Effective July 31, 2024
1. Who is Frontline Medical?
Frontline Medical is a regional company dedicated to the healthcare business. Frontline Medical provides medical care to patients.
When we use the term Frontline Medical or we in this policy, we mean Frontline Holding Companies and subsidiaries (MDforYou PLLC).
2. What Data Does This Privacy Policy Cover?
This Privacy Policy covers our online and offline interactions with you where we decide how your personal data is processed. For example, this Privacy Policy applies when you visit a Frontline Medical website or application that links to this Privacy Policy (collectively, our “Sites”), when you interact with our Services, or when you contact our support team, speak to our sales representatives, or otherwise interact with Frontline Medical offline.
Throughout this Policy, we use the term “personal data.” This term generally means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked with an identified or identifiable individual. The laws of some jurisdictions, however, define personal data, or a similar term such as personal information, more broadly than this. Other jurisdictions’ laws may exclude certain information about you, such as your business contact details, from the definition of personal data. We will apply the definition of personal data contained in applicable privacy law.
3. What Data Isn’t Covered by This Privacy Policy?
- Customer Content. This Policy does not apply to personal data that may be included in the files, documents, recordings, chat logs, transcripts, and similar data that we maintain on our customers’ behalf, as well as any other information our customers may upload to their Frontline Medical account(s) in connection with their use of our Services (which we refer to as “Content” in our Terms of Service). This is because our customers, and not us, make the decisions about how and why they process your personal data. We process this personal data in accordance with the terms of our agreement with them.
If you have any questions about how a Frontline Medical customer uses or processes your personal data, or if you wish to exercise your rights with respect to personal data they process about you, contact the Frontline Medical customer directly.
- Anonymized, De-identified, or Aggregated Data. Personal data that has been anonymized or de-identified can no longer identify an individual. Aggregated data is data that has been combined and does not relate to a single individual. Therefore, these data are not personal data and are not covered by this Policy.
- Third-Party Websites and Applications. This Policy does not apply to any third-party websites, applications or services, even if these are accessible through Frontline Medical’s websites or Services. The owners of the third-party websites, services or applications are responsible for establishing the terms and conditions and privacy policies for them. You should familiarize yourself with their privacy practices.
- Personal Data Subject to Other Frontline Medical Privacy Policies. From time to time, Frontline Medical will provide privacy policies that are tailored to specific types of interactions with certain categories of individuals. When we do this, the personal data that is covered by that privacy policy is not covered by this Privacy Policy. For example, we provide a separate privacy policy for job applicants, which you can find here.
4. How Do We Collect Personal Data?
As part of its normal business operations, Frontline Medical collects personal data about you from the following sources:
- From You. We may receive personal data about you when you provide it to us, such as when you visit our Sites or interact with our Services or otherwise provide us information online (e.g., when you create an account, fill in a form, register for events, download content, or answer a survey) or when we interact with you offline, such as when you visit a facility, attend an event or trade show, or talk to us over the phone;
- From Others. We may receive personal data about you from other sources, such as our partners that you interact with, data aggregators that may not have a direct relationship with you, or others, such as our service providers, that collect information about you on our behalf; and
- Through Automated Means. We may receive personal data about you automatically, such as when our Sites or Services log certain information about your interactions.
5. What Personal Data Do We Collect?
We collect the following categories of personal data about you:
- Identifiers. This category of personal data includes data that serves to uniquely identify you. It includes, for example, information such as your name, alias, social media handles, contact details (such as email addresses, phone or fax numbers or physical or postal addresses), account names, customer numbers, unique personal identifiers, signatures, online identifiers, Internet Protocol addresses, or other similar identifiers.
- Commercial and Financial Information. This category of personal data includes the history and records of products or services you have considered or obtained from us, or other purchasing or consuming histories or tendencies, including information needed to facilitate transactions with Frontline Medical, payment transactions (including credit or debit card number or similar financial information) and payment history data, and details about services you received or Frontline Medical activities in which you participated, including surveys, focus groups, and other Frontline Medical events. In connection with the foregoing, we may also collect demographic data such as income, age bracket and similar information.
- Professional or Employment-Related Information; Education History. This category of personal data relates to your employment and includes information such as your employer, job titles and work locations. In certain limited circumstances, we may also collect information about your educational history, such as if you join us as a guest speaker for a Frontline Medical event or where we are seeking specialized vendor services.
- Protected Characteristics. We do not generally seek to collect Protected Characteristics. This category of information includes data that is typically protected by law, such as age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, and veteran or military status. If we collect this type of personal data, which is also treated as sensitive personal data under certain data protection laws, we collect and process it only as permitted by law.
- Internet or Other Electronic Network Activity Information. This category of personal data includes information about your systems or devices, such as your system or network ID, your operating system type and version, your device manufacturer and model, screen resolution, browser type, browser version, the pages of a Site you visit, the time and date of your access to a Site, unique device identifiers, user name and passwords, and usage activity and diagnostic information, including access logs, activity logs, browsing and search history, and other similar information. In addition, we may collect diagnostic data along with information your browser sends us when you visit our Sites or Services. We also use cookies and other similar technologies, as described in Section 8 of this Policy.
- Audio, Electronic, Visual, or Similar Information. This category includes photographs, recordings made during audio or video calls with us, during focus groups or usability testing, conferences or events, testimonials, and otherwise.
- Inferences, Preferences, and Other Information. This category consists of inferences drawn from any of the information identified above, such as your contact mode preferences, product interests, calendar availability, contact time preferences, language preferences, and other similar information.
- Sensitive Personal Data. This category of personal data is typically defined under applicable privacy law, which may limit the way this information may be collected. We do not collect sensitive personal data unless we have complied with applicable legal requirements. This type of information may include your government ID numbers, such as your social security, driver’s license, state identification card, or passport number; your Frontline Medical account log-in and password or credentials allowing access to your account; and your debit card or credit card number in combination with any required security code (CVV).
6. How Do We Use Personal Data We Have Collected?
We use your personal data for the following purposes:
- To Prepare to Enter Into, To Enter Into, and to Perform a Contract With You. We use personal data to prepare to enter into and to enter into contracts and other agreements with you. We also use personal data when we perform our contracts, including when we perform our obligations under them and monitor the parties’ compliance with their undertakings. Examples of contracts we may enter into with you include contracts for Services or Site access, or other arrangements, such as engagements for usability testing, market research, to speak at a forum or to provide testimonials about our Services, or where you provide products or services to us.
- To Operate Our Business. We may use personal data to create and administer your accounts with us; to process payments and other transactions associated with our Services; to communicate with you about our Services; to update, maintain, use and analyze our records; to provide and operate our Sites and Services; to understand how you use our Sites and Services for purposes consistent with this Privacy Policy, including to understand what you like and dislike about them; to provide support and maintenance for our Sites and Services; to respond to support and Service or Site issues; to improve and develop our internal business processes, Sites, and Services; to train our personnel; to answer questions you have asked us; to address requests you have made or concerns you have raised; and to otherwise communicate with you.
- To Conduct Research on New Products, Services, and Markets. We may use personal data to research new products, services and markets, including when we receive your feedback or survey responses or when we otherwise obtain or collect information about your experiences with or opinions about us or your overall business needs; when we engage in market research; when we understand how you use our Sites and Services and what you like and dislike about them; and when we engage in social listening initiatives.
- To Provide You with Information That May Be of Interest To You. We may use your personal data for marketing and communications purposes, such as where we provide you with or send you information about us, our Services or the industry. Examples of these communications include advertisements, news, newsletters, events, conferences and webinars, whitepapers and surveys, special offers, contests, sweepstakes and other similar commercial information. We may use your information to advertise online and offline, which may be targeted to you based on your use of our Sites, Services and other online and offline activity. We also may, to the extent permitted by law, combine, correct, and enrich personal data that we receive from you with data about you from other sources, including publicly available databases or from third parties, to update, expand, and analyze our records, identify new prospects for marketing, and provide Services that may be of interest to you.
- For Security, Integrity, Safety, and Fraud Prevention. We process personal data to protect our, your, or others’ rights, privacy, health, safety, or property; to undertake reasonable efforts to monitor the use of our networks, assets, and facilities (including our Sites and Services) and to secure them; to address technical issues with our networks and assets (including our Sites and Services); to prevent, detect, and respond to security events and incidents; to prevent and respond to alleged fraudulent, unauthorized, or unlawful activity, and violations of our terms of service; and to protect public safety.
- To Comply with Applicable Laws and With Legal and Administrative Requests; To Protect Our Rights; To Assess Compliance with Policies; and To Assert and Defend Against Claims. We use personal data to comply with our obligations under applicable law; to pursue and/or defend legal claims and manage disputes; to enforce our terms of service and other agreements; to audit our internal processes for compliance with our legal and contractual obligations and our internal policies; and to respond to lawful requests from governmental authorities, including writs, subpoenas, or legal discovery processes.
We do not use this data for serving advertisements, nor do we allow humans to read the data (i.e., by utilization of robust access controls, procedures, etc., inclusive of the principle of least privilege) unless: (i) we have your affirmative agreement for specific data; (ii) doing so is necessary for security purposes, such as investigating abuse; (iii) it is in response to requested support/troubleshooting; (iv) to comply with applicable law; and/or (v) if the data have been anonymized or otherwise deidentified, for our internal operations related to the applicable Frontline Medical Products.
7. Do We Disclose Personal Data?
We disclose your personal data: (a) to our affiliated companies that are directly or indirectly owned by our parent company, Frontline Medical Group, Inc.; (b) to third parties at your direction, with separate, specific notice to you, or with your consent; (c) to third-party service providers, business advisors, or consultants, who need it to provide their services to us; (d) in connection with a merger, divestiture, acquisition, reorganization, restructuring, financing transaction or sale of assets; and (e) as required by law or administrative order, to assert claims or rights, or to defend against legal claims.
8. Do We Use Cookies and Other Tracking Technologies?
We use first- and third-party cookies and other tracking technologies on our Sites and Services. We use these technologies for the following purposes:
- To Enable Our Sites. These technologies are essential and must be enabled for our Sites to work.
- To Tailor Your Experience on Our Sites. These technologies help customize your experience by remembering your preferences or facilitating certain Site functionality. For example, they may enable your language preferences or facilitate your login experience. You can disable these technologies, but certain features of our Sites may not work or may work differently.
- To Understand How Users of Our Sites Utilize Our Features. These technologies monitor certain user actions and help us understand how our visitors use our Sites, what webpages, features and functions they like and dislike, and where they may have experienced problems that need to be addressed.
- To Help Us Provide You with Information About Our Services. These types of technologies help us promote our Services or understand whether our marketing efforts are effective.
You can adjust which cookies and tracking technologies you want to allow, as stated in the “Exercising Choice” section below.
Google Analytics and Adobe Marketing Cloud
We use Google Analytics as described in “How Google uses data when you use our partners’ sites or apps.” You can prevent your data from being used by Google Analytics on our websites by installing the Google Analytics opt-out browser add-on, available here. For enhanced privacy purposes, we also employ IP address masking, a technique used to truncate IP addresses collected by Google Analytics and store them in an abbreviated form to prevent them from being traced back to individual users. Portions of our website may also use Google Analytics for Display Advertisers including DoubleClick or Dynamic Remarketing which provide interest-based ads based on your visit to this or other websites. You can use Ads Settings to manage the Google ads you see and opt-out of interest-based ads. If you opt-out of interest-based ads, you may still see our advertisements, although they will not be targeted to you. We also use Adobe Marketing Cloud as described here. You can similarly exercise your rights with respect to use of this data as described in the “Exercising Choice” section below.
Social Media
Many of our websites include social media features, such as Facebook, LinkedIn, Google, and X (formerly Twitter) “share” buttons. If you use these features they may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly – you can exercise your rights with respect to the use of this data as specified in the “Exercising Choice” section below. These services will also authenticate your identity and provide you the option to share certain personal data with us such as your name and email address to pre-populate our sign-up form or provide feedback. Your interactions with these features are governed by the Privacy Policy of the third-party company providing them.
Exercising Choice
Frontline Medical’s Cookie Consent Manager (available via the “Cookie Preferences” hyperlink at the bottom of this page) provides you with information about the types and categories of cookies and other web analytics tools used on Frontline Medical’s Sites and gives you the ability to make choices about which non-essential tools are activated. In addition, the Help Menu on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, and how to disable cookies altogether.
You can still view our websites if you choose to set your browser to refuse all non-essential cookies; however, certain essential cookies are needed to operate the Site.
9. Do We Sell or Share Personal Data?
Certain data privacy laws provide individuals with rights with respect to the “selling” or “sharing” of their personal data. Frontline Medical does not currently provide personal data to others in exchange for monetary compensation. Some of these laws, however, define the “sale” of personal data to include disclosures of personal data for commercial activities such as targeted advertising. Privacy laws may also define “sharing” of personal data as providing it to advertising networks and other companies that facilitate digital advertising for purposes of cross-context behavioral advertising.
Under that broader definition, in the past 12 months, we have sold certain categories of personal data to, or shared it with, advertising networks and other companies that facilitate digital advertising for purposes of cross-context behavioral advertising or targeted advertising. These activities allow us to provide more personalized information about our Services to individuals who may be more interested in learning about them. We do not, however, knowingly sell or share the data of minors under the age of 16.
We may sell or share the following categories of personal information for purposes of cross-context behavioral advertising, or otherwise use them for targeted advertising:
- Identifiers, such as your IP address or other unique identifier and certain contact details.
- Commercial and Financial Information, such as Services you have considered or purchased from us, and information obtained during Frontline Medical activities and events information or feedback, interests and internet or other electronic activity information.
- Professional or Employment-Related Information; Education History, such as your job title and educational level.
- Internet or other Electronic Network Information, including pages of a Site you may visit and your browsing and search history; and
- Inferences, Preferences and other information.
In certain jurisdictions you have the right to opt out of sales and sharing of personal data. To do so, contact us at [email protected]. Certain browsers can also be set to send Global Privacy Control signals, as discussed below.
10. Do We Honor Do Not Track and GPC Signals?
Frontline Medical Sites that link to this notice recognize GPC signals. Frontline Medical Sites do not respond to or honor other Do Not Track instructions, which are preferences that users can set in certain web browsers.
Global Privacy Control (“GPC”) signals are opt-out signals communicated through the browser-based extension offered through the Global Privacy Control, a non-profit organization that has developed a tool that can be used universally to signal a user’s privacy preferences. Requests made through the GPC extension apply only to the device on which the request is made and will only work with the browser used to activate the opt-out setting. For more details, including how to turn on GPC, please visit https://globalprivacycontrol.org/.
11. What Are Our Data Retention Practices?
We keep your personal data in an identifiable form for no longer than needed for the business purposes for which it was collected or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Personal data processed in the context of a contract with you will be retained by us for the term of the contract and for a reasonable time afterwards as might be required to determine and settle any related claims or as otherwise required by law. Where our processing of your personal data is based on legitimate interests or compliance with legal obligations, it will be deleted as soon as the applicable underlying purpose has expired. Personal data processed based on your consent will be deleted if and when you withdraw such consent or when it is no longer needed.
Unless requested sooner or a shorter retention period is defined in the applicable Technical and Organizational Measures (“TOMs”), your Service account will be deleted or anonymized no later than twenty-four (24) months from the date of Service termination, expiration, or non-use. For specific details on data retention periods for your Service account, as well as the information Frontline Medical maintains on your behalf, consult the section “Return and Deletion of Customer Content” in the applicable Service or suite-specific TOMs.
12. What Are Our Security Practices
Frontline Medical has implemented reasonable and appropriate controls designed to safeguard personal data that we collect and further process. For example, certain aspects of Frontline Medical’s operations, on a product and/or suite-specific basis, have been assessed by independent third-party auditors against recognized security standards and controls, including SOC 2 Type II, BSI C5, SOC 3, and ISO 27001.
Despite Frontline Medical’s efforts, and due to the inherent nature of the Internet, no method of electronic data transmission or storage is 100% secure. While we strive to use reasonable means to protect your personal information, we cannot guarantee its absolute security. You should also take steps to protect your information, including restricting access to your information, securing your passwords, and using SSL/TLS to prevent interception of transmissions.
13. Where Do We Process Your Personal Data?
Frontline Medical operates on a global basis. As a result, we may transfer your personal data to, or store or otherwise process it in, other countries or regions where data protection laws are different from those of your country and may not provide as high a level or protection as your local data protection laws. Regardless of where your personal data is transferred for processing, Frontline Medical will process it in accordance with this privacy policy and will take steps to properly protect it under applicable data protection law. Examples of these steps may include, as applicable, obtaining your consent to transfer such information, agreeing to certain contractual undertakings, or certifying to certain frameworks.
Transfers from the EU, the UK, and Switzerland to Third Countries
Data Privacy Framework
Frontline Medical complies with the EU-US Data Privacy Framework (“EU-US DPF”), the UK Extension to the EU-US DPF (the UK Extension), and the Swiss-US Data Privacy Framework (“Swiss-US DPF”) as set forth by the US Department of Commerce.
Frontline Medical Audio, LLC, Frontline Medical Communications, Inc., Frontline Medical Technologies USA, LLC, Frontline Medical Group, Inc., and Grasshopper Group, LLC have certified to the US Department of Commerce that they adhere to (a) the EU-US Data Privacy Framework Principles with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-US DPF and the UK Extension, and (b) the Swiss-US Data Privacy Framework Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-US DPF. If there is any conflict between the terms in this privacy policy and the EU-US DPF Principles and the UK Extension and/or the Swiss-US DPF Principles, the Principles shall govern.
To learn more about the Data Privacy Framework Program, and to view our certification, please visit https://www.dataprivacyframework.gov/s/. For more information on Frontline Medical’s commitments and your rights related to the Data Privacy Framework, please review our DPF Notice.
Standard Contractual Clauses
For personal data transfers from the EU, the UK, and Switzerland to countries whose laws have not been deemed adequate by applicable EU regulatory authorities to that are not covered by Frontline Medical’s Data Privacy Framework certifications, Frontline Medical’s practice is to enter into data processing addendums that incorporate the European Commission’s standard contractual clauses (the “SCCs”).
APEC Cross Border Privacy Rules System and Privacy Recognition for Processors System
Frontline Medical’s international transfer of personal data collected in participating Asia Pacific Economic Cooperation (“APEC”) countries abides by the Cross-Border Privacy Rules (“CBPR”) System and Privacy Recognition for Processors (“PRP”) System for the transfer of personal data. More information about our APEC CBPR certification can be found here. More information about the APEC PRP certification can be found here. If you have raised concerns to Frontline Medical about our APEC CBPR or PRP certifications that remain unresolved, you may contact our dispute resolution provider (at no charge to you) here.
14. Do We Respect Children’s Privacy?
Frontline Medical Sites and Services are intended for general audiences. We do not seek through our Sites to gather personal data from or about persons that are 16 years of age or younger. If you inform us or we otherwise become aware that we have unintentionally received personal data from an individual under the age of 16, we will delete this information from our records.
15. What Are Your Privacy Rights?
If you are a resident of California, the UK, the EU, Switzerland, or Brazil, please refer to the applicable regional addenda to this Policy to learn how we honor your personal data rights.
Subject to the conditions, limitations, and exceptions under applicable data privacy law, you may have certain rights with respect to your personal data. Depending on your jurisdiction, you may have the right to request that we:
- confirm what type of personal data we collect, use, disclose or are otherwise processing about you.
- amend or update inaccurate or incomplete personal data about you.
- delete or restrict the use of your personal data.
- no longer process your personal data (including for marketing purposes);
- provide your personal data to you in a structured, electronic format; or
- not “sell” or “share” your personal data (as these terms are defined under applicable law).
To submit a privacy request, please contact us at [email protected].. You may also exercise your rights by using one of the methods provided for in Section 15 of this privacy policy.
Once we receive your request, we will seek to verify your identity. If we cannot verify your identify, we will not be able to act on your request. We will respond to your request within the timeframes required by applicable privacy law. In addition, if we deny your request, or a portion of your request, we will tell you why, and provide you with other information, such as the right to appeal our decision, if it applies to you.
Note: If you are seeking to make a privacy request related to personal data about you that we process for our customers, contact the customer and not Frontline Medical.
Unsubscribe Requests
If you no longer wish to receive marketing communications from us, you can opt-out by clicking on the unsubscribe link on any marketing email you receive.
You also can contact our Data Protection and/or Privacy Officer(s) by sending an e-mail to [email protected].
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
16. Do We Engage in Automated Decision-Making?
In some jurisdictions, you have the right not to be subject to a decision based solely on automated processing, including profiling, if it produces legal effects or similarly significantly impacts you. Frontline Medical routinely requires human review of processing where legal effects or other similar impacts are likely to occur.
17. How Do We Communicate Changes to This Privacy Policy?
We update this Privacy Policy from time to time to reflect changes to our personal data handling practices or respond to new legal requirements and will post updates here. However, if we make any material changes that have a substantive and adverse impact on your privacy, we will provide notice on this website or notify you by email (sent to the e-mail address specified in your account) prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
18. How Can You Contact Us with Questions and Concerns?
If you have questions or requests relating to how we process your personal data, please send an email to [email protected].