Last updated: August 28, 2023
Notice to Users Outside the United States
GATHERING, USE AND DISCLOSURE OF NON-PERSONALLY-IDENTIFYING INFORMATION
Users of the Website Generally
“Non-Personally Identifying Information” is information that, without the aid of additional information, cannot be directly associated with a specific person. “Personally Identifying Information,” by contrast, is information such as a name or email address that, without more, can be directly associated with a specific person.
Like most website operators, Company gathers from users of the Website Non-Personally Identifying Information of the sort that Web browsers, depending on their settings, may make available. That information includes the user’s Internet Protocol (IP) address, operating system, browser type and the locations of the websites the user views right before arriving at, while navigating and immediately after leaving the Website. Although such information is not Personally Identifying Information, it may be possible for Company to determine from an IP address a user’s Internet service provider and the geographic location of the visitor’s point of connectivity as well as other statistical usage data. Company analyzes Non-Personally Identifying Information gathered from users of the Website to help Company better understand how the Website is being used. By identifying patterns and trends in usage, Company is able to better design the Website to improve users’ experiences, both in terms of content and ease of use.
From time to time, Company may also release the Non-Personally Identifying Information gathered from Website users in the aggregate, such as by publishing a report on trends in the usage of the Website.
“Device fingerprinting” can track devices over time, based on your browser’s configurations and settings. Because each browser is unique, device fingerprinting can identify your device, without using cookies. Since device fingerprinting uses the characteristics of your browser configuration to track you, deleting cookies won’t help. Device fingerprinting technologies are evolving and can be used to track you on all kinds of internet-connected devices that have browsers, such as smartphones, tablets, laptop and desktop computers. For more information please see: https://www.consumer.ftc.gov/articles/0042-online-tracking
Flash cookies, which are cookies written using Adobe Flash, may be permanently stored on your device. Similar to standard cookies, Flash cookies can retain user settings and actions and may enable a website to recognize a particular browser or device. Flash cookies are not managed by the same browser settings that are used for regular cookies.
A “Web Beacon” is an object that is embedded in a web page or email that is usually invisible to the user and allows website operators to check whether a user has viewed a particular web page or an email. Company may use Web Beacons on the Website and in emails to count users who have visited particular pages, viewed emails and to deliver co-branded services. Web Beacons are not used to access users’ Personally Identifying Information. They are a technique Company may use to compile aggregated statistics about Website usage. Web Beacons collect only a limited set of information, including a Web Cookie number, time and date of a page or email view and a description of the page or email on which the Web Beacon resides. You may not decline Web Beacons. However, they can be rendered ineffective by declining all Web Cookies or modifying your browser setting to notify you each time a Web Cookie is tendered, permitting you to accept or decline Web Cookies on an individual basis.
We may use third-party vendors, including Google, who use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize and serve ads based on your past activity on the Website, including Google Analytics for Display Advertising. The information collected may be used to, among other things, analyze and track data, determine the popularity of certain content and better understand online activity. If you do not want any information to be collected and used by Google Analytics, you can install an opt-out in your web browser (https://tools.google.com/dlpage/gaoptout) and/or opt out from Google Analytics for Display Advertising or the Google Display Network by using Google’s Ads help (https://support.google.com/ad/answer/262922?hl=en).
Scripts are pieces of code embedded in a website to define how the website behaves in response to certain key or click requests sent by the user. Scripts are sometimes used to collect information about the user's interactions with the website, such as the links the user clicks on. They are typically active only during a user's connection to our Website and are either deactivated or removed once the user disconnects from the website.
Aggregated and Non-Personally Identifying Information
We may share aggregated and Non-Personally Identifying Information we collect under any of the above circumstances. We may also share it with third parties and our affiliate companies to develop and deliver targeted advertising on the Website and on websites of third parties. We may combine Non-Personally Identifying Information we collect with additional Non-Personally Identifying Information collected from other sources. We also may share aggregated information with third parties, including advisors, advertisers and investors, for the purpose of conducting general business analysis. For example, we may tell our advertisers the number of visitors to the Website and the most popular features or services accessed. This information does not contain any Personally Identifying Information and may be used to develop website content and services that we hope you and other users will find of interest and to target content and advertising.
In addition, Company may make use of de-identified information in accordance with applicable privacy law.
Mobile Device Additional Terms
- Mobile Device. If you use a mobile device to access the Website or download any of our applications, we may collect device information (such as your mobile device ID, model and manufacturer), operating system, version information and IP address.
- Geo-Location Information. Unless we have received your prior consent, we do not access or track any location-based information from your mobile device at any time while downloading or using our mobile application or our services, except that it may be possible for Company to determine from an IP address the geographic location of your point of connectivity, in which case we may gather and use such general location data.
