Privacy

NDPSC (STARFIELD SOFTWARE) PRIVACY POLICY

EFFECTIVE February 1, 2023

Version 1

 

INTRODUCTION

This is a policy of the North Dakota Pharmacy Services Corporation (NDPSC) for its Starfield software application.  This privacy policy describes the personal information protected under applicable privacy and data protection law, which we collect or process about you or that could identify you when you use our products, services or websites, and how and why we collect or process it. “Personal Information” includes Site Information, Account Information, Order Information, Health Data and Other Use Information, Communications Information, Third Party Information, Third-Party Site Information, Derived Information, and Other Identifiable Information (as defined below).

When referring to “NDPSC” or “Starfield”, “we”, “our” and “us”, we mean the NDPSC entity which is providing the Products and Services (as defined below) to you under the terms of the respective Products and Services and thus acting as controller with respect to your Personal Information collected or processed in connection with such Products and Services; or the Affiliate with which your Personal Information was lawfully shared in accordance with this privacy policy.

Our products and services include our websites (including our online store) and our software applications. 

We may collect and process your Personal Information as described below.

  • Site Information, which means information you input into, or is otherwise associated with your access and which may constitute Personal Information, to any of our websites. Site Information includes without limitation information about the devices, apps, internet service, IP address, and browsers that you use to access our website; your online browsing behavior such as the sites you visit before and after visiting our websites, your activities on our site including the pages you view, how long you view them, product descriptions read, forms submitted, videos watched, shopping cart contents, and your clicks on our site pages; and, the passwords, security answers, and your user preferences that you provide to us.
  • Account Information, which means Personal Information associated with your account. Account Information may include your contact information such as your name, billing and shipping address(es), phone number and email address; your username and password; birth date and place; gender; pregnancy status; employment information, and your health information.
  • Order Information, which means Personal Information associated with your order from or payment to us for any NDPSC Products or Services. Order Information includes your contact information such as your name, shipping and billing address(es), phone number and email address; NDPSC username and password; birth date and place; gender; pregnancy status; employment information; financial information; health insurance information; and, identification numbers associated with your NDPSC Products.
  • Health Data and Other Use Information, which means Personal Information associated with your use of our Products or Services, including those Products and Services accessible through our websites.  It also includes contact information of any person that you designate to receive your health information through functionality of a NDPSC Product or Service (see below how we share information with your Designated Recipients; contact information; information about the devices, internet service, IP address, and browsers that you use to access and use our Products and Services; information about your settings and your activities associated with your use of our Products and Services (e.g. how frequently you use our services and your user preferences); usernames, passwords, security answers, and location data you input into our Products and Services; and, information associated with your viewing of any video available within our services; forms that you submit electronically through our services, including the any NDPSC Warriors application you submit. Use Information also includes the username and health information of any person for whom you order or pay for our Products and Services.
  • Communications Information, which means any information that you communicate to us through any means, directly or indirectly, and that may be Personal Information. Communications Information includes the content of your communications to us along with any associated metadata. Communications Information may include contact information, financial information, and health information.
  • Third-Party Information, which means any Personal Information about you that is provided to us by a third-party that you have authorized. Third-Party Information may include contact information and health information.
  • Third-Party Site Information, which means any Personal Information associated with your activity on third-party websites that are accessed through our websites or software.
  • Derived Information, which means information that we create by combining and/or analyzing some or all the information described above, and which may constitute Personal Information.
  • Nonidentifiable Information, which means information that does not reveal your identity, could not be used to identify or track you, and, therefore, is not protected as Personal Information under applicable law.
  • Other Identifiable Information. Other Identifiable Information means information that identifies you or could be used to identify your; that is not listed above; and, is collected pursuant to your consent or otherwise in accordance with applicable law.

COLLECTING INFORMATION FROM YOU

We, and Service Providers acting on our behalf, collect Personal Information about you when you provide it to us directly.

FROM THIRD PARTIES YOU AUTHORIZE.

We collect Personal Information about you from third-parties when you have authorized such third-parties to provide it to us.  We also collect Personal Information about you from third parties who host social media webpages that we manage, as far as this is done based upon your consent or otherwise in line with applicable data protection law.

FROM YOU INDIRECTLY THROUGH COOKIES AND OTHER TECHNOLOGIES.

We also collect Personal lnformation about you when you use our Products or Services to provide functionality to our Products and Services; to recognize you across devices when using our Products and Services; in each case this is justified under applicable data protection law for our legitimate business purposes.

We may use the following technologies.

  • Cookies
    Please note that, though some browsers have incorporated “Do Not Track” (DNT) features that send a signal to the websites you visit to indicate that you do not wish to be tracked, we do not have the ability to recognize or honor browser DNT or similar signals at this time.
  • Analytics: We may use third-party analytics in connection with our Products and Services. Such third-party services may use cookies and similar technologies to collect and analyze information about use of the Products and Services and to report on activities and trends. Such services may also collect information regarding the use of other websites, apps and online services.
  • Web beacons, pixel tags or clear GIFs track and otherwise process your activities on our services, websites and emails you send, receive or read through our services or websites.
  • Device and connection information is information that we or our Service Providers (defined below) collect about your computer, phone, tablet or other devices you use to access our services and websites.

PROCESSING

We may need to hold, process, and transfer your Personal Information but will do so solely for legitimate business purposes in accordance with applicable laws, regulations, and guidelines. We will only disclose your Personal Information on a need-to-know basis to those who are authorized to use it for these purposes.

