MMIS, Inc. Data Privacy Policy

Effective Date: 07/01/23

This Privacy Policy applies to www.MediSpend.com owned and operated by MMIS, Inc. (“MMIS”, “We”, “Us” or “Our”). MMIS is committed to protecting the privacy of your Personal Information.

This Privacy Policy describes how MMIS collects, uses, shares and secures the Personal Information (defined below) you provide. This Privacy Policy applies to data collected by MMIS, Inc. through the MediSpend.com website, other webpages that we operate in which we post a direct link to this Privacy Policy, and Our software services delivered via the MediSpend Global Compliance Suite (each a “MediSpend Site”). It also describes the choices available to you regarding the use of, your access to, and how to update and correct your Personal Information. By voluntarily using a MediSpend Site and/or providing data or other information by or through a MediSpend Site, you (on behalf of yourself and/or the legal entity that you represent) are indicating your consent to this Privacy Policy and agree, on behalf of yourself and/or the legal entity that you represent) to be bound by its terms.

  1. Use of the MediSpend Global Compliance Suite by Our customers
  2. Information We Collect
  3. How We use information We collect
  4. How We share information We collect
  5. International Transfer of Information
  6. How to access and control your Personal Information
  7. Children Under the Age of 13

1. Use of the MediSpend Global Compliance Suite by Our customers

Our customers use the MediSpend Global Compliance Suite and its associated services to facilitate compliance with global laws, regulations and codes of conduct. In the case of individuals using the MediSpend Global Compliance Suite, MMIS collects information under the direction of Our customers acting on their behalf and has no direct relationship with the individuals whose personal information it processes. Our customers control and are responsible for correcting, deleting or updating information they have collected from you which is stored within the MediSpend Global Compliance Suite.

MMIS works with its customers to help them provide notice to their customers and end users concerning the purposes for which personal information is collected. The use of personal information collected through the MediSpend Global Compliance Suite is limited to the purpose of providing the products or service for which Our customers have engaged MMIS. If you are a customer or business partner of one of our customers and would no longer like your personal information processed or stored within the MediSpend Global Compliance Suite, please contact the customer that you interact with directly. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by service agreements with our customers.

2. Information We Collect

Personal Information refers to any information that you voluntarily submit to us and that identifies you personally, including contact information, such as your name, e-mail address, company name, address, phone number, and other information about yourself or your business. Personal Information can also include information about yourself that is processed and stored via our software services by our customers.

Personal Information also includes navigational information where such information can directly or indirectly identify an individual. Navigational information refers to information about your computer and your visits to a MediSpend Site such as your IP address, geographical location, browser type, referral source, length of visit and pages viewed.

You can visit a MediSpend Site without telling us who you are and without revealing any Personal Information about yourself. There are times, however, when we may need certain Personal Information from you.

You may choose to provide us with Personal Information (such as your name, email address, phone number, company name) through a MediSpend Site when you elect to register with MediSpend in order to access our products or services. When you provide Personal Information in order to register with MediSpend, such Personal Information will be used in order to provide you with access to the requested products, services content and/or information. We may also use the Personal Information to help us understand who is using our products and services and to help us manage business development activities. MMIS may also use Personal Information for marketing purposes. For example, MMIS may use information you provide to contact you to further discuss your interest in our products or services and to send you information regarding MediSpend, MMIS, and its partners, such as information about promotions or events. If you tell us that you do not want us to use this Personal Information as a basis for further contact with you, we will respect your wishes. Please contact us at privacy@medispend.com.

3. How We use information We collect

We use the information We collect only in compliance with this Privacy Policy. In addition to the uses identified elsewhere in this Privacy Policy, we may use your Personal Information in the following ways.

Newsletters

If you wish to subscribe to our educational resources, We will use your name and email address to send the resource to you. Out of respect for your privacy, We provide you with a way to unsubscribe. Please see the “Choice/Opt-out” section of this Privacy Policy.

Cookies

MMIS and our online marketing partners (including certain advertising and sales generation service providers) use technologies such as cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis.

We use cookies to remember users’ settings (e.g., language preference), for authentication on the MediSpend Global Compliance Suite and to provide relevant information on our public websites. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our website, but your ability to use some features or areas of our website may be limited.

Passive Collection

As is true of most websites, We gather certain information automatically and store it in log files. This information may include Internet protocol (“IP”) addresses, browser type, internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, and/or clickstream data.

We may combine this passively collected log information with other information We collect about you. We do this to improve services We offer you (including the product experience), and to improve marketing, analytics, and site functionality.

IP Addresses

When you visit a MediSpend Site, MMIS collects your IP addresses to track and aggregate non-personal information. For example, MMIS uses IP addresses to monitor the regions from which customers and visitors navigate to a MediSpend Site. MMIS also collects IP addresses from customers when they log into the MediSpend Global Compliance Suite as part of MediSpend’s security features.

Links to Other Web Sites

A MediSpend Site may contain links to other web sites. MMIS is not responsible for the privacy practices or the content of such third-party web sites. The links from a MediSpend Site do not imply that MMIS endorses or has reviewed the third-party web sites. We suggest contacting the operators of those web sites directly for information regarding their privacy policies.

