Midi

Privacy Policy

Effective date: September 23, 2024

  1. Introduction

    This Privacy Policy (our “Privacy Policy”) supplements Midi Health, Inc. and/or its subsidiaries’ (“Company,” “we,” “us,” and “our”) Terms and Conditions and describes how Company and Medical Groups collect, use, maintain, protect, and disclose Personal Data about you through the use of the Services. By “Personal Data,” we mean information that is personally identifiable to you.

    Please read this Privacy Policy carefully to understand our policies and practices regarding your Personal Data and how we will treat it. If you do not agree with this Privacy Policy, your choice is not to use the Services. By accessing or using the Services, you agree to this Privacy Policy. This Privacy Policy may change from time to time. Your continued use of the Services after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.

  2. Protected Health Information

    Please see the Medical Groups’ Notice of Privacy Practices to understand how we protect, use and disclose your protected health information as defined under the Health Insurance Portability and Accountability Act of 1996 and related laws and regulations (“HIPAA”). If your Personal Data is protected health information, we treat the protected health information in accordance with HIPAA and the Notice of Privacy Practices. To the extent this Privacy Policy conflicts with our HIPAA obligations or the Notice of Privacy Practices, we comply with HIPAA obligations or the Notice of Privacy Practices.

  3. Children Under the Age of 18 and Majority

    The Services are not intended for children under the age of 18. Children under the age of 18 are strictly prohibited from using the Services. We do not knowingly collect Personal Data from persons who are under the age of 18. If you are under the age of 18, do not use or provide any information on the Services or on or through any of their features, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Data from a child under the age of 18, we will delete that information. If you believe we might have any Personal Data from a child under the age of 18, please contact us at operations@joinmidi.com.

    If you access or use the Services, you represent and warrant that you are either at least 18 years old or otherwise have adequate authority and capacity to consent to use the Services under applicable state laws, federal laws or the authorization of a parent or legal guardian who agrees to be bound by the Terms and this Privacy Policy. If you are under 18 and lack sufficient authority to access or use the Services, do not use or provide any information on the Services. 

  4. Personal Data We Collect About You

    We collect different types of Personal Data about you. This section is intended to describe the Personal Data that we may collect about you.

    We collect the following types of Personal Data from and about Users of the Services:

    • name, postal address, billing address, shipping address, e-mail address, mobile telephone number, insurance information, including number, photo, and other associated information, date of birth, credit or debit card number (for payment purposes only), photos of you, your medical history, and health information;
    • traffic data, location data, logs, referring/exit pages, date and time of your visit to the Services, error information, clickstream data, and other communication data and the resources that you access and use on the Services; and
    • your Internet connection, the equipment you use to access the Services, and usage details.
  5. How We Collect Your Personal Data

    We collect Personal Data directly from you when you provide it to us, such as:

    • information that you provide by filling in forms on the Services (this includes information provided at the time of registering to use the Services, using Medical Groups Provider consultation services, purchasing products, reporting a problem with the Services, or requesting further services), and your User Contributions (as described in Section 8);
    • records and copies of your correspondence (including email addresses), if you contact us; and
    • details of transactions you carry out through the Services and of the fulfillment of your requests (you may be required to provide financial information before placing a request through the Services).

    We collect Personal Data directly from you automatically as you navigate through the Services (information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies) – see additional detail in Section 6 below;

    We collect Personal Data directly from you from third parties, for example, our business partners.

  6. Personal Data Collected Through and Use of Automatic Data Collection Technologies

    As you navigate through and interact with the Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, specifically:

    • details of your visits to the Services, such as traffic data, location data, logs, referring/exit pages, date and time of your visit to the Services, error information, clickstream data, and other communication data and the resources that you access and use on the Services; and
    • information about your computer, mobile device, and Internet connection, specifically your IP address, operating system, and browser type.

    The information we collect automatically may include Personal Data or we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It helps us to improve the Services and to deliver a better and more personalized service by enabling us to:

    • estimate our audience size and usage patterns;
    • store information about your preferences, allowing us to customize the Services according to your individual interests; or
    • recognize you when you return to the Services.

    The technologies we use for this automatic data collection include, among others:

    • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer or mobile device. On your computer or device, you may refuse to accept browser cookies by activating the appropriate setting on your browser, and you may have similar capabilities on your mobile device in the preferences for your operating system or browser. However, if you select this setting, you may be unable to access certain parts of the Services. Unless you have adjusted your browser or operating system setting so that it will refuse cookies, our system will issue cookies when you direct your browser to the Services. 
    • Pixels. Pixels are transparent images embedded in a website, email, or ad, and which contain a link to an external server. When a User interacts with an email, navigates to our Services, or views an ad, the User’s browser downloads the invisible image file. That action triggers a request from the pixel server, providing the server owner with knowledge of who downloaded the pixel as well as information like the operating system used, the type of browser used, the time the pixel was interacted with, the IP address, and more. Examples of pixels we use in the Services include Meta, Google, and other ad trackers. 
    • Mixpanel. We use Mixpanel, a web analytics service, to collect certain information relating to your use of certain parts of the Services. Mixpanel uses cookies and other tracking technologies to help the Services analyze how users use the Services. You can find out more about how Mixpanel uses data when you visit the Services by visiting https://mixpanel.com/legal/privacy-policy/.
  7. How We Use Your Personal Data

    We use your Personal Data for the business purposes described below:

    • provide the Services to you;
    • provide products and Services to you;
    • provide you with information you request from us;
    • enforce our rights arising from contracts;
    • to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
    • notify you about changes;
    • provide you with newsletters, advertisements, and other promotional communications (with your consent); 
    • to contact you in response to a request;
    • to fulfill any other purpose for which you provide it; 
    • for any other purpose with your consent; and
    • provide you with notices about your Account.

    With your consent, we may also use your information to contact you about goods and services that may be of interest to you, including through newsletters. If you wish to opt-out of receiving such communications, you may do so at any time by clicking unsubscribe at the bottom of these communications or by contacting us at operations@joinmidi.com.

  8. Disclosure of Your Personal Data

    We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Policy. 

    We may disclose Personal Data that we collect or you provide as described in this Privacy Policy:

    • to service providers and other third parties we use to support our business (the services provided by these organizations include providing IT and infrastructure support services, and ordering, marketing, and payment processing services);
    • to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Company about the Service Users are among the assets transferred;
    • to fulfill the purpose for which you provide it (for example, we may disclose your personal information to a health care provider);
    • for any other purpose disclosed by us when you provide the information; and
    • with your consent.

    We may also disclose your Personal Data:

    • to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
    • to enforce or apply our Terms and other agreements, including for billing and collection purposes; and
    • if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Company, our customers, or others (this includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction).

    In addition, we may disclose aggregated information about our Users, and information that does not identify any individual, without restriction.

    You also may provide information (hereinafter, “posted”) to other users of the Services or third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable.

  9. Choices About How We Use and Disclose Your Personal Data

    We offer you choices on how you can opt out of our use of tracking technology, disclosure of your Personal Data for our advertising to you, and other targeted advertising.

    We strive to provide you with choices regarding the Personal Data you provide to us. We have the following mechanisms to provide you with control over your Personal Data:

    • Tracking Technologies and Advertising. You can set your browser or operating system to refuse all or some cookies or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of the Services may then be inaccessible or not function properly.
    • Promotional Offers from Company. If you do not wish to have your email address used by Company to promote our own products and services, you can opt-out at any time by clicking the unsubscribe link at the bottom of any email or other marketing communications you receive from us or by contacting us. This opt out does not apply to information provided to Company as a result of a Service purchase or your use of our Services.
    • Targeted Advertising. To learn more about interest-based advertisements and your opt-out rights and options, visit the Digital Advertising Alliance and the Network Advertising Initiative websites (www.aboutads.info and www.networkadvertising.org). Please note that if you choose to opt out, you will continue to see ads, but they will not be based on your online activity. We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can also opt out of receiving targeted ads from members of the NAI on its website.

    We do not control the collection and use of your information collected by third parties as described in our Terms. These third parties may aggregate the information they collect with information from their other customers for their own purposes.

  10. Your Rights Regarding Your Personal Data

    You can review and change your Personal Data by logging into the Services and changing your Account information. You may also contact us at operations@joinmidi.com regarding any of your rights under applicable state laws; any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible; or to delete your Account. We may not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.

    See state-specific sections below on your rights under specific state laws.

  11. Do Not Track Signals

    We currently do not use automated data collection technologies to track you across websites. We currently do not honor do-not-track signals that may be sent by some browsers.

    Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. At this time, we do not honor such signals.

  12. Data Security

    Information transmitted over the Internet is not completely secure, but we do our best to protect your Personal Data. The safety and security of your information also depends on you. Where you have chosen a password for the use of the Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. 

    We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. We use encryption technology for information sent and received by us.

    Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to the Services. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services or in your operating system.

