulations, we will decline to comply with your request, and let you know why.
Authorized Agents. You may only make a request to exercise your rights on behalf of yourself, or a parent or legal guardian may make a request on behalf of their child. You also have a right to submit requests to exercise your rights under the CCPA through an authorized agent. If an authorized agent contacts us to exercise the above rights, we will need to verify their identity as well as your identity. We will also require proof of your written authorization to the agent to be your agent and to make the specific request submitted, unless the agent is subject to a Power of Attorney under California probate laws. If the agent is a Power of Attorney under California probate laws, we may require evidence of that status.
When We Will Respond. We will confirm receipt of your request within 10 business days. We will try to respond to your request within 45 days. If we require additional time, we will inform you of the reason and extension period. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. We may charge a fee to process or respond to your request if it is excessive, repetitive, or manifestly unfounded.
Denial and Right to Appeal. We may deny your request if permitted by CCPA. If we deny your request, you will have the right to appeal within thirty (30) days of our sending the denial by responding directly to the communication denying your request or by emailing us at legal@truerx.com.