Privacy & Security Policy
1. About RxCloud
RxCloud Inc. (RxCloudTM, RxCloud, us, we) is a virtual omnichannel platform available for iOS and Android mobile apps. The Rare Finds application is owned, operated and licensed to Rare Disease Foundation by RxCloud Inc. Rare Disease Foundation assumes no liability for any loss or damage suffered as a result of the use, misuse or reliance on the information and content on the application.
You may use RxCloud™ for your personal, non-commercial purposes. You may not use this application for any other purposes. You are not permitted to make any resale, commercial or derivative use of this application, or use any data mining, robots, or similar data gathering and extraction methods.
RxCloud connects healthcare practitioners, clinic staff and vendors to get the right prescription products and the best non-prescription health and beauty products through a robust multi-shop ecommerce engine. Video and text chat in addition to a community forum enables interaction between all users.
RxCloudTM offers an integrated telehealth and e-commerce experience to serve their patients. This platform also enables healthcare professionals to grow their business and save on costs while providing VIP access to training, tutorials, new promotions, loyalty rewards, discounts, and a direct connection to healthcare suppliers, industry and medical business experts. For more information visit https://www.rxcloud.ca/
2. Use of Website / Webstore / Mobile App / Shop
Your use of the website, webstore, mobile app, shop, and consulting services constitutes acceptance of the following terms and conditions.
If you do not agree to these terms and conditions, you should not use this site or mobile application and/or purchase any products or services through this site or mobile application.
Chief Compliance and Privacy Officer
Telephone: +1 (786) 871-3344
333 SE 2nd Avenue, Suite 2000
Miami, FL 33131
Note that this Policy does not apply to the collection, use, retention, disposal, destruction, and protection of Information by Authorized Physicians or Authorized Non-Physician Providers. Authorized Physicians and Authorized Non-Physician Providers are subject to privacy legislation and professional requirements that govern their management of Information, including Information they collect, use and retain in the course of providing services through the RxCloud Platform. Please feel free to ask any Authorized Physician or Authorized Non-Physician Provider to whom you are referred if you have questions about how he or she will treat your Information.
RxCloud™ has designated a Chief Compliance and Privacy Officer, who is accountable for compliance with privacy legislation and related policies. All RxCloud™ employees receive privacy training and understand their responsibility to protect your patient's health care information. The following information is collected to register for RxCloud™ services. Individuals registering on behalf of another individual must be their doctor, healthcare provider, parent, legal guardian, or have their consent.
Name - participant name is also one of the criteria to collect rewards points;
E-mail Address - email address will be the participant’s RxCloud™ account and is where communications, such as password resets, will be sent;
Password - the password to log into an RxCloud™ account is the first level of protection. RxCloud™ employees have no access to user passwords;
Mailing Addresses and Databases - mailing addresses and/ or databases may be required in some instances. Health Care Number or any other health information displayed on patient prescription will only be used to provide the patient with their products. The information will be guarded with security measures by which RxCloud™ staff can identify individuals for information or assistance and will not be shared with a 3rd party without written request or consent of the owner of such Information.
3.2. Safeguarding Information
RxCloud takes the security of your information seriously. We store your information in electronic format within the country in which you reside through AWS, using computer systems with restricted access and housed in facilities using physical security measures. More generally, we have in place appropriate physical, technological, and organizational safeguards to protect Information against loss, theft, unauthorized access, use, and disclosure. As mentioned, RxCloud Personnel is obligated to protect Information by adhering to our policies, practices and applicable laws.
We use industry-standard physical, technical and administrative security measures and safeguards to protect the confidentiality and security of your personal information. However, since the Internet is not a 100% secure environment, we cannot guarantee, ensure, or warrant the security of any information you transmit to us. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It is your responsibility to protect the security of your login information. Please note that emails and other communications you send to us through our website are not encrypted. Therefore, we strongly advise you not to communicate any confidential information through these means. You play an important role in protecting your privacy and the confidentiality of your Information. For example:
- Create a strong and unique password for your User Account, using RxCloud’s password strength estimator, and update it periodically.
- Always use two-step verification to ensure your health information is protected.