MediSpend Compliance Solution Registration

If you choose to invite others within your organization to register for access to a MediSpend Global Compliance Suite or a MediSpend Site, We will ask you for the other user’s name and email address. We will automatically send him/her a one-time email inviting him/her to visit a MediSpend Site. MMIS stores this information for the sole purpose of sending this one-time email and tracking the success of our referral program. Invited users may contact us at privacy@MediSpend.com to request that We remove this contact information from our database.

Adding a Participant to Register to a Training

If you choose to add a participant to register to a training session, We will ask you for that person’s name, email, company name and job title. We will automatically send him/her a one-time email inviting him/her to register. MMIS stores this information for the sole purpose of sending this one-time email and tracking success of the registration. Invited users may contact us at privacy@medispend.com to request that We remove this contact information from our database.

Blogs/Forums/Chat Rooms/Bulletin Boards

If you use a blog, forum, chat room or bulletin board on a MediSpend Site (“Forum(s)”), you should be aware that any Personal Information you submit in a Forum can be read, collected, or used by other users of such Forums, and could be used to send you unsolicited messages. We are not responsible for the Personal Information you choose to submit in a Forum. To request removal of your Personal Information from our Forums, contact us at privacy@medispend.com.

Customer Testimonials

MMIS may post customer testimonials on a MediSpend Site, which may contain Personal Information. We obtain our customers’ consent prior to posting their testimonials. If you wish to update or delete your testimonial, contact us at privacy@medispend.com.

Legal basis for processing Personal Information (EE visitors only)

Our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and specific context in which we collect it. However, We will normally collect Personal Information from you only where we have your consent to do so, where we will need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.

If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your Personal Information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

Security

Personal information collected through a MediSpend Site is kept in a secure database and all reasonable precautions are taken to secure this personal information. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from a MediSpend Site may not be secure. Therefore, you should take special care in deciding what information you send to MMIS via email. Please keep this security limitation in mind when disclosing any personal information to MMIS via the Internet. The security of your personal information is important to us. When you enter sensitive information on our registration pages or order forms, We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. If you have any questions about the security of your personal information, you can contact us at privacy@medispend.com.

Service Providers and Onward Transfer

MMIS may transfer personal information that we collect under the direction of our customers to companies that help us provide our service. Transfers to these third parties are covered by the provisions in this Privacy Policy and in the service agreements We have with our customers.

Customer Data

MMIS customers and its end users may electronically submit data or information to the MediSpend Global Compliance Suite for hosting and processing purposes (“Customer Data”). MMIS will not review, share, distribute, or reference any such Customer Data except as provided in the MediSpend Subscription Agreement or other relevant contractual agreements (“Contractual Documents”), including related schedules and appendices, or as may be required by law. In accordance with the MediSpend Contractual Documents, MMIS may access Customer Data only for the purpose of providing the MediSpend services, preventing or addressing service or technical problems, at a MMIS’ customer’s request in connection with customer support matters, or as may be required by law.

Schedule Notices and Alert Emails; Choice/Opt-out

Based on written selections you make once you initiate use of the MediSpend Global Compliance Suite, you may receive schedule email notices generated by the MediSpend Global Compliance Suite (such as dashboards, reports or key performance indicators) or related to solution operations (e.g., including maintenance announcements) and special alert email communications describing system updates and status. If you no longer wish to receive our emails, newsletters or other communications (including scheduled solution notifications or special alert emails), you may unsubscribe at any time by using the unsubscribe link located at the bottom of such communication or by sending us an email at privacy@MediSpend.com.

Retention of Personal Information

How long We keep information We collect about you depends on the type of information. as described in further detail below. After such time, We will either delete or anonymize your information or, if this is not possible, then We will securely store your information and isolate it from any further use until deletion is possible.

We retain Personal Information that you provide to us where We have an ongoing legitimate business need to do so (for example, as long as is required in order to contact you about the MediSpend Global Compliance Suite, or as needed to comply with our legal obligations, resolve disputes and enforce our agreements).

When We have no ongoing legitimate business need to process your Personal Information, We securely delete the information or anonymize it or, if this is not possible, then We will securely store your Personal Information and isolate it from any further processing until deletion is possible. We will delete this information from the servers at an earlier date if you so request, as described in “To Unsubscribe from Our Communications” below.

If you provide information to our customers as part of their use of the MediSpend Global Compliance Suite, our customers decide how long to retain the Personal Information they collect from you. If a customer terminates its use of the MediSpend Global Compliance Suite, then we will provide customer with access to all information stored for the customer within the MediSpend Global Compliance Suite, including any Personal Information provided by you, for export by the customer according to our agreement with our customer. After termination, we may, unless legally prohibited, delete all customer information, including your Personal Information, from the MediSpend Global Compliance Suite.

If you have elected to receive marketing communications from us, We retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our content, products, or services, such as when you last opened an email from us or ceased using your MediSpend Site account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.

4. How We share Information We collect

MMIS is not in the business of selling your personal information. We consider this information to be a vital part of Our relationship with you. There are, however, certain circumstances in which We may share your personal information with certain third parties, as set forth below:

  • Related Companies: We may share your information with affiliated business partners, for instance, for the purpose of enhancing Our products and services or so that they can market their products or services to you. If you do not want Us to share your personal information with these companies, contact us at privacy@medispend.com.
  • Agents, Consultants and Related Third Parties: MMIS, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include mailing information, maintaining databases and processing payments. When We employ another company to perform a function of this nature, We only provide it with the information that it needs to perform its specific function.
  • Legal Notice: In certain situations, MMIS may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when We believe in good faith that disclosure is necessary to protect Our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. If MMIS is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or by way a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information. We may also disclose your personal information to any other third party with your prior consent.

Joint Offerings

From time to time, MMIS may partner with other companies to jointly offer products or services. If you purchase or specifically express interest in a jointly offered product or service from us, MMIS may share certain information collected in connection with your purchase or expression of interest with our joint promotion partner(s). MMIS does not control our business partners’ use of the information We share with them, and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in connection with any joint offerings, you may opt not to purchase or specifically express interest in a jointly offered product or service.

The categories of personal information we may disclose include:

  • Personal identifiers
  • Geolocation data
  • Professional or job-related information
  • Internet activity data

5. Data Rights for Those in the European Economic Area (EEA), United Kingdom (UK), and Switzerland

MMIS, Inc. has customers, partners and personnel in various parts of the world, including the United States, the United Kingdom, and the European Union. It may be necessary at times to transfer your Personal Information between the United States and the European Union.

If you reside in the EEA, the United Kingdom, or Switzerland, our use of your Personal Information is governed by the European Union’s General Data Protection Regulation, or “GDPR” or applicable EEA, UK or Swiss national laws. These grant you particular rights in your Personal Information, including the right to alter, correct, receive, or delete Personal Information stored by MMIS, Inc. at any time, subject to our business interests and any legal requirements we may face. If you are a resident in the EU, and we can verify your identity, we will provide you with access to the information we process about you. Individuals outside the EU may also inquire, and, depending on applicable law you may also have certain rights in your data. Please use the contact information below for any inquiries.

Cross-Border Transfers

When you chose to do business with MMIS, Inc., your personal data is transferred to the United States for processing. The laws of the United States do not protect your personal data to the same extent or in the same way as in your own country.

To the fullest extent allowed by applicable law, you voluntarily request and consent to the trans-border transfer and hosting of such information to fulfill a transaction request or perform as part of a contract.

To the extent that MMIS, Inc. transfers your Personal Information to a third party outside of the EAA, UK or Switzerland we will ensure that at least one of the following safeguards is in place:

  • The country is one that the European Commission has approved as providing an adequate level of protection for personal data; or
  • Standard contractual clauses are used as the transfer mechanism when a case-by-case analysis has been performed.
  1. How to Access and Control your Personal Information

You have the following data protection rights:

  • You can request access, correction, updates or deletion of your personal information.
  • You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.
  • If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your personal information. Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries (including the US and Canada) are available here.)

To exercise any of these rights, please contact us at privacy@medispend.com or by mail to MMIS, Inc., One New Hampshire Ave., Suite 125, Portsmouth, NH 03801 USA, Attention: Privacy. We will respond to your request to change, correct, or delete your information within a reasonable timeframe and notify you of the action we have taken.

Choice

If you are a customer or other third party that interacts with one of our customers using the MediSpend Global Compliance Suite and would no longer like to have your Personal Information used by MMIS or the Customer, please contact that Customer directly. If you seek access to Personal Information, or seek to correct, amend, or delete inaccurate Personal Information or other data, collected by MMIS under the direction of our customers, please direct your query to the customer (e.g., the entity who is the data controller). If the customer requests MMIS to remove the personal information or other data, We will respond to the customer request within 30 days.

Changes to Our Policy

We may change our business and any MediSpend Site from time to time. As a result, at times it may be necessary for us to make changes to this Privacy Policy. MMIS reserves the right to update or modify this Privacy Policy at any time and from time to time without prior notice. If We make material changes to this Privacy Policy, We will notify you here, by email, or by means of a notice on our home page prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices, and especially before you provide MMIS with any personal information. This Privacy Policy was last updated on the date indicated at the top of this Privacy Policy. Your continued use of a MediSpend Site after any changes or revisions to this Privacy Policy have been published shall indicate your agreement with the terms of such revised Privacy Policy.

California Privacy Rights

If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by MMIS to its affiliates and/or third parties for their direct marketing purposes. To make such a request, please send an email with your first name, last name, mailing address, email address, and telephone number to MMIS at privacy@medispend.com. Please include “California Privacy Rights” in the subject line of your email.

Children Under the Age of 13

The MediSpend Site is not intended for children under 13 years of age. No one under age 13 may provide any information to a MediSpend Site. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information to a MediSpend Site or through any of its features, register on a MediSpend Site, or provide any information about yourself to us, including your name, address, telephone number, email address or any screen name or username you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at privacy@medispend.com.