Privacy Policy

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

This Privacy Policy is incorporated by reference into the Xact Rx, LLC Terms of Use (“Terms”). The Privacy Policy explains how Xact Rx, LLC may collect, use, and disclose information we obtain through the Service. Any capitalized terms used and not defined in this Privacy Policy shall have the meaning given to them in the Terms. 

“Personal Information” can be used to readily identify, contact, or locate you. 

“Personal Information” means information that alone or when in combination with other information may be used to readily identify, contact, or locate you, such as: name, address, email address, or phone number. Personal Information includes Protected Health Information, as defined by the Health Insurance Portability and Accountability Act (HIPAA). We do not consider Personal Information to include information that has been anonymized so that it does not allow a third party to easily identify a specific individual. Your PHI is information about you, or that could be used to identify you, as it relates to your past and present physical and mental health care services. The HIPAA regulations require that the pharmacy protect the privacy of your PHI that the pharmacy has received or created.

This pharmacy will abide by the terms presented within this Notice. For any uses or disclosures that are not listed below, the pharmacy will obtain a written authorization from you for that use or disclosure, which you will have the right to revoke at any time, as explained in more detail below. The pharmacy reserves the right to change the pharmacy’s privacy practices and this Notice. Revisions to the Notice will be posted in the pharmacy and upon your request, provided to you in a paper format.

HOW THE PHARMACY GATHERS INFORMATION

We collect Personal Information when you: 

  • register to use the Service; 

  • log in with social media credentials; 

  • use the Service; 

  • request prescription transfers from pharmacies; 

  • submit referrals; 

  • permit your device to transmit information, including your location and contacts; and 

  • communicate with us. 

We may also collect information about your pet(s), including name, breed, gender, birthdate, weight, veterinary information and photos.

We also collect information, such as anonymous usage statistics, by using cookies, server logs, and other similar technology as you use the Service. 

 Registration and Account Information. You must register to use the Service. To register, you will need to provide Personal Information, such as your name, postal address, email address, and telephone number. You may also provide this information for your family members when you create sub-accounts for them. 

Social Connect. When you choose to connect your social media account to your Service profile, we collect Personal Information from that social media website. For example, when you connect your Facebook account, we may collect the Personal Information you have made publicly available in Facebook, such as your name, user ID, profile picture, cover photo, username, gender, networks, age range, language, country, friend list, and any other information you have made public. We may also obtain other non-public information from social media websites with your permission. 

Insurance and Health-Related Information. To submit prescriptions through the Service, you may need to provide us with health insurance information, pharmacy and prescription benefits information, date of birth, and other health-related information about you or others. The information that is submitted through the Service will be held subject to the requirements specified by healthcare provider, health insurance, and pharmacy partners and applicable law. For example, any Protected Health Information will be collected, used, and disclosed in compliance with HIPAA and other applicable laws and regulations, and with our agreements with providers, insurance companies, and pharmacies. 

Using the Service. We collect the information you provide through the Service. For example, when you make a purchase, communicate with a pharmacist, transfer a prescription, or ask questions through the Service, we will collect the information you provide in such submissions, including any Personal Information. 

From Third Parties. You may direct third parties to provide us with information related to your prescriptions. For example, when you request that we transfer a prescription from a pharmacy to us, the pharmacy will provide information associated with the prescriptions to us so we can process them. 

Making Payments.   When you make payments through the Service, you may need to provide financial account information, such as your credit card number, to our third-party service providers. We do not collect or store such information, though we may receive summary information about transactions that does not include credit card or bank account numbers. 

Referrals. A user may submit Personal Information, such as an email address, about others to us so that the user can recommend the Service or an item available on the Service to them. We use the information to send communications to the individual. The recipient of an invitation to use the Service may see your name and email address as the referrer. 

Communicate with Us. We may collect Personal Information through your communications with our customer-support team, requesting access to the Service, or through other communications with us, including through social media. 

Location Information from Your Mobile Device. We may collect and store your geo-location information if your device settings are enabled to send it to us. Collection of this information helps us find pharmacies and couriers near you and may otherwise improve the provision of the Service. 

Information and Content from Your Device. The Service automatically collects information about your device, such as a device ID, IP address, and browser type, so that we can provide and customize functionality, such as push notifications. You may also permit the Service to access your device’s contact list and photo storage. 

Automatic Data Collection: Cookies and Related Technologies. The Service collects and stores information that is generated automatically as you use it, including your preferences and anonymous usage statistics. When we associate such information with Personal Information, we will treat the combination as Personal Information. 