  13. Washington and Nevada Individuals.

    For individuals in Washington and Nevada, please refer to our Consumer Health Data Privacy Policy for additional information about the processing of your Personal Data that is “consumer health data” as defined under those laws.

  14. California Individuals.

    For individuals in California, you have rights under the California Consumer Privacy Act of 2018. Please see additional information below that is intended to satisfy our obligations under the CCPA to disclose certain information to you. 

    Personal Information We Collect About You. In the preceding 12 months, we have collected the following categories and specific types of consumer personal information:

    Categories of Personal Information:

    • Identifiers (e.g., a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers). Specific Types of Personal Information Collected: See Personal Data We Collect About You.
    • Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, their name, signature, physical characteristics or description, address, telephone number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Specific Types of Personal Information Collected: See Personal Data We Collect About You.
    • Characteristics of protected classifications under California or federal law. Specific Types of Personal Information Collected: See Personal Data We Collect About You.
    • Commercial information (e.g., records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies)
    • Biometric information. Specific Types of Personal Information Collected: See Personal Data We Collect About You.
    • Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with an Internet Website, application, or advertisement). Specific Types of Personal Information Collected: See Personal Data We Collect About You.
    • Geolocation data. Specific Types of Personal Information Collected: See Personal Data We Collect About You.
    • Audio, electronic, visual, thermal, olfactory, or similar information. Specific Types of Personal Information Collected: See Personal Data We Collect About You.
    • Professional or employment-related information. Specific Types of Personal Information Collected: See Personal Data We Collect About You.
    • Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (FERPA)
    • Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Specific Types of Personal Information Collected: See Personal Data We Collect About You.
    • Sensitive Personal Information. Specific Types of Personal Information Collected: See Personal Data We Collect About You.

    How Your Personal Information is Collected. We collect most of this personal information directly from you—in person, by telephone, text or email and/or via our website and apps. See How We Collect Your Personal Data and Personal Data Collected Through and Use of Automatic Data Collection Technologies.

    Why We Use Your Personal Information. We collect and/or share consumer personal information for the business purposes described in How We Use Your Personal Data and Disclosure of your Personal Data.

    Who We Share Your Personal Information With. In the preceding 12 months, we have sold or shared consumers’ personal information as described in Disclosure of your Personal Data.

    Categories of Personal Information We Sold or Shared. In the preceding 12 months, we have sold or shared the following categories of personal information: identifiers; Information that identifies, relates to, describes, or is capable of being associated with, a particular individual as described in Disclosure of your Personal Data. While we do not intentionally sell your personal information for monetary consideration, it is possible that some of our data sharing practices could be deemed a sale under the CCPA.  

    Categories of Personal Information We Disclosed for a Business Purpose. In the preceding 12 months, we have disclosed the following categories of personal information for a business purpose: identifiers; Information that identifies, relates to, describes, or is capable of being associated with, a particular individual as described in Disclosure of your Personal Data.

    How Long Your Personal Information Will Be Kept. We will keep your personal information while you have an account with us or while we are providing Services to you. Thereafter, we will keep your personal information for as long as is necessary:

    • To respond to any questions, complaints or claims made by you or on your behalf;
    • To show that we treated you fairly; or
    • To keep records required by law.

    We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information.

    When it is no longer necessary to retain your personal information, we will delete or anonymize it.

    Your Rights Under the CCPA. You have the right under the California Consumer Privacy Act of 2018 (CCPA), and certain other privacy and data protection laws, as applicable, to exercise free of charge:

    Disclosure of Personal Information We Collect About You:

    You have the right to know, and request disclosure of:

    • The categories of personal information we have collected about you, including sensitive personal information;

    • The categories of sources from which the personal information is collected;

    • Our business or commercial purpose for collecting, selling, or sharing personal information;

    • The categories of third parties to whom we disclose personal information, if any; and

    • The specific pieces of personal information we have collected about you.

    Please note that we are not required to:

    • Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;

    • Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or

    • Provide the personal information to you more than twice in a 12-month period.

    Disclosure of Personal Information Sold, Shared, or Disclosed for a Business Purpose:

    In connection with any personal information we may sell, share, or disclose to a third party for a business purpose, you have the right to know:

    • The categories of personal information about you that we sold or shared and the categories of third parties to whom the personal information was sold or shared; and

    • The categories of personal information that we disclosed about you for a business purpose and the categories of persons to whom the personal information was disclosed for a business purpose.

    You have the right to opt-out of the sale of your personal information or sharing of your personal information for targeted behavioral advertising. If you exercise your right to opt-out of the sale or sharing of your personal information, we will refrain from selling or sharing your personal information, unless you subsequently provide express authorization for the sale or sharing of your personal information. 

    To opt-out of the sale or sharing of your personal information, contact us at operations@joinmidi.com.

    Right to Limit Use of Sensitive Personal Information:

    You have the right to limit the use and disclosure of your sensitive personal information to the use which is necessary to:

    Perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services; 

    To perform the following services: (1) Helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes; (2) Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer’s current interaction with the business, if the consumer’s personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business; (3) Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business; and (4) Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business; and 

    • As authorized by further regulations.

    You have a right to know if your sensitive personal information may be used, or disclosed to a service provider or contractor, for additional, specified purposes.

    Right to Deletion:

    Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:

    • Delete your personal information from our records; and

    • Direct any service providers or contractors to delete your personal information from their records.

    • Direct third parties to whom the business has sold or shared your personal information to delete your personal information unless this proves impossible or involves disproportionate effort.

    Please note that we may not delete your personal information if it is reasonably necessary to:

    • Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;

    • Help to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for those purposes;

    • Debug to identify and repair errors that impair existing intended functionality;

    • Exercise free speech, ensure the right of another consumer to exercise their right of free speech, or exercise another right provided for by law;

    • Comply with the California Electronic Communications Privacy Act;

    • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;

    • Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;

    • Comply with an existing legal obligation; or

    • Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

    Right of Correction:

    If we maintain inaccurate personal information about you, you have the right to request us to correct that inaccurate personal information. Upon receipt of a verifiable request from you, we will use commercially reasonable efforts to correct the inaccurate personal information.

    Protection Against Retaliation:

    You have the right to not be retaliated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things:

    • Deny goods or services to you;

    • Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;

    • Provide a different level or quality of goods or services to you; or

    • Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

    Please note that we may charge a different price or rate or provide a different level or quality of Services to you, if that difference is reasonably related to the value provided to our business by your personal information. We may also offer loyalty, rewards, premium features, or discounts consistent with these rights or payments as compensation, for the collection of personal information, the sale of personal information, or the retention of personal information.

    How to Exercise Your Rights. If you would like to exercise any of your rights as described in this Privacy Policy, you can do so by contacting us at operations@joinmidi.com. 

    Please note that you may only make a CCPA-related data access or data portability disclosure request twice within a 12-month period.

    To exercise your rights, you will need to provide us with:

    • Enough information to identify you (e.g., your full name, address, and account information);
    • Proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill); and
    • A description of what right you want to exercise and the information to which your request relates.

    We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information or is someone authorized to act on such person’s behalf.

    Any personal information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification.

  15. Individuals in Other States

    You may have rights under other state consumer privacy laws, including Colorado, Connecticut, Oregon, Texas, Utah, and Virginia. Please contact us at operations@joinmidi.com if you have questions or would like to exercise a right under these laws.

  16. International Users

    The Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. Any information you provide to us through use of the Services may be stored and processed, transferred between and accessed from the United States and other countries that may not guarantee the same level of protection of personal data as the one in which you reside. However, we will handle your Personal Data in accordance with this Privacy Policy regardless of where your Personal Data is stored/accessed.

  17. Changes to Our Privacy Policy

    We may change this Privacy Policy at any time. If we make material changes to how we treat our Users’ Personal Data, we will notify you by email to the email address specified in your account and/or through a notice on the Services’ home page and invite you to review (and accept, if necessary) the changes. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you and for periodically visiting the Services and reviewing this Privacy Policy to check for any changes.

  18. Contact Information

    If you have any questions, concerns, complaints, or suggestions regarding our Privacy Policy or otherwise need to contact us, you may contact us at the contact information below.

    How to Contact Us:

    operations@joinmidi.com

Consumer Health Data Privacy Policy

This notice supplements the Privacy Policy and applies to personal data defined as “consumer health data” subject to the Washington State My Health My Data Act (MHMDA), the Nevada Health Data Privacy Act (NHDPA), or other applicable state consumer health privacy law.

Consumer Health Data We Collect

As described in the Personal Data We Collect About You section of the Privacy Policy, the data we collect depends on the context of your interactions with us and the choices you make (including your privacy settings), the Services you use, your location, and applicable law. Because consumer health data is defined very broadly, many of the categories of data we collect could also be considered consumer health data.