We process the Personal Information listed above for purposes including:

  • As required to establish, perform, maintain, or terminate a contractual relationship with you and to enable us to manage your account and NDPSC Products and Services applicable to you.
  • As required to enable our business and pursue our legitimate business interests where our interests are not overridden by your data protection rights, as applicable. If you require further information on our legitimate business interests, please contact us at the information below.
  • Compliance with applicable laws and protection of our legitimate business interests, legal rights and obligations.
  • Where you have given consent.

HOW WE SHARE PERSONAL INFORMATION WE COLLECT

Most Personal Information will remain with us, but we may share your Personal Information for the purposes explained above with the following recipients, and in each case always in accordance with applicable privacy and data protection laws.

We share information we collect and process with:

  • Designated Recipients. Individuals or entities that you designate or instruct us to share your Personal Information with.
  • Authorized care team members and contacts you have authorized to be aware of your care, account, and/or data. 
  • Third-Party Integrations. 
  • Other Third-Party Products or Services.
  • Other Third-Parties You Designate. 
  • Other circumstances allowed by HIPAA.

    You are responsible for determining your Designated Recipients and providing us accurate information for your Designated Recipients. We do not verify the accuracy of any information you provide with respect to your Designated Recipients.

    Once you establish a Designated Recipient, and have provided any applicable consents or authorizations, we share your Personal Information with that Designated Recipient until you terminate the designation. We have no control over what the Designated Recipient does with your Personal Information.
  • Service Providers, which means third-party entities, business partners or others that provide services or perform functions on our behalf so that we may operate and manage our business, including but not limited to providing our Services and Products to you. Our Service Providers may include entities that perform the following on our behalf:
    • Marketing and surveys;
    • Data hosting, storage, retrieval and analytics services;
    • Software development
    • Administrative functions and processes, including but not limited to email services and shipping services;
    • Legal functions and processes;
    • Control and compliance processes; and
  • Government Authorities and Law Enforcement Officials
  • Courts and Administrative Tribunals
  • Distributors

HOW WE SECURE PERSONAL INFORMATION WE COLLECT

We use appropriate administrative, organizational and technical safeguards to protect information from loss, misuse, and unauthorized access, disclosure, alteration and destruction in light of the nature of the information processed. Personal Information transmitted through our Products and Services is encrypted when transmitted. Please note that no data transmission or storage system is guaranteed to be entirely secure. If you feel that your interaction with us is no longer secure, please contact us immediately.

HOW LONG WE STORE PERSONAL INFORMATION WE COLLECT

Where we enter into a contract with you, we will keep your Personal Information for the duration of the contractual relationship you have with us, and, to the extent permitted, after the end of that relationship for as long as necessary to perform the purposes set out in this privacy policy. The criteria to determine the storage period are statutory and contractual requirements, the nature of our relationship with you, the nature of the data concerned, and technical necessities.

Where we process Personal Information with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests), if there is no other legal ground for further processing (e.g., a statutory obligation to retain your Personal Information.

In other cases, we may retain data for an appropriate period after any relationship with you ends to protect ourselves from legal claims, to administer our business, or to the extent permitted by applicable law, which may require us to hold your Personal Information for specific periods.

YOUR RIGHTS AND HOW TO EXERCISE YOUR RIGHTS

] Where our use of your Personal Data is based on your consent, you also have the right to withdraw that consent at any time (please see below for more details).

When you submit a request to us to exercise your rights, we will respond as appropriate and within the timeframe permitted under applicable law. We will retain your request and our response (including any supporting documentation) in compliance with applicable law. Also, we will continue to retain and otherwise process your Personal Information to the extent required to comply with applicable law; or, to establish, exercise or defend our legal claims and rights.

  • Withdraw Consent. You may opt out or revoke your consent to, as applicable, receive promotional communications from us by selecting the “unsubscribe” link in the promotional email we send you, by phoning us at our phone number communicated to you in the promotional email or by contacting us at the information below. Please note that, even after you opt-out or revoke your consent to receive promotional materials from us, you will continue to receive transactional messages if you have an account with us or otherwise use our Products or Services. We may also need to retain certain information for recordkeeping purposes.

  • Sharing with Designated Recipients. For Designated Recipients that are Followers or third-party integrations, you may revoke your sharing with these Designated Recipients through the relevant NDPSC or Starfield app or website within which you have added the Designated Recipients. For all other Designated Recipients, you may stop sharing by contacting us.

OTHER IMPORTANT PRIVACY INFORMATION

Changes to our Privacy Policy

From time-to-time, we may change our privacy policy. We will post any changes on this page. To the maximum extent permitted by applicable law, any changes will become effective when we post the updated privacy policy on our website, and your use of our Products and Services following these changes means that you accept the updated privacy policy. We encourage you to review our privacy policy when you use our Products and Services to stay abreast on our information practices.

If we make a change to our privacy policy and you disagree with the change, you will need to stop providing us your information; stop accessing and otherwise using our Products and Services; and, if you have an account, terminate your account and may choose not to submit any further Personal Information.

CONTACT US

For privacy inquires or complaints, or to exercise any of your privacy rights, we may be contacted:

  • By Email at admin@starfield.health
  • By mail at:
    NDPSC
    Attn: Data Privacy Officer
    1641 Capitol Way
    Bismarck, ND 58501
    United States of America