When you use the Service or receive emails from us, we and our third-party partners, such as advertising networks, social media widgets, and analytics providers, use “cookies” and other similar technologies to collect information about how the Service or email is accessed. Our partners also may collect information about your online activities over time, on other devices, and on other websites or apps. When they provide such services, they are governed by their own privacy policies. You may be able to change browser settings to block and delete cookies when you access the Service through a web browser. However, if you do that, the Service may not work properly. 

By using the Service, you are authorizing us to gather, parse, and retain data related to the provision of the Service. We may retain such information, including Personal Information, indefinitely. 

HOW THE PHARMACY MAY USE AND DISCLOSE YOUR PHI

We use Personal Information to: 

  • communicate with you.

  • facilitate and improve our services.

  • to remind you of your prescription upon such time they are ready to be refilled.

  • to notify you of alternative treatments and/or products.

  • to notify you of benefits and services the pharmacy provides.

Internal and Service-Related Usage. We use information, including Personal Information, for internal and service-related purposes and may provide it to third parties to allow us to facilitate the Service. We may use and retain any data we collect to provide and improve any of our services. 

Communications. We may send email to the email address you provide to us, push notifications to your mobile device if they are enabled, or text messages with your consent, to verify your account and for informational and operational purposes, such as account management, customer service, filling prescriptions, delivering medication, system maintenance, and other Service-related purposes. 

Marketing. We may use information, including Personal Information, to provide online advertising on the Service and to facilitate transmittal of information we think may be useful or relevant to you. We will not advertise or market to you based on any protected health information we may have without your prior permission. 

Aggregate Data. We may anonymize or aggregate data collected through the Service and use and disclose it for any purpose, such as to healthcare organizations and government entities, or for marketing purposes. 

We may share your Personal Information: 

  • with our third-party vendors and service providers.

  • to others, including pharmacies, and couriers.

  • to comply with legal obligations.

  • to protect and defend our rights and property.

  • with your permission. 

We do not rent, sell, or share Personal Information about you with other people or nonaffiliated companies for their direct marketing purposes, unless we have your permission. 

We Use Vendors and Service Providers. We may share any information we receive with vendors and service providers we use to help us provide the Service. For example, we will provide Personal Information to payment processors as part of financial transactions and may provide geo-location information to third-party map or navigation service providers. When Protected Health Information is shared, such vendors and service providers will be bound by appropriate confidentiality and security obligations which include business associate contract obligations as required by HIPAA. 

Pharmacies. When we submit a prescription and/or a request for medication to a pharmacy on your behalf, we will provide information about you to the pharmacy, including your name, address, date of birth, prescription information, insurance information, and any other information required to process a request. The pharmacies will use the information to process your request, including to collect payment from insurance companies (if applicable), communicate with your provider when necessary, and fill your prescription. 

Couriers. We use third-party couriers to deliver medication to users of the Service. They will have access to information about you in order to pick up your medication and make a delivery, such as your name, address, and any other information required to make a delivery. They may share this information with pharmacies to validate they are authorized to pick-up your medication. Such employees are required to keep your information confidential and may not use it or disclose it except for the purpose of performing a delivery. 

Social Networking and Other Websites. The Service may allow you to share information, including Personal Information, with social networking websites, such as Facebook. We do not share your Personal Information with them unless you direct the Service to share it. Their use of the information will be governed by their privacy policies, and you may be able to modify your privacy settings on their websites. 

Marketing. We do not rent, sell, or share Personal Information or Protected Health Information about you with other people or nonaffiliated companies for their direct marketing purposes, unless we have your permission. We may allow access to other data collected by the Service to enable the delivery of online advertising on the Service or on other websites and online services, or otherwise facilitate transmittal of information we think may be useful or relevant to you. 

You may be able to opt out of receiving personalized advertisements from advertisers or advertising networks who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising by visiting the opt-out sections on the websites of each of those organizations.  Links to those Services are here: 

Network Advertising Initiative: http://www.networkadvertising.org/choices/ 

Digital Advertising Alliance: http://www.aboutads.info/choices/ 

When you opt out of personalized advertising, you may continue to see online advertising on the Service and/or our ads on other Internet websites. 

Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of Xact Rx assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction as permitted by law and/or contract. We cannot control how such entities may use or disclose such information. 

The following is an accounting of the ways that the pharmacy is permitted, by law, to use and disclose your PHI.

We will use the PHI that we receive from you to fill your prescription and coordinate or manage your health care.

Uses and disclosures of PHI for Health Care Operations. The pharmacy may use the minimum necessary amount of your PHI to conduct quality assessments, improvement activities, and evaluate the pharmacy workforce.