Examples of consumer health data may include:

  • Information about your health-related conditions, symptoms, status, diagnoses, testing, or treatments (including surgeries, procedures, medications, or other interventions). For example, we may collect such information through surveys or other communication with you for research studies and improving product accessibility.
  • Measurements of bodily functions, vital signs, or characteristics, including photographs, which may also be considered biometric information under the MHMDA, the NHDPA, or other applicable state consumer health privacy law.
  • Precise location information that could reasonably indicate your attempt to acquire or receive health services or supplies. 
  • Information that could identify your attempt to seek health care services or information, including services that allow you to assess, measure, improve, or learn about your or another person’s health. 
  • Other information that may be used to infer or derive data related to the above or other health information.

Sources of Consumer Health Data

As described further in the How We Collect Your Personal Data section of the Privacy Policy, we collect personal data (which may include consumer health data) directly from you, from your interactions with our Services, from third parties, and from publicly available sources.

Why We Collect and Use Consumer Health Data

We collect and use consumer health data for the purposes described in the How We Collect Your Personal Data and Personal Data Collected Through and Use of Automatic Data Collection Technologies sections of the Privacy Policy. Primarily, we collect and use consumer health data as reasonably necessary to provide you with the Services you have requested or authorized. This may include delivering and operating the Services and their features, personalization of certain Service features, ensuring the secure and reliable operation of the Services and the systems that support them, troubleshooting and improving the Services, and other essential business operations that support the provision of the Services (such as analyzing our performance, meeting our legal obligations, developing our workforce, and conducting research and development).

We may use consumer health data for other purposes for which we give you choices and/or obtain your consent as required by law – for example, for advertising or marketing purposes. See the Choices About How We Use and Disclose Your Personal Data section of the Privacy Policy and the How to Exercise Your Rights section below for more details on the controls and choices you may have.

Our Sharing of Consumer Health Data

We may share each of the categories of consumer health data described above for the purposes described in the Disclosure of Your Personal Data section of the Privacy Policy. In particular, we may share personal data, including consumer health data, with your consent or as reasonably necessary to complete any transaction or provide any Service you have requested or authorized, as described above.

For example, we share your content with third parties when you tell us to do so. And we may disclose data when we believe that doing so is necessary to comply with applicable law or respond to valid legal process.

Third Parties With Which We Share Consumer Health Data

As necessary for the purposes described above, we share consumer health data with the following categories of third parties:

  • Service providers. Vendors or agents (“processors”) working on our behalf may access consumer health data for the purposes described above. For example, companies we’ve hired to provide customer service support or assist in protecting and securing our systems and Services may need access to data to provide those functions.
  • Business partners. We may share consumer health data with other companies, for example, where you use a Service that is cobranded and jointly operated with another company, or where you use our Services to interact with another company.
  • Financial institutions & payment processors. When you make a purchase or enter into a financial transaction, we will disclose payment and transactional data to banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, analytics, or other related financial services.
  • Parties to a corporate transaction. We may disclose consumer health data as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets.
  • Affiliates. We enable access to data across our subsidiaries, affiliates, and related companies, for example, where we share common data systems or where access helps us to provide our Services and operate our business. 
  • Government agencies. As described in our Privacy Policy, we disclose data to law enforcement or other government agencies when we believe doing so is necessary to comply with applicable law or respond to valid legal process.
  • Other third parties. In certain circumstances, it may be necessary to provide data to other third parties, for example, to comply with the law or to protect our rights or those of our customers.
  • Other users and individuals. If you use our Services to interact with other Users of the Service or other recipients of communications, we will share data, including consumer health data, as directed by you and your interactions.
  • The public. You may select options available through our Services to publicly display and disclose certain information, such as your profile, demographic data, content and files, or geolocation data, which may include consumer health data.

How to Exercise Your Rights

If you are covered by the MHMDA, the NHDPA, or other applicable consumer health privacy law then you may have certain rights with respect to consumer health data, including rights to access, delete, or withdraw consent relating to such data, subject to certain exceptions. You can request to exercise such rights using the various tools and mechanisms described in the Choices About How We Use and Disclose Your Personal Data section of the Privacy Policy. For example, depending on the Service you use, you can access and make choices about your data through product controls. You can also access and clear some of your data through your web browser. And if you want to access or control consumer health data processed by us that is not available via those tools or directly through the Service you use, you can always contact us at operations@joinmidi.com.

If your request to exercise a right is denied, you may appeal that decision by contacting our support team at operations@joinmidi.com. If your appeal is unsuccessful, you can raise a concern or lodge a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint, the Nevada State Attorney General at https://ag.nv.gov/complaints/file_complaint/, or other regulatory authority as applicable.