This Privacy Policy describes how Second Sight Solutions LLC and its affiliates (“Second Sight,” “Company,” “we,” “us,” “our”) use, share and otherwise process Personal Information that we collect through the website portal hosted at www.340besp.com and associated web pages (our “Websites”) and the 340B ESP™ offering made available therein (together with any updates provided by Second Sight and any corresponding documentation, associated media, printed materials, and online or electronic documentation) (collectively, the “Platform”). The Platform is intended for use by persons located in the United States.
340B ESP™ enables a 340B covered entity (“Covered Entity”) to submit, via an authorized employee or agent acting on its behalf, certain de-identified 340B pharmacy claims data (“Covered Entity Claims Data”) to Second Sight. Second Sight then analyzes this data on behalf of pharmaceutical manufacturers in order to identify duplicate Medicaid, Medicare, TRICARE and commercial payer rebates. For additional information about the Platform, please see our Frequency Asked Questions (“FAQs”), available online at www.340besp.com/faqs.
“Personal Information” means information that allows us to identify an individual or household, directly or indirectly, such as a name, contact details, or address. We may collect and process the following Personal Information:
We also collect, use, and share de-identified information such as statistical or demographic data, which we may use for any purpose. This information could be derived from your Personal Information but will not reveal your identity directly or indirectly. For example, we may aggregate your usage information to calculate the percentage of users accessing a specific Platform feature.
We collect Personal Information from you via the following:
In order to register for an Platform account (“Account”), you must either (a) use an email address having a domain name associated with the Covered Entity to register for an Account that can invite other users to register on behalf the Covered Entity (“Administrator Account”), or (b) register using an invitation from the Administrator Account of the Covered Entity. As part of the registration process you must provide your first name, last name, work e-mail address, cell phone number, and the Covered Entity on whose behalf you are accessing the Platform.
The Covered Entity Claims Data, as defined under the 340B ESP™ Terms of Use, available online at www.340besp.com/terms-of-use, is fully de-identified in accordance with the HIPAA expert determination method pursuant to 45 C.F.R. §164.514(b)(1) and does not contain any “Protected Health Information” or “PHI” as defined under the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (“HIPAA”). Such Covered Entity Claims Data does not constitute Personal Information under this Privacy Policy.
We may automatically collect certain information about the devices you use to access the Platform, as well as information on how you interact with the Platform, through web server logs as well as cookies and other similar tracking technologies. Information gathered through cookies and web server logs may include information such as the date and time of visits to the Platform, the pages viewed, time spent at the Platform, and the websites visited just before and just after the Platform.
We may collect information about your use of the Platform through cookies and other similar tracking technologies. “Cookies” are a feature of web browser software that allows web servers to recognize the computer used to access a website. They are small text files that are stored by a user’s web browser on the user’s hard drive. Cookies can help identify what information a user accesses on one website to simplify subsequent interactions with that site by the same user or to use the information to streamline the user’s transactions on related websites. A number of Cookies we use last only for the duration of your web session and expire when you close your browser. Other Cookies last longer and are used to recognize your computer when you return to the Platform.
We use Cookies to manage your login session, help you move between screens in the Platform in a smooth and secure manner, and to gather information about the browsing activities of users of the Platform in order to continually improve it and better serve the needs of its users.
You can change your browser settings to notify you of the Cookies being set or updated, and to block Cookies. Please note that if you have turned off all Cookies, some features of the Platform may not be available to you or otherwise function as intended.
We also may include tracking pixels and web beacons in email messages, newsletters, and other electronic communication. They help us to determine whether a message has been opened and to analyze and personalize our interactions with you. Instructions on how to unsubscribe are included in each email.
We use Google Analytics, which collects information about usage of the Platform and allows us to receive information about general usage statistics.
In order for Google Analytics to function, when you use the Platform, Google will place cookies on your device. Google Analytics may also collect information through other methods in addition to cookies. Information collected by Google Analytics when you use the Platform, and the way it is used, is described in the applicable Google Privacy Policy [https://policies.google.com/privacy?hl=en-US] and Google Terms of Service [https://policies.google.com/terms?hl=en-US].
Most web browsers automatically accept Cookies. You can, however, change your browser to prevent this or to notify you each time a Cookie is set. To learn more about how to manage Cookies on different types of browsers, you can visit the website www.allaboutcookies.org.
We do not currently use technology that recognizes “do not track” signals from your web browser.
