Privacy Policy

Effective Date: May 20, 2019

This Privacy Policy (“Policy”) describes the data collected (“Collected Data”) by or on behalf of Harrow Health, Inc. (“ImprimisRx,” “we,” “us,” or “our”) and its vendors through this website (“Site”), and how Collected Data is used and shared. If you have questions or concerns about this Policy, please contact us.

By using the Site or placing any order, you agree on behalf of yourself and any organization that you represent (together, “you”) that you have read and understand this Policy. We may modify this Policy at any time. All changes will be effective immediately upon posting to the Site. Material changes will be conspicuously posted on the Site or otherwise communicated to you. By using the Site after changes are posted, you agree to those changes.

We Collect Data You Provide

Protected Health Information. To the extent that Collected Data is Protected Health Information (“PHI”) as that term is defined under the Health Insurance Portability and Accountability Act of 1996 and any regulations promulgated thereunder (“HIPAA”), that data is governed by ImprimisRx’s HIPAA Privacy Policy, which is available at https://www.imprimisrx.com/assets/IMMY-Notice-of-Privacy-Practices-HIPAAJanuary-2017.pdf, and not this Privacy Policy. Unless specifically stated otherwise, references to Collected Data in this Privacy Policy do not include PHI. We protect PHI and will only use or disclose it as required or permitted by applicable federal and state laws, including HIPAA, and in accordance with any contractual obligations that we may have with your health care provider. It may be necessary for us to share PHI with third parties, including vendors that we engage to provide services in connection with the Site. If we share PHI with any third party, we will share only the minimum necessary data to enable the third party to provide the services for which we have engaged them, and we will ensure that third party agrees to use and disclose PHI only as required or permitted by applicable federal and state laws, including HIPAA. For additional information about how we may use or disclose your PHI and your associated rights, please refer to our HIPAA Privacy Policy.

Personal Information. If you elect to provide information that personally identifies you (“Personal Information”) such as your name, email, mailing address, phone number, or payment data, we will collect, use, and share it pursuant to this Policy and applicable law.

Personal Information is required to use certain Site features, for example, to create online accounts, purchase products or services, contact us via email, phone, or our Contact Us form (where we may retain your message’s content and our response), submit job application materials, receive or request data from us (e.g., newsletters or order status), and respond to communications from us (e.g., surveys and promotional offers).

Order & Payment Data. To make purchases through the Site, you must submit your name, credit or debit card type, number, expiration date, security code, and billing address. All credit and debit card data is provided directly to our PCI-compliant third-party payment processor. We do not directly access, handle, or store your credit or debit card data. We may keep a record of your purchases. We store your payment card’s last four digits and tie that data to your account to facilitate future orders.

Marketing Communications; Opt Out. To subscribe to our email newsletter, you must (1) identify yourself as a patient, healthcare provider, payor, potential investor, or other, (2) note if you are interested in ophthalmology, optometry, integrative medicine, or other, (3) submit your email address, and (4) check the box that you would like to subscribe to the email newsletter. To request marketing materials, you must submit your name, clinic/surgery center name, email address, phone number, and mailing address. We use this data to send you promotional and other electronic and hardcopy communications. We may use third-party providers to deliver communications to you. You may opt out of such emails by using the unsubscribe link in the email or contacting us at info@imprimisrx.com with “Unsubscribe” in the subject line. To opt out of other communications (e.g., postal marketing and telemarketing), please contact us. Opting out of marketing communications does not opt you out of communications about your account or transactions.

Job Application Materials. To submit job application materials, you will be redirected to our online job applications portal, which is hosted by ADP. All data related to job applications is submitted directly to ADP and will be shared with us. We encourage you to review ADP’s terms and privacy policy. If you submit job application materials, we may use the contents to evaluate your qualifications and respond to you. Submission of materials does not require us to review them or consider you for employment.

Data Automatically Collected

Account Activity. We will collect data about how you use (i) your online account, and (ii) the Site when you are logged into your account.