The following is an accounting of additional ways in which the pharmacy is permitted or required to use or disclose PHI about you without your written authorization. All uses and disclosures will be to the minimum necessary amount of your PHI. Many of these uses and disclosures will never be made by the pharmacy; however, we are required by law to notify you of them as a health care provider.

Uses and disclosure for Public Health Activities. The pharmacy may use or disclose PHI about you to a public health authority that is authorized by law to collect for the purpose of preventing or controlling disease, injury, or disability. This includes the FDA so that it may monitor any adverse effects of drugs, foods, nutritional supplements and other products as required by law.

Uses and disclosure about victims of abuse, neglect, or domestic violence. The pharmacy may use or disclose PHI about you to a government authority if it is reasonably believed you are a victim of abuse, neglect or domestic violence.

Uses and disclosures for health oversight activities. The pharmacy may use or disclose PHI about you to a health oversight agency for oversight activities which may include audits, investigations, inspections as necessary for licensure, compliance with civil laws, or other activities the health oversight agency is authorized by law to conduct.

Disclosures for judicial and administrative proceedings. The pharmacy may disclose PHI about you in the course of any judicial or administrative proceedings, provided that proper documentation is presented to the pharmacy.

Disclosures for law enforcement purposes: The pharmacy may disclose PHI about you to law enforcement officials for authorized purposes as required by law or in response to a court order or subpoena.

Uses and disclosures for research purposes: The pharmacy may use and disclose PHI about you for research purposes with a valid waiver of authorization approved by an institutional review board or a privacy board. Otherwise, the pharmacy will request a signed authorization by the individual for all other research purposes.

Uses and disclosures to avert a serious threat to health or safety: The pharmacy may use or disclose PHI about you, if it believed in good faith, and is consistent with any applicable law and standards of ethical conduct, to avert a serious threat to health or safety.

Uses and disclosures for specialized government functions. The pharmacy may use or disclose PHI about you for specialized government functions including military, national security and intelligence, protective services, department of state functions, and correctional institutions and law enforcement custodial situations.

Disclosure for workers’ compensation: The pharmacy may disclose PHI about you as authorized by and to the extent necessary to comply with workers’ compensation laws or programs established by law.

Disclosures for disaster relief purposes: The pharmacy may disclose PHI about you as authorized by law to a public or private entity to assist in disaster relief efforts.

Disclosures to business associates. The pharmacy may disclose PHI about you to the pharmacy’s business associates for services that they may provide to or for the pharmacy to assist the pharmacy to provide quality health care. To ensure the privacy of your PHI, we require all business associates to apply appropriate safeguards to any PHI they receive or create.

FOR ALL OTHER USES AND DISCLOSURES

The pharmacy will obtain a written authorization from you for all other uses and disclosures of PHI, and the pharmacy will only use or disclose pursuant to such an authorization. In addition, you may revoke such an authorization in writing at any time. To revoke a previously authorized use or disclosure, please contact Xact Rx to request for Restriction of Uses and Disclosures.

INFORMATION SECURITY 

We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, the Internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us. We do not accept liability for unintentional disclosure. 

When we process Protected Health Information, we are acting as a “business associate” as regulated by HIPAA. Therefore, we are required to adopt and maintain appropriate physical, technical, administrative, and organizational procedures to safeguard and secure the Protected Health Information we process. We also may not access, use, or disclose the Protected Health Information except as permitted by our partners, you, and/or applicable law. We strive to protect the privacy of the Personal Information we process, and to avoid inadvertent disclosure. Our partners will have their own Privacy Policies in place. We are not responsible for our partners’ activities and omissions, in particular, how they retain or secure their own data related to the provision of the Service. 

If we learn of a security system’s breach, we maintain an incident response policy that includes notification requirements consistent with applicable law. By using the Service or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Service. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Service or sending an email to you. You may have a legal right to receive this notice by mail. 

CREDIT CARD AUTHORIZATION AND USE

Xact Rx uses credit card tokenization to protect consumer privacy. Credit card tokenization is a process that replaces sensitive credit card information with a unique identifier called a token. This token is then used to process transactions. By using credit card tokenization, we ensure that your credit card information is never stored on our servers and is therefore protected from unauthorized access or theft. A patient/client credit card will only be stored utilizing tokenization at the request of the patient/client and only utilized to pay upon patient/client request.

CHILDREN’S PRIVACY

We do not knowingly collect information from children under 13. We will take steps to delete it if we learn we have collected it. 

We do not knowingly collect, maintain, or use personal information from children under 13 years of age, and no part of the Service is directed to children under the age of 13. If you learn that your child has provided us with personal information without your consent, you may alert us at ask@xactrx.com. If we learn that we have collected any personal information from children under 13, we will promptly take steps to delete such information and terminate the child’s account. 

