Privacy Policy

I. Overview

MedCash’s website privacy policy discloses to website visitors the ways MedCash collects, uses, discloses, and protects visitor data.

II. Purpose

MedCash provides this website privacy policy to provide transparency to website visitors and meet compliance and privacy requirements. We believe that providing visitors with accurate and adequate notice about our website will lead to informed choices and decisions about how to use website as well as protect visitor privacy.

III. Scope

This policy applies to all staff who manage, develop, program, provide content for, and otherwise maintain the MedCash’s website.

IV. Policy

A. Overview

Website must comply with MedCash’s website policy. Website designs must comply with MedCash’s standards. Any MedCash website designed by any person or vendor other than MedCash’s IT Department must be submitted to the Marketing Department for review and approval.

Recommended website privacy policy content is listed below. However, the content may be changed:

• To customize the content regarding MedCash’s products and services.
• As new services are provided.
• To meet regulatory compliance and best practice requirements.
• To provide additional transparency on personal information collected, stored, and protected.

B. Recommended Website Privacy Policy Content

Website Privacy Policy

MedCash is committed to protecting your privacy. Most pages on our site can be visited without providing information about yourself or your organization. Occasionally, we need your contact information to provide services that you request. This privacy policy explains our data collection procedures and use of your information. This notice informs you about:

• Your privacy rights
• Personal information that may be collected.
• Access to your personal information.
• How your information may be used, including, with whom, if anyone, it might be shared.
• Choices you have regarding the use of your personal information.
• How we safeguard your information.
• How you can access and, if necessary, change or delete your personal information.
• Please contact us at [email protected] if you have any questions, complaints, or comments regarding this privacy policy.

When you link to any other site, you leave MediCash’s site and we have no control over the activities or policies of other sites.

Your Privacy Rights

MedCash respects your privacy rights:

• Right to Know. You have the right to know when we intend to collect personal information, what personal information is being or has been collected, where the data originated, how it will be used, and with whom it will be shared.
• Right to Consent. You have the right to opt-in for the use, disclosure, sale, or access to your personal information. You may revoke such consent at any time.
• Right to Prevent. You have the right to prevent our organization from sharing your personal information with third parties.
• Right to Request. You have the right to request a copy of your personal information on file.
• Right to Deletion. You have the right to request that we remove your personal information on file.
• Right to Pricing. We are prohibited from charging you a different price, or refusing service, if you exercised your privacy rights.

Personal Information Collected

Contact information collected is generally limited to your name, organization name (if applies), address, phone number, and e-mail address. Information is requested when you request or register to receive more information, subscribe to e-mail newsletters, sign up for an event or training, or order services.

MedCash may request and/or collect additional information from you on a voluntary basis when you:

• Request information on or purchase our products or services.
• Participate in promotions or events.
• Send questions or comments via e-mail to [email protected]

When you send e-mail to us, we are not attempting to collect any personal information about you. We will only use information contained in your e-mail to respond to your specific inquiry or comments in the e-mail. Since e-mail is a form of business communication, we may retain your information for a period of time and archive such information per MedCash’s retention requirements.

This site collects information about pages visited within the site. We may use this information to accurately count visitors across our website and understand how they navigate and use our network of web sites. MedCash does not combine website traffic information with your personal information.

MedCash does not:

• Share your information with unaffiliated third parties for their own direct marketing purposes.
• Knowingly collect personal information on European Union (EU) residents.
• Collect, transmit, or store, personal information such as medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information specifying the sex of the individual.

How Personal Data is Used

MedCash collects, stores, and processes information provided to us. We may use the information you submit to us to send you information on our products, services, and promotional materials. Specifically, we use your contact information for the following purposes:

• Respond to your specific inquiry or comments.
• Deliver services, including marketing communications, related to your request or use of our products and services.
• Alert you to special offers, updated information, new services, and related information from Medcash.
• Allow you access to limited-entry areas of our site as appropriate.
• Other forms of business correspondence.

We may use your information so we can improve the products and services we provide to better meet your needs. The demographic information (e.g., location, type of organization, services requested, etc.) you provide us is collected by MedCash and is not disclosed to third parties. This demographic information cannot be used to personally identify you. We may merge site-visitation data with anonymous demographic information for research purposes, and we may use this information in aggregate to provide more relevant content.

