Effective Date: February 26, 2018
We collect both Personal Data, as defined below, and non personal data, defined as “Informational Content”. We may also collect information which constitutes “Protected Health Information” under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, together with any applicable regulations promulgated by the U.S. Department of Health and Human Services (collectively “HIPAA”). The Protected Health Information that We collect will always be stored and protected as required under HIPAA and will further be treated as discussed herein.
ARTICLE 1 - DEFINITIONS:
“COMPANY” means the publisher, owner, and operator of the Website, i.e., the company NKO Medical Group PLLC d/b/a Cannabis Doctors of New York, having a principal place of business at 641 Lexington Avenue, New York, NY 10022, United States. The Company is responsible for the collection and processing of personal data described herein. The Company shall be referred to as NKO Medical Group, the Company, Owner or Operator. The Company’s property shall be referred to through first-person pronouns, such as “Us”, “We”, “Our”, and “Ours.”
“PERSONAL DATA” means any information relating to a natural person who can be identified, directly or indirectly, by using such information.
“PROTECTED HEALTH INFORMATION” means information about Your health, such as medical records and history, any conditions You have, and other sensitive medical information specific to Your health as defined under HIPAA. Personal Data may include Protected Health Information, where relevant.
“INFORMATIONAL CONTENT” means information, content, photos, video, lifestyle preferences, and any other information We may obtain as a result of Your use of the Website that may not be personally identifying.
“SERVICES” means any services that are made available by the Company on the Website, including the online registration and collection of information prior to the physician’s visit.
ARTICLE 2 - MODIFICATIONS AND REVISIONS:
ARTICLE 3 - INFORMATION COLLECTED & MANNER OF COLLECTION:
We collect the following types of data depending on Your level of use of Our Website and Services:
CONSULTATION REQUEST: You, as a User of the Website, may wish to request a consultation from Us for Our Services. At this stage We collect Protected Health Information to screen You, prior to meeting with a practitioner, in accordance with the rules of the Compassionate Care Act and HIPAA. If You choose to request a consultation, You will be asked to provide certain information through a HIPAA-compliant web form. Such information will include Your email address, first name, last name, date of birth, qualifying medical condition, address, phone number, and New York State resident information. You will also be asked how You heard about the Website. You may optionally input Your current physician’s contact information, including name, address, and telephone number. Through this limited registration for consultation purposes, You authorize Us to receive and use this information exclusively to provide the Services to You.
DOCUMENT REQUEST: To schedule a physical appointment, You will be asked to upload additional Protected Health Information, such as certain medical and identifying documents in a HIPAA-compliant manner. Such documents include general medical records or a statement from Your current physician describing Your condition. You will also be asked to upload one of the following:
A New York State Driver’s License or New York State Identification Card;
A copy of a utility bill indicating Your current residency; or
A copy of a current lease indicating Your residency within New York State. Please be advised that these documents will be used exclusively to provide medical services to You, should You be eligible for the services.
SCHEDULING: If You are deemed eligible after being screened, You may be asked to schedule an appointment through Our website or through a third-party partner. Your name and requested appointment time may be collected here.
REGISTRATION: If You so choose, You may register for an account with Us for the simplicity of future appointment scheduling. No additional information will be collected from You besides that which was collected from You during Your Consultation Request.
BILLING: You will be asked certain billing information in order to participate in Our Services. Such billing information may include, but is not limited to, credit card number, verification information and billing address. This payment and billing information will be stored throughout the duration of Your relationship with Us via a third-party billing and scheduling software.
AUTOMATIC INFORMATION COLLECTION: We may collect information from You through automatic tracking systems on Your device. Such information will not include Personal Data and is limited to general device information, IP address, referral source, and usage information, such as access times. We use this information for legitimate business needs, including the analysis of users coming to Our Website.
COMBINED OR AGGREGATED INFORMATION: We may combine or aggregate some of Your Personal Data in order to better serve You.
ARTICLE 4 - HOW YOUR INFORMATION IS USED:
We primarily use Your Personal Data to provide the Website to You as well as any Services on it and We use Your Protected Health Information to provide medical services to You if You are eligible. We also use Personal Data to help Us provide the best experience possible for You and all of Our users. We always use Your Personal Data for legitimate business purposes online.
We may also use Personal Data and Informational Content for the following:
Improving Your personal user experience;
Communicating with You about Your account with Us;
Communicating with You about appointments and follow-ups;
Communicating with You about dispensary information;
Providing information about new products or other specials;
Providing telemedicine services, such as online consultations and appoints;
Communicating with You about educational events that may be of interest to You;
Analyzing Our aggregate user data;
Providing customer service to You.
We use Your Protected Health Information only as permitted under HIPAA.
ARTICLE 5 - HOW INFORMATION IS STORED:
We use secure physical and digital systems to store Your Personal Data when appropriate. Specifically, we use encrypted systems and software to ensure that Your Protected Health Information is protected in a HIPAA-compliant manner and that and all other Personal Data is safe against unauthorized access, disclosure, or destructions, to the extent possible. Any staff or contractors that We may use are trained to understand HIPAA compliance.
