Introduction

MedFlyt, LLC (“Company” “MedFlyt” “we” or “us”) respect your privacy and are committed to protecting it through our compliance with this policy.

This policy describes the types of information we may collect from you or that you may provide when you use our website at https://www.medflyt.com/ and any of our related services, including any associated mobile application, along with any related software or Company servers (collectively, the “Services”) and outlines our practices for collecting, using, maintaining, protecting, and disclosing that information. We want to be transparent about the information we collect, how we use it, whom we share it with, and the controls we give you to access, update, and delete your information. After reading this privacy policy, if you still have questions, please contact us at [email protected].

This policy applies to information we collect:

It does not apply to information collected by: (i) us offline or through any other means, including on any other website operated by Company or any third party (including our affiliates and subsidiaries); or (ii) any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or on the Services.

NOTE REGARDING PATIENT AND HEALTH INFORMATION

MEDFLYT ENABLES HOME CARE AGENCIES AND CAREGIVERS A TO COORDINATE AND PROVIDE PATIENT CARE, INCLUDING HOME VISITS.  CAREGIVERS MAY USE MEDFLYT TO CREATE AND STORE PATIENT INFORMATION, INCLUDING PROTECTED HEALTH INFORMATION (“PHI”) WHICH MAY BE VIEWABLE BY MEDFLYT, YOUR CAREGIVERS AND YOUR HOME CARE AGENCY AND/OR HEALTHCARE PROVIDER. PLEASE NOTE THAT IF YOU ARE A PATIENT THE COLLECTION, STORAGE AND USAGE OF YOUR PATIENT INFORMATION IS GOVERNED BY YOUR AGREEMENT WITH YOUR MEDICAL PROVIDERS, CAREGIVERS AND/OR INSURANCE PROVIDERS AND IS NOT GOVERNED BY THE TERMS OF THIS PRIVACY POLICY. THIS PRIVACY POLICY IS ONLY INTENDED TO GOVERN MEDFLYT’S RELATIONSHIP WITH ITS DIRECT USERS, NAMELY CAREGIVERS AND HOME CARE AGENCIES.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use the Services. By accessing or using the Services, you agree to this privacy policy. This policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of the Services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

HIPAA

For caregivers, please note that the patient information, including PHI, that you input into the Services may be viewable by others, including your home care agency, in connection with their permitted use of the Services. Any information that you wish to remain strictly confidential should not be entered into the Services.

Home care agencies and caregivers that use the Services may be regulated as a “covered entity” or “business associate” under the Health Insurance Portability and Accountability Act of 1996 as amended (“HIPAA”).  When we store, process, or transmit “individually identifiable health information,” we do so as a “business associate” (as those terms are defined in HIPAA) of such home care agency or caregiver. We will therefore use appropriate and reasonable safeguards designed to prevent misuse or inappropriate disclosure of any such protected health information received or created on behalf of such Agency or Caregiver as covered entity. We further agree to limit the uses and disclosures of protected health information, based on the activities or services being performed by us as business associate, and subject to the other restrictions in this policy. The parties otherwise agree to be bound by and incorporate herein the requirements set forth in Parts 160 and 164 of 45 CFR for the safeguarding of protected health information received by a business associate. The foregoing are subject to any separate or further business associate agreement (“BAA”) that Company as a “business associate” may enter into with you.  

Children Under the Age of 13

The Services is not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Services. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Services or on or through any of its features/register on the Services, make any purchases through the Services, use any of the interactive or public comment features of the Services or provide any information about yourself to us, including your name, email address, telephone number, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at [email protected].

Information We Collect About You and How We Collect It

We collect several types of information from and about users of the Services, including personal data and personal information. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).  We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

We also collect, use and share Aggregated Data which is anonymized, de-identified or otherwise aggregated, such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

How we collect this information

We use different methods to collect data from and about you including: (i) directly from you when you provide it to us; (ii) automatically as you navigate through the site; and (iii) from third parties, for example our business partners; each as described in greater detail below. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.

Information You Provide to Us 

The information we collect on or through the Services may include:

You also may provide information to be published or displayed (hereinafter, “posted”) on public areas of the Services, or transmitted to other users of the Services or third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Services with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

Information We Collect Through Automatic Data Collection Technologies 

As you navigate through and interact with the Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including: (i) details of your visits to the Services, including traffic data, logs, and other communication data and the resources that you access and use on the Services; and (ii) information about your computer and internet connection, including your IP address, operating system, and browser type.

We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking).

The information we collect automatically is statistical data and does not include personal information, but we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve the Services and to deliver a better and more personalized service, including by enabling us to:

The technologies we use for this automatic data collection may include:

Information About You We May Receive from Third Parties

We may receive personal data about you from various third parties and public sources including, but not limited to:

Third-Party Use of Cookies (and Other Tracking Technologies)

Some content or applications, including advertisements, in the Services are served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use the Services. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices About How We Use and Disclose Your Information.

How We Use Your Information

We, and our authorized third party service providers, may use information that we collect about you or that you provide to us, including any personal information:

We may also use your information to contact you about our own and third-parties' goods and services that may be of interest to you and to display advertisements to our advertisers' target audiences. For more information about steps you can take to control how your information is used, see Choices About How We Use and Disclose Your Information.

Lawful Basis of Processing

We collect and process your personal information under the following lawful bases:

  1. With your consent as provided hereunder;
  2. Performance of a contract with you;
  3. As necessary to comply with a legal obligation; and
  4. To fulfill our legitimate interest in conducting our business, where your interests and fundamental rights do not override those interests including, but not limited to:
  1. providing the services for which you have enrolled and Goods you have purchased;
  2. to keep our records updated;
  3. to study how customers use our products/services, to develop them and grow our business and inform our marketing strategy;
  4. for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercises;
  5. contacting you about our products, or responding to your requests.

Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Disclosure of Your Information

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose personal information that we collect or you provide as described in this privacy policy:

We may also disclose your personal information:

Choices About How We Use and Disclose Your Information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

Opting Out

You can ask us or third parties to stop sending you marketing messages at any time by contacting us at any time.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service experience or other transactions.

Accessing and Correcting Your Information

You can review and change certain elements of the personal information provided to Company by logging into the Services and visiting your account profile page.

You may also send us an email at [email protected] to request access to, correct or delete any personal information that you have provided to us. We cannot delete your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

If you delete your User Contributions from the Services, copies of your User Contributions may remain viewable in cached and archived pages, or might have been copied or stored by other Services users. Proper access and use of information provided on the Services, including User Contributions, is governed by our terms of use.

Your California Privacy Rights

California Civil Code Section § 1798.83 permits users of the Services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected].

Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data, which may include rights to the following:

  1. Request access to your personal data.
  1. Request correction of your personal data.
  1. Request erasure of your personal data.
  1. Object to processing of your personal data.
  1. Request restriction of processing your personal data.
  1. Request transfer of your personal data.
  1. Withdraw consent.

If you wish to exercise any of the rights set out above, please contact us at [email protected].

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Data Security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of the Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Services. The information you share in public areas may be viewed by any user.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we can neither guarantee the security of your personal information transmitted to the Services nor can we guarantee that such information will not become publicly available. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services. You can reduce these risks by using common-sense security practices such as choosing a strong password, using different passwords for different services, and using up-to-date antivirus software on your electronic devices.

Users Outside of the United States

If you are visiting the Services from a location outside of the United States, your connection will be through and to servers located in the United States. All information you receive from the Services may be created on servers located in the United States, and all information you provide may be maintained on web servers and systems located within the United States. The data protection laws in the United States and other countries might not be the same as those in your country. By using the Services or submitting information to us, you specifically consent to the transfer of your information to the United States and to the facilities and servers we use, and to those with whom we may share your information.

Changes to Our Privacy Policy

It is our policy to post any changes we make to our privacy policy on this page with a notice that the privacy policy has been updated on the Services. If we make material changes to how we treat our users' personal information, we will notify you by email to the email address specified in your account and through a notice on the Services home page. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting the Services and this privacy policy to check for any changes. your continued use of the Sites after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Contact Information

To ask questions or comment about this privacy policy and our privacy practices, contact us at:

[email protected] or MedFlyt LLC, 105-02 Metropolitan Ave., 2nd Floor, Forest Hills, NY 11375

Depending on where you reside you may have the right to make a compliant to your local supervisory authority for data protection issues.  We would, however, appreciate the chance to deal with your concerns first so please contact us.  

00740154.v5         00542269.v1