- Do not share your User Account or password with anyone. We will never ask you for your password, including in any unsolicited communication such as letters, phone calls or email messages, so please contact us if you receive such a request.
- Log out of your User Account once you are finished using it, especially if you share your Device with anyone else. Delete your app history where applicable private information is available.
- Have a strong and unique password on your device, too.
- Choose a quiet, private location from which to access the RxCloud Platform and its services.
3.3. Access to Your Information and Choices
You can access and update certain information we have relating to your online account by signing into your account and going to the account settings section of our Site. If you have questions about the personal information we have about you or need to update your information, you can Contact Us at firstname.lastname@example.org. You can opt out of receiving marketing and promotional emails from RxCloud by using the opt-out or unsubscribe feature contained in the emails. You can close your online account by going to the Account Setting section of our Site. If you close your account, we will no longer use your online account information or share it with third parties.
We may, however, retain a copy of the information for archival purposes, and to avoid identity theft or fraud.
We use industry-standard physical, technical and administrative security measures and safeguards to protect the confidentiality and security of your personal information. However, since the Internet is not a 100% secure environment, we cannot guarantee, ensure, or warrant the security of any information you transmit to us. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It is your responsibility to protect the security of your login information. Please note that emails and other communications you send to us through our Site are not encrypted. Therefore, we strongly advise you not to communicate any confidential information through these means.
3.4. Collecting and Using Information
RxCloud collects and uses Information only as necessary to provide our services, including to develop, assess, and improve our services.
We only collect Personal Information to set up an account for you on the RxCloud and RxCloud apps and the RxCloud and RxCloud website so that you can access and use the services RxCloud provides, including:
- Teleconsultations between individuals and Authorized Physicians and between Patients and Authorized Non-Physician Providers
- Healthcare services provided to individuals by Authorized Physicians and Authorized Non-Physician Providers
- Informational services to individuals by Authorized Physicians and Authorized Non-Physician Providers
- Business facilitation on the RxCloud app between Authorized Physicians and Authorized Vendors and between Authorized Non-Physician Providers and Authorized Vendors.
We collect other information from you as you use the services, necessary to develop, assess and improve our services:
- App usage information
- Website and device information
We only collect Personal Information if non-identifying information will not suffice. We minimize our collection and use of Information to what is needed for these purposes. For example, we do not record the audio or video portions of interactions between individuals and Authorized Physicians and between Patients and Authorized Non-Physician Providers through the RxCloud Platform. As mentioned, Authorized Physicians and Authorized Non-Physician Providers are responsible for their collection, use, disclosure, retention, destruction, and protection of Information. As a result, the following description is an overview only of the use generally made of Information for the purpose of providing services to Patients by Authorized Physicians and Authorized Non-Physician Providers through the RxCloud Platform. A particular Authorized Physician or Authorized Non-Physician Provider may or may not choose to collect or use Information as described below in connection with a particular interaction with a Patient.
3.4.1. Healthcare Services
Authorized Physicians and Authorized Non-Physician Providers may collect Information about patients or any Registered Dependent (as defined below) when a Patient provides it during a Healthcare Services consultation (e.g., verbally or in texts, by video, by audio and by e-mail), by viewing the Information that the Patient has entered or uploaded to the RxCloud Platform and/or by creating or compiling Information in the RxCloud Platform. Information that will be available to Authorized Physicians and Authorized Non-Physician Providers includes: the details that the User provides in the consultation request; information the Patient has entered or uploaded to profiles and medical records; information created during earlier interactions through the RxCloud Platform with other Authorized Physicians and/or Authorized Non-Physician Providers; the name, email address, phone number, gender and date of birth and province/territory that the Patient provided when they registered; list of health conditions, list of medications, list of health concerns, list Personal Health Number, Insurance Provider Information, and the emergency contact’s name and contact information. Authorized Physicians and Authorized Non-Physician Providers use Information to provide the Patient with Healthcare Services and/or Informational Services and, as with any healthcare provider, must comply with the privacy legislation and medical record-keeping obligations to which they are subject. Authorized Physicians and Authorized Non-Physician Providers may create Information such as prescriptions, product recommendations, prescription refills, sick notes, and other notes about Patient’s interaction with them through the RxCloud Platform. They may export or print copies of the Patient’s Information that they collect. Authorized Physicians and Authorized Non-Physician Providers may but are not required to email or text the emergency contact if they believe that the Patient is dealing with a medical emergency during a consultation. The Patient is responsible for advising the emergency contact that they are providing their name and contact information to RxCloud and Authorized Physicians and Authorized Non-Physician Providers, and for obtaining any necessary consent from them for the provision and use of their information in connection with the RxCloud Platform.
3.4.2. Informational Services
Authorized Physicians and Authorized Non-Physician Providers collect and use Information that the Patient provides in the course of obtaining Informational Services, by viewing the information that the Patient has entered or uploaded to the RxCloud Platform and by creating or compiling Information in the RxCloud Platform. The Information that they collect and use includes: the details that the Patient provides in the request for Informational Services and information that the Patient provided to register to use the RxCloud Platform (name, gender, date of birth and place of residence) to confirm Patient’s eligibility to receive Informational Services. Authorized Physicians and Authorized Non-Physician Providers are bound to comply with privacy legislation applicable to providers of Informational Services.
3.4.3. Provision of the RxCloud Platform
We collect and use the Patient’s Information to register, create a Patient Account, authenticate the Patient when they log in and personalize their experience while using the RxCloud Platform. We confirm Patient’s eligibility to use the RxCloud Platform for Healthcare Services and/or Informational Services by asking you to confirm your place of residence and date of birth that the Patient provides when registering for teleconsultations. We collect Patient’s provincial/ state health card/ and copay number in order to bill federal, provincial, state and other health plans for those services that are eligible for coverage by Patient’s insurance health plan(s).
The Patient may choose to enter or upload and store their Information in the RxCloud Platform such as Patient’s medical records, and the name and contact information for Patient’s emergency contact. When seeking Healthcare Services, the Patient may also choose to enter or upload and store Information about individuals for whom they have the legal authority to make decisions regarding their healthcare and for whom they have created a profile by providing their first and last name, gender and date of birth (each a "Dependent" or other “family members under Patient’s care”). We use their date of birth where applicable and Patient’s assertion of their relationship with the Patient to confirm Patient’s eligibility to obtain Healthcare Services for the Dependents, and their eligibility to receive Healthcare Services.
We use Information that the Patient enters, or uploads, or which is created as part of an interaction with an Authorized Physician or Authorized Non-Physician Provider to make it available to the Patient when they access their Patient Account. We may use Information for loss prevention and anti-fraud purposes, and to comply with regulatory and legal requirements.
We may use Information to help us create, develop, operate, deliver, support and improve the RxCloud Platform, its content and advertising provided to the Patient through it (RxCloud’s and third parties’) unless the Patient has decided not to receive such advertising.
3.4.4. Patients eligible for Healthcare and Informational Services
To request Healthcare Services, the Patient selects any applicable symptoms relevant to their request. They may also specify whether they’re seeking to receive a new prescription, renew a prescription, receive over-the-counter recommendations and style guidance or frames and other optical products, or obtain a referral. We facilitate the Patient’s disclosure to the Authorized Physician or Authorized Non-Physician Provider of that information, along with age and gender to determine whether your request is eligible. We do not identify the Patient, or, if applicable, the Registered Dependent for whom the Patient is seeking the Healthcare Services. Once the Authorized Physician or Authorized Non-Physician Provider confirms that the request is eligible, we identify the Authorized Physician or Authorized Non-Physician Provider to the Patient. The RxCloud Platform presents to the Authorized Physician or Authorized Non-Physician Provider the Information provided in the Patient’s consultation request, Patient name and, if applicable, the name of the Registered Dependent for whom they’re seeking the consultation. Unless the Patient has elected to withhold access to information held in the RxCloud Platform about themselves or any Registered Dependent, the Authorized Physician or Authorized Non-Physician Provider will be able to view it too. We use Information that the Patient enters to provide the services requested to perform on the Patient’s behalf, e.g., securely faxing or emailing Patient’s prescription to the chosen pharmacy, labs, and other vendors.