YOUR HEALTH INFORMATION RIGHTS 

The following are a list of your rights in respect to your PHI.

Request restrictions on certain uses and disclosures of your PHI. You have the right to request additional restrictions of the pharmacy’s uses and disclosures of your PHI; however, the pharmacy is not required to accommodate a request. If you wish to request additional restrictions, please contact the pharmacy at ask@xactrx.com.

The right to have your PHI communicated to you by alternate means or locations. You have the right to request that the pharmacy communicate confidentially with you using an address or phone number other than your residence. However, state and federal laws require the pharmacy to have an accurate address and home phone number in case of emergencies. The pharmacy will consider all reasonable requests. If you wish to request a change in your communicating address and/or phone number, contact the pharmacy at ask@xactrx.com.

The right to inspect and/or obtain a copy your PHI. You have the right to request access and/or obtain a copy of your PHI that is contained in the pharmacy for the duration the pharmacy maintains PHI about you. If you wish to inspect or obtain a copy of your PHI, please contact the pharmacy at ask@xactrx.com. There may be a reasonable cost-based charge for photocopying documents. You will be notified in advance of incurring such charges, if any.

The right to amend your PHI. You have the right to request an amendment of the PHI the pharmacy maintains about you, if you feel that the PHI the pharmacy has maintained about you is incorrect or otherwise incomplete. Under certain circumstances we may deny your request for amendment. If we do deny the request, you will have the right to have the denial reviewed by someone we designate who was not involved in the initial review. You may also ask the Secretary, United States Department of Health and Human Services (“HHS”), or their appropriate designee, to review such a denial. If you wish to amend your PHI files, please contact the pharmacy at ask@xactrx.com.

The right to receive an accounting of disclosures of your PHI. You have the right to receive an accounting of certain disclosures of your PHI made by the pharmacy. If you wish to receive an accounting of disclosures of your PHI, please contact the pharmacy at ask@xactrx.com. You should be aware, however, that such an accounting excludes uses and disclosures made for treatment, payment, or health care operations purposes.

The right to receive additional copies of the Pharmacy’s Notice of Privacy Practices. You have the right to receive additional paper copies of this Notice, upon request, even if you initially agreed to receive the Notice electronically. If you wish to receive a paper copy of this request, please ask a pharmacy workforce member and they will provide you with a copy.

UPDATE YOUR INFORMATION OR POSE A QUESTION OR SUGGESTION 

To request access to, correction, amendment, or deletion of this Personal Information, a user should make the change using the Service, when possible. If the Service does not permit you to access, correct, amend, or delete any information that you have provided to us through your use of the Service or otherwise, or if you have suggestions for improving this Privacy Policy, please send an email to ask@xactrx.com. 

Limits to Your Requests for Access, Amendment, or Deletion. While we may be able to access, update, and delete the information we maintain, we may not be able to access, amend, or delete the information we provided to pharmacies and other third parties on your behalf. If we cannot access, amend, or delete such data you may need to interact with the pharmacies and other third parties directly. Our contractual obligations to pharmacies and our legal obligations under HIPAA and other applicable laws may require us to retain information about users for extended periods of time. We will continue to retain such information as necessary. 

REVISIONS TO THE NOTICE OF PRIVACY PRACTICES

The pharmacy reserves the right to change and/or revise this Notice and make the new revised version applicable to all PHI received prior to its effective date. The revised Notice will be available, upon request, to all individuals. The pharmacy will also post the revised version of the Notice in the pharmacy.

GOVERNING LAW

By choosing to visit our Services, you agree that any dispute over privacy or the terms contained in this Privacy Policy will be governed by the law of the State of Texas, without reference to the choice of law or conflicts of law principles thereof, and will be subject to the dispute resolution clause contained in the terms of use applicable to the Services. You also agree to abide by any limitation on damages contained in the terms of use of our Services.

COMPLAINTS

If you believe your privacy rights have been violated, you may file a complaint with the pharmacy and/or to the Secretary of HHS, or his designee. If you wish to file a complaint with the pharmacy, please contact Xact Rx at ask@xactrx.com. If you wish to file a complaint with the Secretary, please write to:

The U.S. Department of Health and Human Services
Office of the Inspector General
200 Independence Ave, S.W.
Washington, D.C. 20201

The pharmacy will not take any adverse action against you as a result of your filing of a complaint.

CONTACT INFORMATION

If you have any questions on the pharmacy’s privacy practices or for clarification on anything contained within the Notice, please contact:

Xact Rx

193 Coy Road, Suite 200

Weatherford TX, 76087

(817) 661-0758