Effective Date: 9/15/2016
EU-U.S. Privacy Shield
MMIS is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. MMIS complies with the Privacy Shield Principles for all onward transfers of personal information from the EU, including the onward transfer liability provisions.
With respect to personal information received or transferred pursuant to the Privacy Shield Framework, MMIS is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, MMIS may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, MMIS, Inc. commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield Policy should first contact MMIS, Inc. at:
MMIS, Inc. has further committed to refer unresolved Privacy Shield complaints to the International Centre for Dispute Resolution (ICDR/AAA), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgement of your complaint from US, or if we have not addressed your complaint to your satisfaction, please contact or visit the International Centre for Dispute Resolution (https://www.icdr.org) for more information or to file a complaint. The services of the International Centre for Dispute Resolution are provided at no cost to you.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
MMIS complies with the U.S. – Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data from Switzerland. MMIS has certified that it adheres to the U.S. – Swiss Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the U.S. – Swiss Safe Harbor program, and to view MMIS’ certification, please visit: https://safeharbor.export.gov/swisslist.aspx.
Personal Information We Collect From You
You can visit a MediSpend Site without telling us who you are and without revealing any personal information about yourself. There are times, however, when we may need certain personal information from you.
You may choose to provide us with personal information (such as your name, email address, phone number, and company name) through a MediSpend Site when you elect to register with MediSpend in order to access our products or services. When you provide personal information in order to register with MediSpend, such personal information will be used in order to provide you with access to the requested products, services content and/or information. We may also use the personal information to help us understand who is using our products and services and to help us manage business development activities. MMIS may also use personal information for marketing purposes. For example, MMIS may use information you provide to contact you to further discuss your interest in our products or services and to send you information regarding MediSpend, MMIS, and its partners, such as information about promotions or events. If you tell us that you do not want us to use this personal information as a basis for further contact with you, we will respect your wishes. Please contact us at email@example.com.
Information Related to Data Collected for our Clients
In the case of individuals using the MediSpend Compliance Solution, MMIS collects information under the direction of Our business clients (“Clients”) acting on your behalf and has no direct relationship with the individuals whose personal information it processes. MMIS works with its Clients to help them provide notice to their customers and end users concerning the purposes for which personal information is collected. The use of personal information collected through the MediSpend Compliance Solution shall be limited to the purpose of providing the products or service for which you have engaged MMIS.
If you are a customer or other third party that interacts with one of our Clients using the MediSpend Compliance Solution and would no longer like to have your personal information used by MMIS or the Client, please contact that Client directly. If you seek access to personal information, or seek to correct, amend, or delete inaccurate personal information or other data, collected by MMIS under the direction of our Clients, please direct your query to the Client (e.g. the entity who is the data controller). If the Client requests MMIS to remove the personal information or other data, We will respond to the Client request within 30 days.
Service Providers and Onward Transfer
MMIS and our online marketing partners (including certain advertising and sales generation service providers) use technologies such as cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis.
As is true of most websites, We gather certain information automatically and store it in log files. This information may include Internet protocol (“IP”) addresses, browser type, internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, and/or clickstream data.
We may combine this passively collected log information with other information We collect about you. We do this to improve services We offer you (including the product experience), and to improve marketing, analytics, and site functionality.
When you visit a MediSpend Site, MMIS collects your IP addresses to track and aggregate non-personal information. For example, MMIS uses IP addresses to monitor the regions from which customers and visitors navigate to a MediSpend Site. MMIS also collects IP addresses from customers when they log into the MediSpend Compliance Solution as part of MediSpend’s security features.
Links to Other Web Sites
A MediSpend Site may contain links to other web sites. MMIS is not responsible for the privacy practices or the content of such third party web sites. The links from a MediSpend Site do not imply that MMIS endorses or has reviewed the third party web sites. We suggest contacting the operators of those web sites directly for information regarding their privacy policies.
MediSpend Compliance Solution Registration
If you choose to invite others within your organization to register for access to a MediSpend Compliance Solution or a MediSpend Site, We will ask you for the other user’s name and email address. We will automatically send him/her a one-time email inviting him/her to visit a MediSpend Site. MMIS stores this information for the sole purpose of sending this one-time email and tracking the success of our referral program. Invited users may contact us at privacy@MediSpend.com to request that We remove this contact information from our database.