We use Personal Information when doing so is consistent with applicable federal, state, or local law, regulation or rule (“Applicable Laws”) including in the following ways:
We take precautions to maintain the confidentiality, integrity, and security of your Personal Information, including the adoption of certain physical, electronic, and procedural safeguards and procedures designed to maintain and secure your Personal Information from inappropriate disclosure in accordance with Applicable Laws. The information you transmit to us secured by industry standard encryption. However, no security measures are perfect, and we cannot assure you that Personal Information that we collect will never be accessed or used in in an unauthorized way.
We restrict access to Personal Information to those employees and agents of Second Sight who need to know that information in order to provide Second Sight’s services. We may disclose such information to our service providers (including financial, technical, marketing, and professional service providers and consultants) and financial institutions that provide services to Second Sight. We require such third party service providers and financial institutions to protect the confidentiality of your Personal Information and to use the information only for purposes for which it is disclosed to them.
We do not sell Personal Information or disclose Personal Information except as may be required or permitted by law, rule, or regulation, or otherwise consented by you. We may disclose Personal Information to the following parties:
In addition, we may use or disclose your personal data as we deem necessary or appropriate:
On all occasions when it is necessary for us to share your Personal Information with other parties, we will require that such information only be used for the limited purpose for which it is shared and will advise such third parties not to further share your information with others except to fulfill that limited purpose.
Individuals in California, and certain other jurisdictions may have certain data subject rights. These rights vary, but they may include the right to: (i) request access to and rectification or erasure of their Personal Information; (ii) restrict or object to the processing of their Personal Information; and (iii) obtain a copy of their Personal Information in a portable format. Individuals may also have the right to lodge a complaint about the processing of Personal Information with a data protection authority. We do not sell your information, so you are already opted-out of such sales. We will not discriminate against you for exercising any of these rights.
How to Exercise Data Subject Rights
If you wish to exercise any of these rights please email us at the contact provision with the phrase “Data Subject Rights” in the subject line. You may also call us toll-free at 1.888.398.5520 or email us at privacy@thinkbrg.com. We will review your requests and respond accordingly. The rights described herein are not absolute and we reserve all of our rights available to us at law in this regard. Additionally, if we retain your Personal Information only in de-identified form, we will not attempt to re-identify your data in response to a Data Subject Rights request.
If you make a request related your Personal Information, we will need to verify your identity. To do so, we will request that you match specific pieces of information you have provided us previously, as well as, in some instances, provide a signed declaration under penalty of perjury that you are the consumer whose Personal Information is the subject of the request. If it is necessary to collect additional information from you, we will use the information only for verification purposes and will delete it as soon as practicable after complying the request. For requests related to particularly sensitive information, we may require additional proof of identification.
If you make a Data Subject Rights request through an authorized agent, we will require written proof that the agent is authorized to act on your behalf. We will process your request within the time provided by Applicable Laws.
California Shine the Light Law:
If you are a California resident, you have the right to request information about how we share certain categories of Personal Information with third parties. California law gives you the right to send us a request at a designated address to receive the following information:
We will retain Personal Information only for as long as is necessary for the purposes set out in this Privacy Policy, or as long as we are legally required or permitted to do so. Under certain circumstances, you may have the right to have your Personal Information erased.
When deciding how long to retain your Personal Information, we take into account our legal and regulatory obligations, the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information described above and whether we can achieve those purposes through other means. We may also retain your Personal Information to investigate or defend against potential legal claims in accordance with the limitation periods of countries where legal action may be brought.
The Platform is not directed toward children under the age of 18. We do not promote our Platform to minors, and we do not intentionally collect any personally identifiable information from any person under 18. If we become aware of having collected Personal Information from children under the age of 18 without valid consent from their respective parents or guardians, we will delete it as soon as practicable.
The Platform is not directed toward children under the age of 18. We do not promote our Platform to minors, and we do not intentionally collect any personally identifiable information from any person under 18. If we become aware of having collected Personal Information from children under the age of 18 without valid consent from their respective parents or guardians, we will delete it as soon as practicable.
We may update this Privacy Policy periodically, without prior notice, so please review it frequently. If we decide to change our Privacy Policy, we will post the updated Privacy Policy at www.340besp.com/privacy, so that you are aware of the kinds of Personal Information we collect, use, share, and otherwise process. If we make material changes to this Privacy Policy, we will notify you on this website, in our Platform, update the effective date above, and provide you with notice as required by Applicable Laws.
If you have any questions or concerns about this Privacy Policy, please contact us by: