1. Scope and Purpose
This Privacy Policy “”describes how FORMDR and STOIC TECHNOLOGY CORPORATION (collectively, “FORMDR,” “we,” “us,” and/or “our”), and its subsidiaries and affiliated companies, may collect, use, and share information about Users that we obtain through www.formdr.com (the “Website”). A “User” includes any person who uses the FormDr Services, as described in our Terms of Service (the “Services”), whether as a registered user of the Services for business purposes or a reseller of FormDr services (collectively, a “Commercial User”) or an existing or potential customer, client, patient, or other end user who uses the Services to submit personal, health, contact, or other information to a Commercial User (collectively, a “Non-Member End User”). This Policy does not apply to other websites that we operate, to information that we obtain outside of the Website, or websites of third parties to which we provide links. We do not control and are not responsible for the privacy practices of, or the data available on, the websites of third parties, and we urge you to evaluate the soundness of these practices for yourself.
2. What Does FormDr Do?
FormDr is a provider of network-enabled services for medical customers nationwide, headquartered in the United States. For more information about FormDr please see the “About” section of the Website at www.formdr.com.
3. What Information Do We Collect?
- 3.1. Data Controllers. Our Privacy Policy applies to any User who accesses the Website or otherwise uses the Services. The personal information provided to or gathered by FormDr is controlled by FormDr. If you have any concern about providing information to us or having such information displayed on the FormDr Services or otherwise used in any manner permitted in the Privacy Policy and the Terms of Service, you should not become a User of FormDr, visit our Website, or otherwise use our Services. We collect the personal information of Users in the following ways:
- 3.2. Pre-Registration. If you are interested in learning more about FormDr and the Services and products we offer, we may ask for personal information, such as your name, practice name and size, email address, telephone number, and city/state.
- 3.3. Registration. When a Commercial User creates an account with us, you provide us with information (including names, email addresses, and other personally-identifiable information of Commercial User employees, company information, and passwords) that we use to offer you a personalized, relevant experience on the FormDr Services, including the creation of intake forms for your Non-Member End Users. You understand that, by creating an account as a Commercial User, FormDr will be able to identify you by your account information, and you allow FormDr to use this information in accordance with this Privacy Policy. We may also ask you for credit card details or other payment information if you purchase any services that we offer for a fee.
- 3.4. Account Information. As a Commercial User, you can add additional details about your company and employees to your account. We use this information to improve both your experience and the experience of your Non-Member End Users. With your approval, we may also connect third-party services to your account. Providing such additional information enables you and your Non-Member End Users to derive more benefit from FormDr.
- 3.5. Customer Service. When you contact our customer support services, we collect information that helps us categorize your question, respond to it, and, if applicable, investigate any breach of our Terms of Service or this Privacy Policy. We also use this information to track potential problems and trends and customize our support responses to better serve you.
- 3.6. Using the FormDr Website and Services. We collect information when you use the FormDr mobile applications (for example, FormDr for iPhone or Android), FormDr platform technology or other Services. If you are logged in on www.formdr.com or another Service or a FormDr cookie on your device identifies you, your usage information and the log data described in Section 3.8 of this Privacy Policy, such as your IP address, will be associated with your account. Even if you are not logged into a Service, we log information about devices used to access our Services, including IP addresses.
- 3.7. Cookies. We may use cookies and similar technologies, including mobile application identifiers, to help us recognize you across different Services, improve your FormDr experience, increase security, and measure use and effectiveness of our Services. You can control cookies through your browser settings and other tools. By visiting FormDr, you consent to the placement of cookies and beacons in your browser and HTML-based emails in accordance with this Privacy Policy.
- 3.8. Log Files, IP Addresses, and Information About Your Computer and Mobile Device. When you visit or leave FormDr sites or apps by clicking a hyperlink or when you view a plugin on a third-party site, we automatically receive the URL of the site from which you came or the one to which you are directed. We also receive the internet protocol (“IP”) address of your computer or the proxy server that you use to access the web, your computer operating system details, your type of web browser, your mobile device (including your mobile device identifier provided by your mobile device operating system), your mobile operating system (if you are accessing FormDr using a mobile device), and the name of your ISP or your mobile carrier. We may also receive location data passed to us from third-party services or GPS-enabled devices that you have set up. Most mobile devices allow you to prevent real time location data being sent to FormDr, and of course FormDr will honor your settings.