We use the Patient’s Information to text or email to notify the Patient about services that they request. For example, we notify the Patient about the status of their consultations and other requests, such as prescriptions, product orders, subscription renewals to products, insurance provider benefits and other information, which provides the Patient with reminders and pertinent information. We may collect location data through the use of GPS technology and the Patient’s IP address where applicable to services requested, e.g., ensuring the Patient is connected to an Authorized Physician or Authorized Non-Physician Provider or pharmacy, or a vendor that is licensed or authorized to provide such services and/ or products in the jurisdiction where the Patient is located. We also use the Patient’s IP address for security purposes, e.g., presenting the Patient with information about the account activity in the Patient’s account settings.
3.4.5. Medical Emergencies Associated with Requests for Healthcare Services
Should the Patient submit Information about a medical issue, which is deemed an emergency by an Authorized Physician or an Authorized Non-Physician Provider prior to their acceptance of the Patient’s request for Healthcare Services, RxCloud reserves the right to contact the Patient at any time using any of the contact information provided. This contact is strictly for the purpose of informing the Patient that an Authorized Physician or Authorized Non-Physician Provider has viewed their anonymized request and has declined the request based on their belief that Patient symptoms may represent a medical emergency.
3.4.6. Business facilitation on the RxCloud app
Through the RxCloud app we offer a platform to grow their business and save on costs while providing VIP access to training, tutorials, new promotions, loyalty rewards, discounts, and a direct connection to other suppliers, industry and medical business experts (collectively - vendors). RxCloud authorizes Vendors to register a user account, access and use the RxCloud platform to promote and sell their products and services to healthcare professionals.
The Authorized Vendor enters and uploads to the RxCloud Platform the relevant information about their services and products. By publishing their profile on the RxCloud Platform the Authorized Vendor agrees to disclose to the general public their business operating name, the full name of the business contact person and the relevant fees for their services and products. By using the RxCloud platform the Authorized Vendor agrees that we facilitate business connections with other healthcare professionals registered as Users on the RxCloud app.
Any information except the information available on the public profile of the Authorized Vendor is considered personal and is not disclosed to any person or organization without consent or if required by law. RxCloud does not sell, rent, or lease personal information.
3.5. Information on Health
We (RxCloud Inc) Offer NO Medical Advice. RxCloud™ is intended to provide Patients of the Authorized Physicians or Authorized Non-Physician Providers or Patients seeking advice from an Authorized Physician or Authorized Non-Physician Provider on the RxCloud Platform with access to related health and beauty products, in a timely and affordable manner. RxCloud™ is not intended to provide any medical advice or any other advice. The information contained on this site is not a substitute for a doctor’s advice.
3.6. Privacy of Patient Information
RxCloud™ is committed to maintaining the confidentiality of the personal information in our care. Managing and protecting personal information is our main priority. Wherever possible, we store information on Canadian-based platforms not subject to the Patriot Act of 2001. Your personal or patient information is not disclosed to any person or organization without consent or required by law. RxCloud™ does not sell, rent, or lease personal information. By providing RxCloud™ with your email address and placing an order, you are providing consent for us to send you emails regarding your order and other promotional and/or informational emails. You will not receive any spam and your email address will not be provided to any 3rd parties for marketing purposes. You can unsubscribe to these emails at any time.
3.7. Accessing and Correcting Information
You can access your Information or that of your Registered Dependents to check that it is accurate, complete, and up to date by logging in to your User Account. You may update and edit any of your Information except Information an Authorized Physician or Authorized Non-Physician Provider has viewed or created Information during a Healthcare Services consultation when you log in to your User Account. Contact the Authorized Physician or Authorized Non-Physician Provider who provided the Healthcare Services to access or request the correction of Information in their notes on the RxCloud Platform or that they hold in their medical records. The RxCloud Platform offers you functionality and choices for protecting your privacy which include: You may enable two-factor authentication on your account to help ensure that only you can access your account. If you do, in addition to entering your password to log in to your account to access the RxCloud Platform, we will send a code to your mobile number, which you will need to enter. This added security prevents anyone else from accessing your RxCloud account unless they have access to your login information and your mobile phone. You may choose whether to use audio, chat, or video for interactions with Authorized Physicians and Authorized Non-Physician Providers. When seeking Healthcare Services, you may withhold Information, e.g., consultation information and medical records from Authorized Physicians and/or Authorized Non-Physician Providers. Please be aware that Authorized Physicians and Authorized Non-Physician Providers may be unable to provide you with Healthcare Services as a result. They will advise you of the implications of your choice. When seeking Informational Services, any previous Information collected e.g., consultation information and records, will not be accessible by the Authorized Physician or Authorized Non-Physician Provider providing the services unless you specifically elect to provide access.