- Push Notifications. We may send you push notifications if you choose to receive them, letting you know when someone has sent you a message or for other service-related matters. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings.
- Mobile Analytics. We use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information, such as how often you use the application, the events that occur within the application, aggregated usage, performance data and where the application was downloaded from. We do not link the information we store within the analytics software to any Personally Identifying Information you submit within the mobile application.
We may provide you the option to connect your account on the Website to your account on some social networking sites for the purpose of logging in, uploading information or enabling certain features on the Website. When logging in using your social network credentials, we may collect the Personally Identifying Information you have made publicly available on the social networking site, such as your name, profile picture, cover photo, username, gender, friends network, age range, locale, friend list and any other information you have made public. Once connected, other users may also be able to see information about your social network, such as the size of your network and your friends, including common friends. By connecting your account on the Website to your account on any social networking site, you hereby consent to the continuous release of information about you to us. We will not send any of your account information to the connected social networking site without first disclosing that to you. Each social network may further allow you to set privacy controls around your information on their system, and our collection of information will always follow such controls and permissions. This feature is subject to continuous change and improvement by us and each social networking site involved, and therefore the available features and shared information are subject to change without notice to you.
We may use hyperlinks on the Website which will redirect you to a social network if you click on the respective link. However, when you click on a social plug-in, such as Facebook’s “Like” button, Twitter’s (X) “tweet” button or the Google+, that particular social network’s plugin will be activated and your browser will directly connect to that provider’s servers. If you do not use these buttons, none of your data will be sent to the respective social network’s plugin provider. So for example, when you click on the Facebook’s “Like” button on the Website, Facebook will receive your IP address, the browser version and screen resolution, and the operating system of the device you have used to access the Website. Settings regarding privacy protection can be found on the websites of these social networks and are not within our control.
COLLECTION, USE AND DISCLOSURE OF PERSONALLY-IDENTIFYING INFORMATION
As defined above, Personally Identifying Information is information that can be directly associated with a specific person. Company may collect a range of Personally Identifying Information from and about Website users. Much of the Personally Identifying Information collected by Company about users is information provided by users themselves when (1) registering for our service, (2) logging in with social network credentials, (3) participating in polls, contests, surveys or other features of our service, or responding to offers or advertisements, (4) communicating with us, (5) creating a public profile or (6) signing up to receive newsletters. That information may include each user’s name, address, email address and telephone number, and, if you transact business with us, financial information such as your payment method (valid credit card number, type, expiration date or other financial information), shipping information, and electronic signature. We also may request information about your interests and activities, your gender, age, date of birth, username, password, and other account registration details, hometown and other demographic or relevant information as determined by Company from time to time. Additional information you provide may include, but is not limited to, photographic or video images submitted for identification or non-diagnosis or treatment purposes, including photographs of your driver’s license or passport, information about third parties that you refer to us (e.g., name, email, and/or other contact information, relationship), any other information you provide when you contact or communicate with us. Users of the Website are under no obligation to provide Company with Personally Identifying Information of any kind, with the caveat that a user’s refusal to do so may prevent the user from using certain Website features.
BY REGISTERING WITH OR USING THE WEBSITE, YOU CONSENT TO THE USE AND DISCLOSURE OF YOUR PERSONALLY-IDENTIFYING INFORMATION AS DESCRIBED IN THIS “COLLECTION, USE AND DISCLOSURE OF PERSONALLY-IDENTIFYING INFORMATION” SECTION.
We also collect certain medical information on behalf of the Providers, which may include, but is not limited to:
- Health and medical data you submit for diagnosis or treatment purposes, including information in any questionnaires or surveys you complete for these purposes
- Previous doctors or other healthcare providers you visited
- Date of visit
- Images or videos you share for diagnosis or treatment purposes
- Communications with Providers
We may also receive information about you from our partners. For example, as part of our identity verification process, our vendor may send us information they have independently collected, such as your name, age, and estimated location. Our marketing partners may also send us information about you, even if you have not visited or registered on our site.
Qyral does not collect or create biometric information about you. To use some of our services, however, we may be required to verify your identity. If you are asked to submit proof of identity (such as a driver’s license or passport) we may share that and the selfie you shared with us with our identity verification partner, who may create biometric information about your face in order to verify that your selfie matches your proof of identity. Biometric information is not shared with Qyral and is deleted by our identity verification partner after completing the identity verification. Qyral may receive information extracted from your photos, such as information from your driver’s license and the confidence that there is a “match” between your two photos. We use this information to help verify your identity.