4. How Do We Use Your Information?
We use information collected through tracking technologies, such as cookies and web beacons, to improve the functionality of the Website. For example:
- We track the number of visitors using certain portions or features of the Website to make changes that may be necessary to improve the Website’s functionality;
- We track the popularity of features on the Website to guide the development of new ones;
- We identify the types of devices our visitors use so that we can improve and optimize our systems; and
- We assess the ways in which users become aware of or access the Website in order to gauge the quality and methods of our advertising.
- We do not use personal information to make automated decisions.
- By continuing to use our Website, including by remaining on the landing page, you consent to the use of cookies.
If you choose to provide FormDr with Personally identifiable information (“PII”), we will use that information for purposes explained at the time of collection; as described in this Privacy Policy and our Terms of Service; and for our business purposes. For example:
- If you provide us with your email address, we may use it for our own marketing, promotional, and informational purposes, including solicitations, invitations, newsletters, awareness campaigns, and announcements. We also may share it with partners and affiliates for their marketing purposes. We will not share your email address with unaffiliated third parties.
- We will not retain your information, whether obtained through tracking technologies or provided by you longer than necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. Wherever your PII may be held by FormDr or on its behalf, FormDr takes reasonable and appropriate steps to protect the PII that you share with us from unauthorized access or disclosure. FormDr trains its employees on data handling practices. In addition, FormDr and its service providers enter into agreements which require that care and precautions be taken to prevent loss, misuse, or disclosure of your PII.
- We may employ third party companies and individuals to facilitate our Services (e.g. maintenance, analysis, audit, marketing, and development). These third parties have limited access to your PII only to perform these tasks on our behalf and are obligated to FormDr not to disclose or use it for other purposes. A list of our service providers can be viewed in our Terms of Service.
5. Sharing Your Information
We engage certain service providers, identified below, to track and associate internet search and browsing behavior with our advertisements and to provide functionality on the Website. These third-party service providers are limited to using information only as instructed to provide contracted services to us. We have configured the third-party technologies we use: Google Ads, HotJar, Calendly, and Facebook Pixels to use tracking technologies, such as cookies and web beacons, and other storage technologies to collect or receive information from your websites and elsewhere on the internet and use that information to provide measurement services, analytics and target ads. More specifically, these companies may use non-personally identifiable information about your visits to other websites, together with non-personally identifiable information about your purchases and interests from other online and offline sources, to provide ads about goods and services of interest to you. In addition, we may share Website usage information with these service providers to manage our content, administer target ads and for market research purposes. Finally, information obtained through these processes may be combined with Personally Identifiable Information in order to analyze our marketing efforts. We will only share PII with third party vendors, consultants, agents, partners, and other service providers with whom we contract to help us provide or improve our services. Please note that FormDr will only share your information in accordance with this Policy, except in the following situations:
- You have given us your consent to share or use information about you;
- We believe that we need to share information about you to provide a service that you have requested from us or from others;
- We are required by law to disclose information; or
- We believe that it is necessary to protect our rights or to avoid liability or violations of the law;
- To an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your Personal Information only for the purposes disclosed in this Policy; or
- To any other person with your consent to the disclosure.
6. Your Choices and Obligations
- 6.1. Rights to Access, Correct, or Delete Your Information, and Closing Your Account. You have a right to (1) access, modify, correct, or delete your personal information controlled by FormDr, (2) change or remove your content, (3) export your data, and (4) close your account. You can also contact our support team for any account information which is not on your profile or readily accessible to you. If you are a Commercial User and close your account(s) by canceling your subscription, your information will be retained for a limited time so you may resume your subscription at a later date. If you close your account(s) by opting to delete your account or otherwise request removal of your PII, your information will be made available for you to export and download for a period of seven (7) days following your request and then permanently will be removed from the Services within thirty (30) days of your request. FormDr only uses your personal data for the reason given at the time of collection and is securely deleted after it is no longer needed.