We may store Your Personal Data for any applicable legal record-keeping or for legitimate business purposes such as providing the Services to You.
Please note, however, that no system involving the transmission of information via the internet, or the electronic storage of data, is completely secure. However, We take the protection and storage of information very seriously and We therefore take all reasonable steps to protect Your Personal Data and Protected Health Information.
ARTICLE 6 - HOW INFORMATION IS SHARED OR DISCLOSED:
We do not share, sell, or otherwise provide any Personal Data to any advertiser. We may utilize third-party advertising platforms, such as Facebook, Google, or other social media or informational websites and tools. If We do so, please be aware Your provision of any of Your Personal Data there is entirely voluntary and will be treated according to the data protection policies of that third-party platform.
We do not ever share or otherwise provide any Protected Health Information to anyone without Your explicit consent.
To satisfy any local, state, or Federal laws or regulations;
To respond to requests, such as discovery, criminal, civil, or administrative process, subpoenas, court orders, or writs from law enforcement or other governmental or legal bodies;
To bring legal action against a user who has violated the law;
As may be necessary for the operation of the Website;
To generally cooperate with any lawful investigation about Our Users; or
If We suspect any fraudulent activity on the Website.
ARTICLE 7 - MARKETING COMMUNICATIONS:
From time to time, We may send You informational communications related to dispensaries, new products or specials that may be of interest to You, educational events, or other information which may be beneficial for Your use. Please note that such communication does not fall within the scope of direct marketing communication.
After We obtain Your explicit prior consent, We may use Your personal data for direct marketing purposes, such as:
Sending You a newsletter or other marketing email;
Offering You new products, services, and/or recommendations; and
Delivering You targeted information regarding promotions.
Please note that You have the right to object receiving direct marketing communication at any time by:
Noting Your preferences at the time You register Your user account with Us;
Logging into Your account settings and updating Your marketing communication preferences; or
Clicking on the “unsubscribe” link contained in each such marketing email sent to You.
If You no longer wish to receive correspondence, emails, or other communications from third parties, You are responsible for contacting the third parties directly.
ARTICLE 8 - THIRD PARTIES:
We may utilize third party service providers ("Third Party Service Providers"), from time to time or all the time, to help Us with the Website, and to help serve You. Such Third Party Service Providers may include website hosting companies, information storage companies (such as cloud storage), billing companies (such as third-parties billers and schedulers), and user information logistics providers (such as Google Analytics or other analytics company which helps Us track general user information and usage). We may use the collected analytics information to understand patterns of usage of, and to improve, the Website.
We may also generally use other Third Party Service Providers to help Us with the operation of the Website.
Your Personal Data will not be sold or otherwise transferred to other third parties without Your approval. Your Protected Health Information will never be transferred to Third Party Services Providers, unless the Third Party Service Provider is being used for information storage in a HIPAA-compliant manner.
ARTICLE 9 - COOKIES:
There are two types of cookies, namely, persistent cookies (i.e., cookies that remain valid until their expiration date, unless deleted by the user before that date) and session cookies (i.e., cookies that are stored on a web browser and remain valid until the moment when the browser is closed). We may use both persistent cookies and session cookies.
Most Internet browsers accept cookies automatically, although You are able to change Your browser settings to control cookies, including whether or not You accept them, and how to remove them. You may also be able to set Your browser to advise You if You receive a cookie, or to block or delete cookies.
ARTICLE 10 - TRANSMITTALS FROM US:
From time to time, We may send You informational communications related to the Website, such as announcements or other information. You may also receive information from Us that is specifically about Your use of the Website or about Your account with Us, including information about security breaches or other privacy-related matters.
By providing any Personal Data to us, or by using the Website in any manner, You have created a commercial relationship with Us. As such, You agree that any email sent from Us or third-party affiliates, even unsolicited email, shall specifically not be considered SPAM, as that term is legally defined.
ARTICLE 11 - YOUR RIGHTS:
ARTICLE 12 - MODIFYING YOUR INFORMATION:
If You wish to modify any information We may have about You, or You wish to simply access any information We have about You, You may do so by contacting Us at the following email: Info@cdony.com.
ARTICLE 13 - MINOR PRIVACY:
We do not allow use of the Website by users under the age of 18. We do not provide medical services to anyone under the age of 18 without parental or guardian consent. As such, We do not collect, store, or otherwise use any Personal Data from any minors on the Website.
ARTICLE 14 - LINKS:
Before visiting and providing any information to any such third-party websites and applications, You should familiarize Yourself with the applicable privacy practices and take reasonable steps necessary to protect Your personal data.
ARTICLE 15 - PRIORITIZATION:
ARTICLE 16 - CUSTOMER SERVICE CONTACT INFORMATION: