1. Scope and Purpose
2. What Does FormDr Do?
FormDr is a provider of network-enabled services for medical customers nationwide, headquartered in the United States. For more information about FormDr please see the “About” section of the Website at www.formdr.com.
3. What Information Do We Collect?
- 3.2. Pre-Registration. If you are interested in learning more about FormDr and the Services and products we offer, we may ask for personal information, such as your name, practice name and size, email address, telephone number, and city/state.
- 3.4. Account Information. As a Commercial User, you can add additional details about your company and employees to your account. We use this information to improve both your experience and the experience of your Non-Member End Users. With your approval, we may also connect third-party services to your account. Providing such additional information enables you and your Non-Member End Users to derive more benefit from FormDr.
- 3.8. Log Files, IP Addresses, and Information About Your Computer and Mobile Device. When you visit or leave FormDr sites or apps by clicking a hyperlink or when you view a plugin on a third-party site, we automatically receive the URL of the site from which you came or the one to which you are directed. We also receive the internet protocol (“IP”) address of your computer or the proxy server that you use to access the web, your computer operating system details, your type of web browser, your mobile device (including your mobile device identifier provided by your mobile device operating system), your mobile operating system (if you are accessing FormDr using a mobile device), and the name of your ISP or your mobile carrier. We may also receive location data passed to us from third-party services or GPS-enabled devices that you have set up. Most mobile devices allow you to prevent real time location data being sent to FormDr, and of course FormDr will honor your settings.
4. How Do We Use Your Information?
We use information collected through tracking technologies, such as cookies and web beacons, to improve the functionality of the Website. For example:
- We track the number of visitors using certain portions or features of the Website to make changes that may be necessary to improve the Website’s functionality;
- We track the popularity of features on the Website to guide the development of new ones;
- We identify the types of devices our visitors use so that we can improve and optimize our systems; and
- We assess the ways in which users become aware of or access the Website in order to gauge the quality and methods of our advertising.
- We do not use personal information to make automated decisions.
- If you provide us with your email address, we may use it for our own marketing, promotional, and informational purposes, including solicitations, invitations, newsletters, awareness campaigns, and announcements. We also may share it with partners and affiliates for their marketing purposes. We will not share your email address with unaffiliated third parties.
- We will not retain your information, whether obtained through tracking technologies or provided by you longer than necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. Wherever your PII may be held by FormDr or on its behalf, FormDr takes reasonable and appropriate steps to protect the PII that you share with us from unauthorized access or disclosure. FormDr trains its employees on data handling practices. In addition, FormDr and its service providers enter into agreements which require that care and precautions be taken to prevent loss, misuse, or disclosure of your PII.
- We may employ third party companies and individuals to facilitate our Services (e.g. maintenance, analysis, audit, marketing, and development). These third parties have limited access to your PII only to perform these tasks on our behalf and are obligated to FormDr not to disclose or use it for other purposes. A list of our service providers can be viewed in our Terms of Service.
5. Sharing Your Information
We engage certain service providers, identified below, to track and associate internet search and browsing behavior with our advertisements and to provide functionality on the Website. These third-party service providers are limited to using information only as instructed to provide contracted services to us. We have configured the third-party technologies we use: Google Ads, HotJar, Calendly, and Facebook Pixels to use tracking technologies, such as cookies and web beacons, and other storage technologies to collect or receive information from your websites and elsewhere on the internet and use that information to provide measurement services, analytics and target ads. More specifically, these companies may use non-personally identifiable information about your visits to other websites, together with non-personally identifiable information about your purchases and interests from other online and offline sources, to provide ads about goods and services of interest to you. In addition, we may share Website usage information with these service providers to manage our content, administer target ads and for market research purposes. Finally, information obtained through these processes may be combined with Personally Identifiable Information in order to analyze our marketing efforts. We will only share PII with third party vendors, consultants, agents, partners, and other service providers with whom we contract to help us provide or improve our services. Please note that FormDr will only share your information in accordance with this Policy, except in the following situations:
- You have given us your consent to share or use information about you;
- We believe that we need to share information about you to provide a service that you have requested from us or from others;
- We are required by law to disclose information; or
- We believe that it is necessary to protect our rights or to avoid liability or violations of the law;
- To an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your Personal Information only for the purposes disclosed in this Policy; or
- To any other person with your consent to the disclosure.
6. Your Choices and Obligations
- 6.1. Rights to Access, Correct, or Delete Your Information, and Closing Your Account. You have a right to (1) access, modify, correct, or delete your personal information controlled by FormDr, (2) change or remove your content, (3) export your data, and (4) close your account. You can also contact our support team for any account information which is not on your profile or readily accessible to you. If you are a Commercial User and close your account(s) by canceling your subscription, your information will be retained for a limited time so you may resume your subscription at a later date. If you close your account(s) by opting to delete your account or otherwise request removal of your PII, your information will be made available for you to export and download for a period of seven (7) days following your request and then permanently will be removed from the Services within thirty (30) days of your request. FormDr only uses your personal data for the reason given at the time of collection and is securely deleted after it is no longer needed.
7. General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a new European privacy regulation which replaces the EU Data Protection Directive called Directive 95/46/EC. The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law. FormDr is committed to always operating in the best interests of our customers and this includes compliance with GDPR.
7.1. GDPR Key Principles. Several major principles underpin many of the requirements found in the GDPR in regards to controlling and processing personal data:
- Fairness and Transparency. Organizations must always process personal data lawfully, fairly, and in a transparent manner.