- 6.2. Data Retention. We retain the personal information you provide while your account is in existence or as needed to provide you the Services. FormDr may retain your personal information even after you have closed your account if retention is reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes between Users, prevent fraud and abuse, or enforce this Privacy Policy and our Terms of Service. We may retain personal information, for a limited period of time, if requested by law enforcement. FormDr may retain user usage information of our Services for up to 5 years after it was created to provide support-related reporting and trend analysis in order to understand and improve our Services. However, we delete closed account data consistent with Section 6.1. We may store data of Users from third party sources under the condition that it is permitted by the Users and the holder of such information. FormDr Services will ask for the User’s consent before storing such data.
7. General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a new European privacy regulation which replaces the EU Data Protection Directive called Directive 95/46/EC. The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law. FormDr is committed to always operating in the best interests of our customers and this includes compliance with GDPR.
7.1. GDPR Key Principles. Several major principles underpin many of the requirements found in the GDPR in regards to controlling and processing personal data:
- Fairness and Transparency. Organizations must always process personal data lawfully, fairly, and in a transparent manner.
- Purpose Limitation. Organizations can collect personal data only for specified, explicit, and legitimate purposes. They cannot further process personal data in a manner that’s incompatible with those purposes.
- Data Minimization. Organizations can collect only personal data that is adequate, relevant, and limited to what is necessary for the intended purpose.
- Accuracy. Personal data must be accurate and, where necessary, kept up to date.
- Data Deletion. Personal data must be kept only for as long as it is needed to fulfill the original purpose of collection.
- Security. Organizations must use appropriate technical and organizational security measures to protect personal data against unauthorized processing and accidental disclosure, access, loss, destruction, or alteration.
- Accountability. A data controller is responsible for implementing measures to ensure that the personal data it controls is handled in compliance with the principles of the GDPR.
7.2. Data Controller vs. Data Processor. In order to fully understand who is responsible for which personal data, you need to understand the difference between the data processor and the data controller.
- Data Processor. Data processors process personal data on behalf of a data controller.
- Data Controller. Data controllers decide the “purposes” and “means” of any processing of personal data.
- FormDr as a Data Processor. If you are a Commercial User, then the information that you store in FormDr and/or information about your own customers, clients, patients, etc. (collectively, the “customers”), whether stored in the Services direct by you or by your customers at your request) are your data subjects, and you are considered the data controller for this personal data. Using the FormDr Services to manage your customers means that you have engaged FormDr as a data processor to carry out certain processing activities on your behalf. According to Article 28 of the GDPR, the relationship between the controller and the processor needs to be made in writing (electronic form is acceptable under subsection (9) of the same Article). This is where our Terms of Service and Privacy Policy are relevant. These two documents also serve as your data processing contract, setting out the instructions that you are giving to FormDr with regard to processing the personal data you control and establishing the rights and responsibilities of both parties. FormDr will only process your client data based on your instructions as the data controller.
- FormDr as a Data Controller. Additionally, FormDr acts as the data controller for the personal data we collect about you, the user of FormDr Services, including the Website and our mobile applications. We process your personal data necessary for us to perform our contract with you (GDPR Article 6(1)(b)). We process your personal data to meet our obligations under the law (GDPR Article 6(1)(c)). This primarily involves financial data and information that we need to meet our accountability obligations under the GDPR. We process your personal data for our legitimate interests in line with GDPR Article 6(1)(f).
7.3. Individual Rights. The GDPR grants you a number of rights regarding how FormDr handles your personal data:
- Data Access. You have the right to confirm with FormDr whether FormDr is processing your personal data.
- Right to Object. You can, in certain cases, object at any time to the processing of your personal data, in particular if the processing is for direct marketing purposes.
- Data Recertification. You can send us a request to correct or complete personal data if the data is inaccurate or incomplete.
- Restriction of Processing. You can request FormDr to stop access to and modification of your personal data.
- Data Portability. FormDr provides functionality in the web app to export your data for your users, accounts, and activity in CSV format so that you can transmit your own personal data to another company. In certain cases, you have the right to ask FormDr to provide additional personal data, also in a structured, commonly used, and machine-readable format such as a CSV file.
- Right to Erasure. This is also known as “the right to be forgotten.” This right empowers you to request that FormDr delete or remove your personal data in situations such as when the data is no longer needed for the original purpose, when the data subject withdraws consent, or when the data subject objects to the processing and the controller has no overriding legitimate interest in the processing. FormDr provides you this functionality in the settings section of the FormDr Website.
- Contact. If you have any questions or feedback, or need to reach our Data Protection Officer, please reach out to our support team by email at support@formdr.com.
8. California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA) is a U.S. law enacted in the State of California effective beginning January 1, 2020. In general, the CCPA expands the privacy rights of California citizens and requires certain companies to comply with a range of data protection requirements including:
- The consumer’s right to receive a copy of the specific personal information collected about them during the 12 months prior to their request;
- The consumer’s right to know a business’s data collection practices, including the categories of personal information it has collected, the source of the information, the business’s use of the information, and to whom the business disclosed the information it has collected about the consumer;
- The consumer’s right to have such personal information deleted (with exceptions);
- The consumer’s right to know the business’ data sale practices and to request that their personal information not be sold to third parties;
- A prohibition on businesses on discrimination for exercising a consumer right; and
- An obligation on businesses to notify a consumer of their rights.
FormDr customers that produce and store personal information (e.g., Commercial Users) are considered “Businesses” under the CCPA. Businesses have the predominant responsibility for ensuring that their personal data processing is compliant with relevant data protection law, including the CCPA. FormDr is considered a “Service Provider” under the CCPA and shall collect, access, maintain, use, process, and transfer customer personal information and their end-users solely for the purpose of performing our obligations under FormDr’s existing agreement(s); and, for no commercial purpose other than the execution of such obligations and development of FormDr’s Services. FormDr is committed to always operating in the best interests of our customers and this also includes compliance with the CCPA. As such, FormDr addresses data protection requirements throughout this Privacy Policy, our Terms of Service, and the data portability and deletion features in the FormDr Services. FormDr does not sell customer personal information, meaning that we also do not rent, disclose, release, transfer, make available or otherwise communicate that personal information to a third party for monetary or other valuable consideration.
9. Updates to This Privacy Policy
We reserve the right to make periodic updates and revisions to the Policy. Any changes will be posted on this page. Please check this page to review whether any changes have been made to the Policy.
10. What Else Do You Need to Know?
This Website is not intended for minors under the “Minimum Age,” as described in our Terms of Service, and FormDr does not wish to obtain any information from or about such minors through this Website. If you are under the Minimum Age, do not use this Website. Our Website includes social media features, including “sharing” functions on Facebook and Twitter. Your interactions with these features are governed by the privacy policies of the companies providing these features, and we do not control and are not responsible for the privacy practices of, or the data available on, the websites of third parties.
11. Key Terms
- 11.1. Tracking Technologies: Tracking technologies include technologies such as “cookies” and “web beacons,” which are used to analyze trends, administer the Website, and help us provide you with a more personalized experience and improve our services. Cookies are small amounts of text files that are sent from a website to your computer’s browser when you visit the site. These cookies are then stored in files within your computer’s browser. Websites can access only the cookies that they have stored on your computer. For every future time you access a website, your browser sends the cookie back to the server, which notifies the website of the user’s previous activities on the website. Thus, cookies serve several useful purposes, like letting you navigate between pages more efficiently, saving your preferences, and enhancing your user experience with the website. Web beacons (also called transparent GIFs, web bugs, pixels, or action tags) are strings of code that deliver a tiny graphic image on a web page or in an email which is used to monitor the behavior of the user visiting the website or sending the email. Web beacons can recognize certain types of information on your computer such as cookies, the time and date a page is viewed, and a description of the page on which the web beacon is placed. In general, any file served as part of a web page can act as a web beacon.
- 11.2. Internet Protocol (IP) Address: A numerical label separated by periods that identifies every device (e.g., computer, printer) that participates in a network. IP addresses allow these devices to communicate with one another and transmit relevant information.
- 11.3. Personally Identifiable Information (PII): For purposes of this Policy, PII includes: first and last name; physical mailing address including street name and city/town; email; and telephone number.
12. Contact
If you have any questions or comments about this Privacy Policy, please contact us via email at: support@formdr.com.