Who we are
Company Name: ExtensionMD, LLC (XMD)
Company HQ: New York City
Last Updated/Effective Date: January 5, 2021
Website address: https://www.extensionmd.com and https://extensionmd.com
What personal data we collect and why we collect it
In general, you can visit XMD on the Internet without telling us who you are and without giving any personal information about yourself. There are times, however, when we or our partners may need information from you.
You may choose to give us personal information in a variety of situations. For example, you may want to give us information, such as your name, physical or email address, to allow us to correspond with you, to process an order or to provide you with a subscription. You may give us your credit card details to buy something from us or give us a description of your education and work experience in connection with a job opening at XMD. We intend to let you know how we will use such information before we collect it from you; if you tell us that you do not want us to use this information to make further contact with you beyond fulfilling your requests, we will respect your wishes. If you give us personal information about somebody else, such as a spouse or work colleague, we will assume that you have their permission to do so.
The following paragraphs describe in more detail how XMD may use your personal information and with whom we may share it. Depending on the type of XMD website you are visiting, one or more of the paragraphs may apply. For example, if you order a product or service from the XMD website, your information will be handled as described below.
If you request something from the XMD website, whether a product or service, a callback or specific marketing materials, we will use the information you provide to fulfill your request. To help us do this, we may share information with others, for instance, other parts of XMD, XMD’s Business Partners, financial institutions, shipping companies, postal or governmental authorities (most likely customs authorities) involved in fulfillment. In connection with a transaction, we may also contact you as part of our customer satisfaction surveys or for market research purposes.
Fulfilling Your Transaction Request and Marketing Use
The information you provide to XMD on certain XMD websites may also be used by XMD and select third parties for marketing purposes. Before we use it, however, we will offer you the opportunity to choose whether or not to have your information used in this way.
If you participate in an XMD discussion forum, blog post commenting or chat room, you should be aware that the information you provide there will be made broadly available to others, potentially inside or outside XMD, who have access to that discussion forum, blog post comment(s) or chat room. Also, please recognize that specific forums, comments, and chat rooms may have additional rules and conditions. Each participant’s opinion on a forum, comment page, or chat room is their own and should not be considered as reflecting the opinion of XMD.
We intend to protect your personal information and to maintain its quality. We implement appropriate measures and processes, such as using encryption when transmitting certain sensitive information, to help us to keep your information secure and to maintain its quality. From time to time we may supplement the information you give us via an XMD website with information from other sources, such as information validating your address or other available information about businesses. This is to help us maintain the accuracy of the information we collect and to help us provide a better service.
We sometimes collect non-identifiable information from visits to our websites to help us provide better customer service. For example, we keep track of the domains from which people visit, and we also measure visitor activity on XMD websites, but we do so in ways that keep the information non-identifiable. This information is sometimes known as “clickstream data.” XMD or others on XMD’s behalf may use this data to analyze trends and statistics and to help us provide better customer service.
When we collect personal data from you in a transaction, we may extract some information about that transaction in a non-identifiable format and combine it with other non-identifiable information such as clickstream data. This information is used and analyzed only at an aggregate level to help us understand trends and patterns. This information is not reviewed at an individual level. If you do not want your transaction details used in this manner you can disable your cookies.
Embedded content from other websites
Articles and posts on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
With respect to any information collected that is governed by the U.S. Health Insurance Portability and Accountability Act (HIPAA), XMD complies with its duties under the law by maintaining the privacy of protected health information as per the guidelines of the HIPAA Privacy Rule.
As a telemedicine, digital therapeutic service, XMD takes every precaution when collecting, processing and storing personal health information (PHI) and uses modern methods of hardware engineering, software development practices and secure IT standards to ensure the highest level of security and privacy are delivered and are deliberately designed into core parts of the service.
XMD will appropriately safeguard PHI in its system using accepted standard security and data privacy methods and procedures to effectuate those safeguards, including training its staff and contractors about proper use of protected health information.
XMD may use and disclose PHI in its delivery of the service and to ensure quality and updated functionality. PHI is never used in research and development or software testing without either data anonymization or an individual’s consent. Otherwise, PHI is used only those ways authorized by the HIPAA Privacy Rule.
As an individual, you have certain rights with respect to your PHI in the XMD system. You have a right to complain to HHS and to XMD directly if you believe that XMD has violated your individual privacy rights. In order to exercise those rights, or for further information about XMD privacy policies, please contact us with a specific request at firstname.lastname@example.org.
For more detailed information about how we use and disclose Your data, Download the ExtensionMD Notice of Privacy Practices.
U.S. & E.U. Privacy Shield Statement
The specific types of data we collect are typically related to legal proceedings whereby communications and documents you may have sent, received, or drafted are required to be preserved and possibly reviewed for relevance in such proceedings. Hence, your email address, phone number, address, education, work experience, or other similar personal information may be included in the collected materials. Other information that we might collect includes medical records or credit card number(s). Depending upon the circumstances of the reasons for data collection, you may request that your personal data be withheld from forwarding onward through the redaction of your personal information.
You have the right under the Privacy Shield Principles to access your personal data. If you wish to do so, please send your request to email@example.com. XMD will provide an appropriate response within 45 days.
You also have the right on the Privacy Shield Principles to choose (opt-out) whether your personal data is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. If you wish to opt-out, all you need to do is contact us at firstname.lastname@example.org.
Please note that applicable law allows certain exceptions to your ability to opt-out, such as where we are parties to a contract that is still being performed, where the law requires us to maintain information for warranty claims, or otherwise., Where applicable law permits us to retain and continue to use such information and we do so, we will do so only to the extent permitted or required by law. If you contact us to opt-out, we will explain the options available and comply with your request as required by the Principles and applicable law.
We will obtain your affirmative express consent (opt-in) from you if we connect sensitive information, as defined under the EU-U.S. Privacy Shield and that information are to be (i) disclosed to a third party or (ii) used for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice. We also treat as sensitive any personal data received from a third party where the third party identifies and treats it as sensitive.
XMD further acknowledges that it is subject to the investigatory and enforcement powers of the FTC, the Department of Transportation, or any other U.S. authorized statutory body. Under certain conditions, an individual may be able to invoke binding arbitration. XMD may be required to disclose personal information to lawful requests by public authorities, including to meet national security or law enforcement actions, and recognizes its liability in cases of onward transfers to third parties.
XMD has further committed to refer unresolved Privacy Shield complaints to the American Arbitration Association, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://go.adr.org/privacyshield.html for more information or to file a complaint. The services of the American Arbitration Association are provided at no cost to you.
Self-certified compliance with the Privacy Shield Framework.
Your California Rights
California Consumer Privacy Act (“CCPA”): XMD is not a “business” under CCPA. However, we may be a “service provider,” as defined under CCPA. In such a case, the business will have an agreement with XMD about the collection and use of data that the business provides to XMD for processing. If you have any questions or concerns about this, please do not hesitate to reach out to us. We have provided our contact information in the “California Residents’ Right Request” section below.
California “Shine the Light” law: If you are a California resident, California Civil Code Section 1798.83 permits you to make an annual request for information regarding the disclosure of categories of your personal data XMD has shared with a third party for the third party’s direct marketing purposes. Note, however, WE DO NOT SHARE YOUR PERSONAL DATA WITH ANY THIRD PARTY FOR DIRECT MARKETING PURPOSES. We have provided our contact information in the “California Residents’ Right Request” section below.
California Residents’ Right Request
To make any requests under this provision, please send an email to email@example.com or write to us at:
California Privacy Rights
928 Broadway, Suite 904
New York, NY 10010
Telephone: (646) 265-7708
We will endeavor to respond to your request within 30 days.