In addition to the information we collect directly from you, we may also collect certain information from the Providers who provide treatment or other services to you in connection with our service. This information may include, but is not limited to, diagnoses, treatment plans (including prescription details) and notes.
We may also receive information from third parties that pay for your care or provide you with treatment, laboratory care or prescription medication, which may include, for example, your prescription history and laboratory test results.
We may occasionally use your name and email address to send you notifications regarding new services offered by the Website that we think you may find valuable. We may also send you service-related announcements from time to time through the general operation of the service. Generally, you may opt out of such emails at the time of registration or through your account settings, though this may not opt you out of all emails, such as notices about your account, including service announcements and administrative messages.
General Use by Company
Company will disclose Personally Identifying Information under the following circumstances:
- Marketing Communications. Unless users opt-out from receiving Company marketing materials upon registration, Company may email users about products and services that Company believes may be of interest to them. If you wish to opt-out of receiving marketing materials from Company, you may do so by following the unsubscribe link in the email communications, by going to your account settings (if applicable) or contacting us using the contact information below.
- Third-Party Marketing Communications. Unless users opt-out from receiving marketing materials upon registration, Company may provide users’ email information to third parties, so that those third parties may directly contact them about additional products and services. To cease having your email information provided to third parties, you may do so by going to your account settings (if applicable) or contacting us using the contact information below. Even after opting-out, you may continue to receive marketing emails from third parties to whom Company already has provided your email information. You will be responsible for directly contacting such third parties to request cessation of further marketing emails.
- Third-Party Service Providers. We may share your Personally Identifying Information, which may include your name and contact information (including email address) with our authorized service providers that perform certain services on our behalf. These services may include fulfilling orders, providing customer service and marketing assistance, performing business and sales analysis, supporting the Website’s functionality and supporting contests, sweepstakes, surveys and other features offered through the Website. We may also share your name, contact information and credit card information with our authorized service providers who process credit card payments. These service providers may have access to personal information needed to perform their functions but are not permitted to share or use such information for any other purpose.
- Medical Groups and Providers: The Pharmacies and Providers to enable them to provide services to you and to collect payment on their behalf.
- Employees, Contractors, and Consultants: Some Company employees and operations contractors, and consultants may have limited access to your Personal Information in the course of providing services to you, including for the purpose of troubleshooting problems and/or resolving complaints. These contractors include vendors and suppliers that provide us with technology, services, and/or content for the operation and maintenance of the Website. Access to your Personal Information is limited to the information reasonably necessary for the employee or contractor to perform the function needed to resolve the issue or to provide or improve the service.
Children’s Personally Identifying Information
Our service is generally intended for use by individuals who are at least eighteen (18) years of age or such older age as may be required by applicable state laws in the jurisdiction in which an individual utilizes the Service. Individuals who are between the ages of thirteen (13) and eighteen (18) may use our services for the sole purpose of obtaining topical skincare products. The features, programs, promotions and other aspects of our service requiring the submission of Personally Identifying Information are not intended for anyone under 13 years of age. We do not knowingly collect Personally Identifying Information from children under the age of 13. If you are under 13 then you may not use or access our website or services at any time or in any manner. If we obtain actual knowledge that we have collected personal information through the Platform from a person under thirteen (13) years of age, we will use reasonable efforts to refrain from further using such personal information or maintaining it in retrievable form. If you are a parent or guardian of a child under the age of 13 and believe he or she has disclosed Personally Identifying Information to us please contact us at:
- By mail: Qyral, Attn: Privacy Officer 4250 El Camino Real, B414, Palo Alto CA 94306, with a subject line of "Removal of Minor Information. If you send by mail, please send by U.S. Certified Mail, Return Receipt Requested to allow for confirmation of mailing, delivery and tracking.
- By email: firstname.lastname@example.org, with a subject line of "Removal of Minor Information"
Protected Health Information
The Providers have adopted a Telehealth Consent that describes how they use and disclose Protected Information. By accessing or using any part of the Website, you are acknowledging receipt of the Notice of Privacy Practices.
COLLECTION AND USE OF INFORMATION BY THIRD PARTIES GENERALLY
We use reasonable electronic, personnel and physical measures to protect it from loss, theft, alteration or misuse. However, please be advised that even the best security measures cannot fully eliminate all risks. We cannot guarantee that only authorized persons will view your information. We are not responsible for third-party circumvention of any privacy settings or security measures. We are dedicated to protecting all information on the Website as is necessary. However, you are responsible for maintaining the confidentiality of your Personally Identifying Information by keeping your password confidential. You should change your password immediately if you believe someone has gained unauthorized access to it or your account. If you lose control of your account, you should notify us immediately.