- Purpose Limitation. Organizations can collect personal data only for specified, explicit, and legitimate purposes. They cannot further process personal data in a manner that’s incompatible with those purposes.
- Data Minimization. Organizations can collect only personal data that is adequate, relevant, and limited to what is necessary for the intended purpose.
- Accuracy. Personal data must be accurate and, where necessary, kept up to date.
- Data Deletion. Personal data must be kept only for as long as it is needed to fulfill the original purpose of collection.
- Security. Organizations must use appropriate technical and organizational security measures to protect personal data against unauthorized processing and accidental disclosure, access, loss, destruction, or alteration.
- Accountability. A data controller is responsible for implementing measures to ensure that the personal data it controls is handled in compliance with the principles of the GDPR.
7.2. Data Controller vs. Data Processor. In order to fully understand who is responsible for which personal data, you need to understand the difference between the data processor and the data controller.
- Data Processor. Data processors process personal data on behalf of a data controller.
- Data Controller. Data controllers decide the “purposes” and “means” of any processing of personal data.
- FormDr as a Data Controller. Additionally, FormDr acts as the data controller for the personal data we collect about you, the user of FormDr Services, including the Website and our mobile applications. We process your personal data necessary for us to perform our contract with you (GDPR Article 6(1)(b)). We process your personal data to meet our obligations under the law (GDPR Article 6(1)(c)). This primarily involves financial data and information that we need to meet our accountability obligations under the GDPR. We process your personal data for our legitimate interests in line with GDPR Article 6(1)(f).
7.3. Individual Rights. The GDPR grants you a number of rights regarding how FormDr handles your personal data:
- Data Access. You have the right to confirm with FormDr whether FormDr is processing your personal data.
- Right to Object. You can, in certain cases, object at any time to the processing of your personal data, in particular if the processing is for direct marketing purposes.
- Data Recertification. You can send us a request to correct or complete personal data if the data is inaccurate or incomplete.
- Restriction of Processing. You can request FormDr to stop access to and modification of your personal data.
- Data Portability. FormDr provides functionality in the web app to export your data for your users, accounts, and activity in CSV format so that you can transmit your own personal data to another company. In certain cases, you have the right to ask FormDr to provide additional personal data, also in a structured, commonly used, and machine-readable format such as a CSV file.
- Right to Erasure. This is also known as “the right to be forgotten.” This right empowers you to request that FormDr delete or remove your personal data in situations such as when the data is no longer needed for the original purpose, when the data subject withdraws consent, or when the data subject objects to the processing and the controller has no overriding legitimate interest in the processing. FormDr provides you this functionality in the settings section of the FormDr Website.
- Contact. If you have any questions or feedback, or need to reach our Data Protection Officer, please reach out to our support team by email at firstname.lastname@example.org.
8. California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA) is a U.S. law enacted in the State of California effective beginning January 1, 2020. In general, the CCPA expands the privacy rights of California citizens and requires certain companies to comply with a range of data protection requirements including:
- The consumer’s right to receive a copy of the specific personal information collected about them during the 12 months prior to their request;
- The consumer’s right to know a business’s data collection practices, including the categories of personal information it has collected, the source of the information, the business’s use of the information, and to whom the business disclosed the information it has collected about the consumer;
- The consumer’s right to have such personal information deleted (with exceptions);
- The consumer’s right to know the business’ data sale practices and to request that their personal information not be sold to third parties;
- A prohibition on businesses on discrimination for exercising a consumer right; and
- An obligation on businesses to notify a consumer of their rights.
We reserve the right to make periodic updates and revisions to the Policy. Any changes will be posted on this page. Please check this page to review whether any changes have been made to the Policy.
10. What Else Do You Need to Know?
This Website is not intended for minors under the “Minimum Age,” as described in our Terms of Service, and FormDr does not wish to obtain any information from or about such minors through this Website. If you are under the Minimum Age, do not use this Website. Our Website includes social media features, including “sharing” functions on Facebook and Twitter. Your interactions with these features are governed by the privacy policies of the companies providing these features, and we do not control and are not responsible for the privacy practices of, or the data available on, the websites of third parties.
11. Key Terms
- 11.1. Tracking Technologies: Tracking technologies include technologies such as “cookies” and “web beacons,” which are used to analyze trends, administer the Website, and help us provide you with a more personalized experience and improve our services. Cookies are small amounts of text files that are sent from a website to your computer’s browser when you visit the site. These cookies are then stored in files within your computer’s browser. Websites can access only the cookies that they have stored on your computer. For every future time you access a website, your browser sends the cookie back to the server, which notifies the website of the user’s previous activities on the website. Thus, cookies serve several useful purposes, like letting you navigate between pages more efficiently, saving your preferences, and enhancing your user experience with the website. Web beacons (also called transparent GIFs, web bugs, pixels, or action tags) are strings of code that deliver a tiny graphic image on a web page or in an email which is used to monitor the behavior of the user visiting the website or sending the email. Web beacons can recognize certain types of information on your computer such as cookies, the time and date a page is viewed, and a description of the page on which the web beacon is placed. In general, any file served as part of a web page can act as a web beacon.
- 11.2. Internet Protocol (IP) Address: A numerical label separated by periods that identifies every device (e.g., computer, printer) that participates in a network. IP addresses allow these devices to communicate with one another and transmit relevant information.
- 11.3. Personally Identifiable Information (PII): For purposes of this Policy, PII includes: first and last name; physical mailing address including street name and city/town; email; and telephone number.