3.8. Retaining and Disposing of Information
Unless we otherwise give you notice, we will retain your Information on the RxCloud Platform on your behalf until such times as you or we terminate your User Account. On termination, you will have an opportunity to print or make copies of your Information subject to the following. To ensure that Authorized Physicians and Authorized Non-Physician Providers may exercise any authority they have to withhold Information they compile in connection with Healthcare Services from patients under the law, you will be required to request any access you would like to notes made by an Authorized Physician or an Authorized Non-Physician Provider about your consultation from the Authorized Physician or Authorized Non-Physician Provider. With the exception of residents of Prince Edward Island receiving Healthcare Services in Prince Edward Island, RxCloud is not the custodian of Information held on the RxCloud Platform; rather it holds Information on behalf of Users or Authorized Physicians and Authorized Non-Physician Providers. For residents of Prince Edward Island receiving Healthcare Services in Prince Edward Island, RxCloud is a custodian, as defined by the PEI Health Information Act. On termination of your User Account, once you have been given the opportunity to print or make copies of your Information, we will delete the Information associated with your User Account, except Information that an Authorized Physician or Authorized Non-Physician Provider advises us he or she requires in connection with a consultation or Informational Services the Authorized Physician or Authorized Non-Physician Provider provided. In such circumstances, RxCloud will destroy the Information when the Authorized Physician or Authorized Non-Physician Provider has obtained a copy or terminates his/her account with RxCloud.
3.9. Disclosing Information
We will not disclose, share, sell or rent your Information with or to any third party (except to the extent we disclose to Authorized Physicians or Authorized Non-Physician Providers, emergency contacts and in compliance with regulatory and legal requirements as set out in this Policy), except with your consent, or to the extent necessary, in our good faith judgment, to: comply with applicable laws or regulations, respond to a subpoena, order, or similar obligation to produce information; establish or exercise RxCloud’s legal rights or defend against legal claims; or investigate, detect, suppress, prevent or take action regarding illegal or prohibited activities, suspected fraud, situations involving potential threats to the reputation or safety of any person. We may use or disclose your email address, but never PHI, information to market a product or service, either directly, or through a service provider or partner that performs services on our behalf. We may disclose Information for the purposes of the due diligence required for or for the completion of a transaction such as a merger, acquisition or asset sale. We will comply with any applicable legal requirements, including notice requirements, that apply to such transactions.
3.10. Legal Proceedings
We will share personal information with third-party companies, organizations or individuals outside of RxCloud if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- Meet any applicable law, regulation, subpoena, legal process or enforceable governmental request.
- Detect, prevent, or otherwise address fraud, security or technical issues.
- Protect against harm to the rights, property or safety of RxCloud, our users, customers or the public as required or permitted by law.
3.11. Transfer in the Event of Sale or Change of Control
This Site is not targeted to and is not intended for use by European Union (EU) residents located in the EU. EU residents may use the Site when they are located in the US or Canada. We may store your personal information (also commonly referred to as personal data) on servers located in Canada. When you access or use our Services, you consent to our collection, use, disclosure, and storage of your Personal Information as described in this Privacy and Security Policy. In addition to the sharing described elsewhere in this Policy, we will share personal information with companies, organizations or individuals outside of RxCloud only if and when we have your consent to do so. You can withdraw your consent at any time, subject to legal or contractual restrictions. However, if you refuse to provide certain information this may impact our ability to provide you with certain services. Please contact us directly at email@example.com for assistance with using the privacy functionality or with any questions about using the RxCloud Platform. Additionally, you may contact us at any time to: stop receiving e-mails or other correspondence from us, seek assistance with viewing and correcting Information, and close your User Account. To protect privacy, we may request information to verify your identity when you contact us.