MedCash reserves the right to use "cookies" to enhance your experience at our web site. Cookies are pieces of information that we place on your computer to help us accurately understand how many visitors are viewing a particular site, how often they visit that site, and the content viewed.

MedCash reserves the right to collect IP addresses for the purposes of system administration, to report aggregate information to third party marketing firms, and to audit the use of our web sites. When visitors request pages on our web site, our servers may log the visitor's IP address. We do not link the IP address to your personally identifiable information.

Information passively collected by MedCash includes log files that record website activity that gathers statistics about web user browsing habits. These entries are generated anonymously, and help MedCash determine, among other things, how many and how often users visit our web site, the pages visited, and other similar data. We also use the log file entries for internal marketing and demographic studies to constantly improve our online services.

Sharing of Information

MedCash may share your personal information with outside entities hired to assist with MedCash’sinternal support operations (e.g., cloud service providers, packaging and mailing services, event registration, etc.). We only provide those companies the information they need to deliver the service, and they are prohibited from using that information for any other purpose. Third parties may also collect your personal information from other sources.

MedCash does not sell or rent information collected from and about individuals to third parties. In the past 12 months, we have not sold or rented individual personal information to third parties. However, in the event of a merger, acquisition, reorganization, bankruptcy, or other similar event, your personal information may be transferred to MedCash’s successor or assign, if permitted by and done in accordance with applicable law.

MedCash may disclose your contact information if required to do so by law or in the good-faith belief that such action is necessary to:

• Conform to the edicts of the law including disclosure of information in response to lawful requests by public authorities, national security, or law enforcement requests, or comply with legal process served on MedCash.
• Protect and defend the rights or property of MedCash and its web site.
• Investigations of fraud, intellectual property right infringements, or other activity that is illegal.
• Act in urgent circumstances to protect the personal safety of MedCash employees, users of MedCash products or services, or members of the public.

Safeguarding Information

MedCash only collects information to the extent deemed reasonably necessary to serve our legitimate business purposes. In addition, we take appropriate steps to ensure the security and integrity of any information you provide to us.

Any information provided to us is stored in an access-controlled facility. Your information is protected from electronic threats by the use of firewalls, intrusion detection, anti-virus, anti-spyware, passwords, and related security mechanisms.

Update and Removal of Information

If you receive an e-mail and want to opt-out, simply reply back to the e-mail requesting your address be removed from future communications or click the unsubscribe link, if provided.

You may at any time review, correct, amend, or delete the contact information we have for you. Simply contact us at [email protected] to change, update, or have us remove your information. If your request is sent via e-mail, please include in your message the service or communication you received from us.

Age Notice

MedCash has developed this website to be an enjoyable experience for visitors of all ages. MedCash recognizes that some younger children may not understand some of the information contained on the website or how the website operates.

Most areas of this site are available to the general public, including those under the age of 13. Children under the age of 13 should seek parent or guardian's consent before they provide any personal information to us.

Adults should monitor and restrict the activities of their children. In addition, MedCash requests that adults discuss this privacy policy with your children so that they will better understand how to use this website and the information they may be asked to provide.

Inquiries, Comments, or Complaints

Please submit any questions, comments, inquiries, or complaints to MedCash at [email protected].

Effective Date and Changes to Privacy Policy

This privacy policy is effective as of January 31, 2024. You will be notified by prominent notice on this page if there are material changes to this privacy policy.

V. Enforcement

Any Staff found to have violated this policy may be subject to disciplinary action, up to and including termination.

VI. Distribution

This policy is to be distributed to all Staff responsible for managing and developing the MedCash web site.

References:

COBIT EDM01.01, APO01.03, APO01.11, APO05.03, APO12.02, APO13.07, MEA04.11
GDPR Article 24, 25, 32
HIPAA 164.308(a)(1)(ii)(B), 164.502(b)(1), ARRA 13404(b), ARRA 13405(a)
SO 27001:2013 A.9.1.1, A.9.2.2, A.18.1.3-4
NIST SP 800-37 3.2, 3.4, 3.7
NIST SP 800-53 AC-3-4, AC-6, AC-21, AC-23, AU-9-10, 3.15, PT-1
NIST Cybersecurity Framework ID.AM-3, ID.GV-3, ID.RM-1, PR.AC-1-4, PR.AC-6, DE.DP-2
PCI 6.1.1