In connection with any transaction that you conduct through the Service (e.g., the purchase or sale of any products or services on or through the Service), you may be asked to supply certain information relevant to the transaction, including, without limitation, your credit card number and expiration date, your billing address, your shipping address, your phone number and/or your email address. By submitting such information, you grant Qyral without charge the irrevocable, unencumbered, universe-wide and perpetual right to provide such information to third parties (e.g., payment processing companies, buyers on the Service, sellers on the Service) for the purpose of facilitating the transaction.
Qyral may retain your information for as long as it believes necessary; as long as necessary to comply with its legal obligations, resolve disputes and/or enforce its agreements; and/or as long as needed to provide you with the products and/or services of the Service or Qyral. Qyral may dispose of or delete any such information at any time, except as set forth in any other agreement or document executed by Qyral or as required by law.
Similarly, the Medical Groups and Providers may retain your information for as long as they believe necessary; as long as necessary to comply with their respective legal obligations, resolve disputes and/or enforce its agreements; and/or as long as needed to provide you with the products and/or services of the Medical Groups and Providers. The Medical Groups and Providers may dispose of or delete any such information at any time, except as set forth in any other agreement or document executed by the Medical Groups or Providers or as required by law.
CALIFORNIA PRIVACY RIGHTS
If you are a California resident, you have the right to know what personal information we collect, use, disclose or sell about you under the CCPA. Additionally, you have the right to access and delete your personal information.
To exercise these privacy rights and choices, please follow the instructions below:
- How to request access to your personal information: You may request access to your personal information twice in a 12-month period. To do so, please email us at email@example.com with the subject heading "California Privacy Rights,". In response, we will produce an Access Report detailing the personal information we have collected, disclosed, and/or sold about you. This Access Report will be delivered by mail or electronically at your request. Note, we may not always be able to fully address your request, for example, if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way. Please be aware that not all information sharing is covered by the California Privacy Rights requirements and only information on covered sharing will be included in our response.
- How to request deletion of your personal information: You may request that we delete the personal information it has collected and/or maintained about you. To do so, please email us at firstname.lastname@example.org, or call 1 (855) 496-0655. Note, we may need to retain certain personal information as permitted by law, such as to complete the transaction for which the personal information was collected, maintain an electronic medical record for a Medical Group or Provider, provide a requested good or service, detect security incidents, protect against malicious, deceptive, fraudulent or illegal activities, comply with legal obligations or to enable solely internal uses that are reasonably aligned with your expectations or lawful within the context in which you provided the information.
We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Verification: Please note, we will take steps to verify your identity before fulfilling any of the above requests. If you maintain an account with us, we will verify your identity through existing authentication practices for the account (e.g., login and password). If you are not a registered member, we will verify your identity by matching two or three data points that you provide with data points that we maintain and have determined to be reliable for the purposes of verification (e.g., browser or device ID).
Authorized Agents: Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your or your minor child's personal information. In order to designate an authorized agent to make a request on your behalf, you must provide written proof that you have consented to this designation unless the agent has power of attorney pursuant to California Probate Code sections 4000-4465. You must also verify your identity directly with us by providing a copy of your government issued identification.
Response Timing and Format: If you are a Qyral customer with an online account, we will deliver our written response to that account online or via email. If you are not a Qyral customer or do not have an online account, we will deliver our written response by mail or electronically, at your preference. The response will also explain the reasons we cannot comply with a request, if applicable. Please note, that if you are submitting a request regarding information you provided to a Medical Group, a Providers, or a Pharmacy, your request should be directed to that entity.
Anti-Discrimination Right: We will not discriminate against you for exercising any of your CCPA rights. But note that some of the functionality and features available to you may change or no longer be available to you upon deletion of your personal information or opt-out of sale of your personal information.
We do not and will not sell the personal information of minors under 16 years of age without affirmative authorization.
Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. The Website does not currently respond to DNT browser signals or mechanisms.
We strive to use reasonable physical, technical and administrative measures to protect information under our control. However, you must keep your Account password secure and your Account confidential, and you are responsible for any and all use of your Account. If you have reason to believe that the security of your Account has been compromised, please notify us immediately in accordance with the "Contacting Us" section below.
704 S.Spring Street Suite 1402 Los Angeles, CA 90014
Attn: Privacy Officer
For additional information, call U.S Office of Civil Rights at (800) 368-1019 (Voice) or (800) 537-7697 or via Fax: (202) 619-3818 or email: email@example.com , or contact your local Office of Civil Rights of the U.S. Department of Health and Human Services: https://www.hhs.gov/ocr/about-us/contact-us/index.html#ocr-regional-offices.
Changes to this Notice