3.13. Changes to RxCloud™and Termination of access to RxCloud™
3.15. Collecting, using and sharing Data
3.16. Customer support
If you email, text, chat, fax, write to us or complete a ‘contact us’ form on the RxCloud Platform, we will collect the name and contact information that you provide to us and will use it to respond to you.
We only permit our Personnel to access Information to the extent necessary to perform their designated functions. We require them to protect the Information and maintain its confidentiality by complying with our policies, procedures and applicable law. We encourage all users to delete all chat history from their cellular device, in case your mobile device is lost or stolen.
3.17. Updates and marketing
3.18. Links and third-party websites and applications
The RxCloud Platform may contain links to other websites that we do not own or operate. These links are not intended as an endorsement of or referral to the linked websites. We strongly encourage you to review the privacy policies applicable to any site you visit. This Policy does not apply to such linked pages or other sites, and we are not responsible for the content or practices of any linked websites or their operators which are provided solely for your convenience.
5. Questions and how to contact us
“Authorized Physician” means a physician or Doctor of Optometry, who is registered to practice medicine in a Province or Territory of Canada, meets RxCloud’s other criteria and is permitted to provide Healthcare Services and/or Informational Services through the RxCloud Platform.
“Authorized Non-Physician Provider” means an independent, regulated health professional (such as a psychotherapist or a nurse) registered to provide healthcare in a Province or Territory of Canada, meets RxCloud’s other criteria and is permitted to provide Healthcare Services and/or Informational Services through the RxCloud Platform.“
Business Facilitation Services” means the provision of information about products and services an Authorized Vendor is ready to supply to healthcare professionals through the RxCloud app.
“Data” means information collected or compiled through the RxCloud Platform which has been
de-identified in relation to PHI, means to remove information that identifies the individual or for which it is reasonably foreseeable in the circumstances that it could be utilized, either alone or with other information, to identify the individual.
“Device” means a mobile or desktop device owned or controlled by a User and used to access RxCloud Physician Services.
“Healthcare Professional” means Physicians, Healthcare Practitioners, Clinical Counsellors, Mental Health Counsellors, Ophthalmologists, Doctors of Optometry, Opticians Eye Health Navigators, and Style Consultants providing services through the RxCloud Platform as Authorized Physicians or Authorized Non-Physician Providers or users of the RxCloud app.
“Health Care” means any observation, examination, assessment, care, service or procedure that is provided by a physician or a non-physician healthcare provider to an individual to diagnose, treat, or maintain the individual’s physical or mental condition, to prevent disease or injury to the individual, or to promote the individual’s health.“Healthcare Services” means the provision of Health Care by an Authorized Physician or an Authorized Non-Physician Provider through the RxCloud Platform.
“Informational Services” means the provision of general information about a disease or condition, rather than patient-specific medical information, for educational purposes only and for clarity, not including a diagnosis, treatment or advice based on observation, examination or assessment of a particular patient.
“RxCloud Platform” means the hardware, software, applications, websites, content, products and services owned and/or operated by us, which include the software that enables Authorized Physicians and Authorized Non-Physician Providers to provide Healthcare Services and Informational Services to Authorized Users.
“Patient” means an identifiable individual seeking healthcare or informational advice from a Healthcare Professional through the RxCloud Platform in a mobile app or on the website.
“Personal Information” means information about an identifiable individual which is not PHI and which is collected, created, compiled, used, disclosed or otherwise transmitted and/or stored on or by means of the RxCloud Platform
“Personal Information” means information about an identifiable individual which is not PHI and which is collected, created, compiled, used, disclosed or otherwise transmitted and/or stored on or by means of the RxCloud Platform
“Personnel” in relation to RxCloud, means its employees and agents including independent contractors and sub-contractors, for whom RxCloud is responsible at law.
“PHI” or “personal health information” means information about an individual’s health or healthcare that is subject to Privacy Law and that is collected, created, compiled, used, disclosed or otherwise transmitted and/or stored on or by means of the RxCloud Platform.
“Privacy Law” means the applicable legislation governing the collection, use, disclosure, and/or protection of PHI in the Province or Territory in which a User resides.
“Services” means the RxCloud app, and our website available at rxcloud.ca
“You” means an individual who uses, or registers to use the RxCloud Platform or the RxCloud app for the services it is set to provide.