IP Addresses, Cookies, & Similar Tracking Technologies. When you use the Site, we and our Site vendors use technologies such as cookies (i.e., small pieces of data stored on your device’s hard drive by your browser), web beacons, pixel tags, and similar technologies to automatically collect internet protocol addresses assigned to the computers and other devices you use, your internet service provider, device ID number, approximate geographic location, browser type, Site pages visited, websites you access before and after visiting the Site, and data related to how and when you use the Site (e.g., date and time stamps, clickstream data, and data about search terms and websites that direct you to the Site). We may combine this Collected Data with other Collected Data (including Personal Information) and data obtained from third parties.

The Site may use session, persistent, and flash cookies (local stored objects) to collect and store data about your preferences and navigation to, from, and on our Site. Session cookies are used to complete transactions and for other purposes such as counting visits to certain webpages. Session cookies are eliminated when you exit your browser. Persistent cookies may be stored on your computer by your browser. When you log in, persistent cookies tell us if you have visited the Site before or if you are a new visitor.

Flash cookies differ from browser cookies regarding the amount and types of data collected and how the data is stored. Cookie management tools provided by your browser will not remove and cannot manage Flash cookies. To learn about managing your Flash cookie settings, visit the Flash player settings page on Adobe’s website here.

Most browsers automatically accept cookies. You can disable this function, but disabling cookies may impact your use and enjoyment of the Site.

Do Not Track Requests. Due to the automatic collection of data using cookies, we do not honor “do not track” requests.

Analytics. We may occasionally enable and implement various analytics tools, such as Google Analytics, which is an analytics tool provided by Google to collect and process Collected Data consisting of certain telematics about your use of the Site. Google sets and reads cookies to collect such Collected Data and your web browser will automatically send such Collected Data to Google. Google uses this data to provide us with reports that we use to improve the Site’s structure and content.

We may occasionally enable and implement additional add-on services to Google Analytics, such as Demographics and Interest Reporting. Demographics and Interest Reporting uses cookies to collect data about our Site traffic by tracking users across websites and across time to provide us with analytics on our user base.

To learn more about how Google uses data, visit Google’s Privacy Policy and Google’s page on “How Google uses data when you use our partners’ sites or apps.” You may download and install the Google Analytics Opt-out Browser Add-on for each web browser you use. Using the Google Analytics Opt-out Browser Add-on does not prevent the use of other analytics tools. To learn more about Google Analytics cookies, visit Google Analytics Cookie Usage on Websites.

Social Media. We are active on social media, including Facebook, Twitter, YouTube, and LinkedIn (“Social Media”). You may comment on Social Media regarding ImprimisRx and our products and services.

Anything you post on Social Media is public information and will not be treated confidentially. We may post (or re-post) on the Site and our Social Media pages any comments or content that you post on our Social Media pages. You agree to hold ImprimisRx and its affiliates harmless and without liability for the results of any and all content you post on ImprimisRx’s Social Media.

Your use of Social Media is governed by the privacy policies and terms of the third parties that own and operate those websites and not by this Policy. We encourage you to review those policies and terms.

The Site may use advertising networks and services offered by Social Media to deliver advertising content. Use of these services requires Social Media to implement cookies or pixel tags to deliver ads to you while you access the Site.

Videos; Embedded Content. The Site may contain videos and embedded content provided by ImprimisRx or third parties, including visible content and/or feeds scripts embedded in the Site’s code. ImprimisRx and such third parties may collect data about how you interact with such content. By watching the videos and interacting with such content, you agree to the collection and use of such data.

Data from Other Sources. We may obtain data about individuals from various third-party companies and public sources and we may combine that data with Collected Data. This enhances our existing data about our users and customers (e.g., adding address data) and improves our marketing efforts.

How We Use & Share Collected Data

Beyond the uses and sharing described above, ImprimisRx and its vendors may use and share Collected Data (including Personal Information) as described below. We do not sell or rent Collected Data except as stated in this Policy and as permitted by applicable law.

Purpose Collected & Communication with You. We use and share Collected Data for the purpose for which it was collected. For example, if you place an order through the Site, we use Collected Data to communicate with you regarding your order. If you contact us for support or assistance, we may use Collected Data to contact you and assist you with your request. We may use Collected Data to notify you of Site changes (e.g., changes to our Terms of Use or this Policy), and if you opt in, to send you marketing communications.

Affiliates, Vendors, & Other Partners. We may share Collected Data with our affiliates, third-party vendors, service providers, suppliers, consultants, agents, distributors, and other partners (including Site management and hosting, payment processing, online storefronts, marketing and public relations, communications providers, and email services) that provide data processing services to us (e.g., to support the delivery of, provide functionality on, or help to enhance the security of the Site or our products and services) or otherwise process Collected Data for purposes described in this Policy or communicated to you when we collect such data. The parties described in this paragraph are authorized and may use and disclose Collected Data as needed to provide the applicable services to us and as provided by their own privacy policies.

Detection and Prevention of Fraud.  We may use Collected Data and share it with third party vendors to help detect and prevent potential fraudulent transactions.

Aggregated Data. We may use Collected Data to create anonymous aggregate data. We may use and share such aggregate data with our affiliates, vendors, and other third parties to: (1) analyze, develop, and improve the content, products, and services that we make available, (2) inform business strategies, (3) understand the Site’s demographics and user preferences, (4) customize promotional emails and users’ Site experience, and (5) for other lawful purposes.

Security & Protection of Rights. We may use Collected Data and share it with third parties if we believe it is needed to operate the Site or to protect our rights or the rights of others, including sharing data needed to identify, contact, or bring legal action if our contracts, terms, or policies are violated or if required by law.

Business Transactions. All Collected Data is exclusively our property. If we undergo a change or contemplated change in control, acquisition, merger, reorganization, or asset sale, all Collected Data may be transferred, sold, shared, or otherwise shared with potential and actual successors, which will be bound by this Policy as it applies to Collected Data.

With Your Consent. With your consent, we may use or share Collected Data in ways not specifically described in this Policy.

Children

We are committed to protecting children’s privacy. The Site is not directed at children under 13 years of age. We do not knowingly collect, use, or share data from children under 13. If a parent or legal guardian learns their child provided us with Personal Information without his or her consent, please contact us.

Data Security

We use commercially reasonable technical and organizational measures to help secure all Collected Data against loss, misuse, and alteration. While we cannot guarantee it, we use industry-standard protections to help safeguard against such occurrences. If a breach of our systems occurs, we will notify you of the breach only if and as required under applicable law.

You understand that no data transmission over the internet or a mobile device can be guaranteed to be 100% secure. While we strive to protect your Personal Information, we do not guarantee the security of Personal Information and you provide Personal Information at your own risk.

Access from Outside the United States

This Site is operated and maintained by Imprimis Pharmaceuticals, Inc. from the United States and is intended solely for a United States audience. If you access the Site from outside the United States, please be aware that Collected Data will be transferred to, stored in, and processed in the United States. U.S. data protection and related laws may not be as comprehensive as those from where you access the Site.

Third-Party Websites

The Site may link to, or be linked to, websites not controlled by us. We are not responsible for third-parties’ privacy policies or practices. This Policy does not apply to any third-party websites or to any data that you provide to third parties. You should read the privacy policy for each website that you visit.

Access & Update Your Personal Information

To access or update your Personal Information as it exists in our records, please visit any accounts you have created (if applicable) or contact us using the information below.

Contact Us

If you have questions or concerns regarding this Policy, contact us at:

ImprimisRx
Corporate Headquarters
12264 El Camino Real, Suite 350
San Diego, CA 92130
Phone: 844.446.6979
Fax: 858.345.1745
info@imprimisrx.com