Adding a Participant to Register to a Training
If you choose to add a participant to register to a training session, We will ask you for that person’s name, email, company name and job title. We will automatically send him/her a one-time email inviting him/her to register. MMIS stores this information for the sole purpose of sending this one-time email and tracking success of the registration. Invited users may contact us at firstname.lastname@example.org to request that We remove this contact information from our database.
Blogs/Forums/Chat Rooms/Bulletin Boards
If you use a blog, forum, chat room or bulletin board on a MediSpend Site (“Forum(s)”), you should be aware that any personal information you submit in a Forum can be read, collected, or used by other users of such Forums, and could be used to send you unsolicited messages. We are not responsible for the personal information you choose to submit in a Forum. To request removal of your personal information from our Forums, contact us at email@example.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
MMIS may post customer testimonials on a MediSpend Site, which may contain personal information. We obtain our customers’ consent prior to posting their testimonials. If you wish to update or delete your testimonial, contact us at firstname.lastname@example.org.
Our Disclosure of Your Personal Information and Other Information
MMIS is not in the business of selling your personal information. We consider this information to be a vital part of Our relationship with you. There are, however, certain circumstances in which We may share your personal information with certain third parties, as set forth below:
- Related Companies: We may share your information with affiliated business partners, for instance, for the purpose of enhancing Our products and services or so that they can market their products or services to you. If you do not want Us to share your personal information with these companies, contact us at email@example.com.
- Agents, Consultants and Related Third Parties: MMIS, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include mailing information, maintaining databases and processing payments. When We employ another company to perform a function of this nature, We only provide it with the information that it needs to perform its specific function.
- Legal Notice: In certain situations, MMIS may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when We believe in good faith that disclosure is necessary to protect Our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. If MMIS is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or by way a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information. We may also disclose your personal information to any other third party with your prior consent.
From time to time, MMIS may partner with other companies to jointly offer products or services. If you purchase or specifically express interest in a jointly offered product or service from us, MMIS may share certain information collected in connection with your purchase or expression of interest with our joint promotion partner(s). MMIS does not control our business partners’ use of the information We share with them, and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in connection with any joint offerings, you may opt not to purchase or specifically express interest in a jointly offered product or service.
International Transfer of Information Collected
MMIS Clients and its end users may electronically submit data or information to the MediSpend Compliance Solution for hosting and processing purposes (“Customer Data”). MMIS will not review, share, distribute, or reference any such Customer Data except as provided in the MediSpend Subscription Agreement, including related schedules and appendices, or as may be required by law. In accordance with the MediSpend Subscription Agreement, MMIS may access Customer Data only for the purpose of providing the MediSpend services, preventing or addressing service or technical problems, at a MMIS’ customer’s request in connection with customer support matters, or as may be required by law.
Personal information collected through a MediSpend Site is kept in a secure database and all reasonable precautions are taken to secure this personal information. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from a MediSpend Site may not be secure. Therefore, you should take special care in deciding what information you send to MMIS via email. Please keep this security limitation in mind when disclosing any personal information to MMIS via the Internet. The security of your personal information is important to us. When you enter sensitive information on our registration pages or order forms, We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. If you have any questions about the security of your personal information, you can contact us at firstname.lastname@example.org.
Schedule Notices and Alert Emails; Choice/Opt-out
Based on written selections you make once you initiate use of the MediSpend Compliance Solution, you may receive schedule email notices generated by the MediSpend Compliance Solution (such as dashboards, reports or key performance indicators) or related to solution operations (e.g. including maintenance announcements) and special alert email communications describing MediSpend Compliance Solution system status. If you no longer wish to receive our emails, newsletters or other communications (including scheduled solution notifications or special alert emails), you may unsubscribe at any time by using the unsubscribe link located at the bottom of such communication or by sending us an email at privacy@MediSpend.com.
Changes to Our Policy
Correcting, Updating and Accessing Your Personal Information
California Privacy Rights
If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by MMIS to its affiliates and/or third parties for their direct marketing purposes. To make such a request, please send an email with your first name, last name, mailing address, email address, and telephone number to MMIS at the address below. Please include “California Privacy Rights” in the subject line of your email.
100 International Drive, Suite 350, Portsmouth, NH USA; email: privacy@MediSpend.com