Type of Information We Collect
Before buying or selling prescription drugs on the Pharmacy Marketplace, you must register, sign a User Agreement and complete various forms for our use. Personal information is any information accessed, collected, or used by PM, LLC that identifies an individual, or can reasonably be used to identify an individual, whether directly or indirectly. The personal information we may collect includes, but is not limited to:
- Contact information such as your name, legal name of your business, job tile, business email address, business address, cell phone number, business phone and fax numbers, DEA license number, State license number, NCPDP number and NPI number.
- Identifiers such as your username, password and IP address
- Financial information such as your business financial institution account number or credit card information
- Profile information on the Pharmacy Marketplace Community platform
- Copy of your pharmacy license
- We also may receive information about you from other sources and may add it to your account information. For example, we might get your updated address from a shipper or comments from a wholesaler or buyer.
- We may acquire customer lists from other parties so that we may invite new people to visit Pharmacy Marketplace. We do not distribute this list to any other party.
Tracking Technologies We Use
We use various technologies to collect personal information about users of Pharmacy Marketplace. These technologies include the following:
- Web server logs
- As is true of most websites, we gather certain information automatically and store it in log files. This information may include IP addresses, browser type, internet service provider, referring/exit pages, operating system, date/time stamp and/or clickstream data.
- Geo-location Services
- If you enable a location-based service in your browser, we may collect information about your location to identify and analyze regional response time issues with Pharmacy Marketplace. Your browser or device may use various technologies to determine location, such as sensor data from your device that may provide information on nearby Wi-Fi access points and cell towers. You may opt-out of geo-location collection by changing the setting of your browser or device.
- Other Tracking Technologies
- We may also use other tracking technologies such as local shared objects (such as session storage), tags, scripts and session replay/capture.
These technologies are used to analyze trends, remember your settings between visits for your convenience, administer the Sites, track your movement around the Sites and to gather demographic information about our user base. We may receive reports based on the use of these technologies from thirty parties on an individual as well as aggregated basis.
How We Use the Personal Information Collected
We may use the personal information we collect for purposes such as:
- Fulfilling your orders
- Improving Site content
- Responding to inquiries, requests and activities, and providing related customer support
- Sending important notices and other communications to you
- Improving our products and services
- For marketing and promotional purposes. For example, we may send out email or direct mail to our online and registered members about things we think may be of interest to
- Surveys – If you participate in surveys, we may request certain personal information from you within these surveys. Participation in these surveys is completely voluntary and you have a choice whether to disclose personal information. Although we may use a third-party service provider to conduct these surveys, we will not share personal information provided through surveys with other third parties, unless we give you prior notice and choice.
How We Share Personal Information Collected
- We may provide your personal information to third parties who help us with our business activities, such as payment processing services or to manage a database containing certain customer information or to create and distribute an email offering. These companies are authorized to use personal information about you only as necessary to provide these services to us, and not for other purposes including their own marketing
- For some of our products, PM, LLC may provide you with a link to the supplier of that product so that you may get further information. If you link to the supplier’s site, the supplier may collect or receive information about you. Some of our vendors may also work with us to create a vendor shop within the Pharmacy Marketplace site or to ship your order directly to you.
- PM, LLC may use an outside company to place its advertising banners or links on other In certain cases, the advertiser may collect information on people who click on the banner or link. PM, LLC may also need to share information with companies, organizations or individuals outside of PM, LLC if we have a good faith belief that access, use, preservation, or disclosure of that information is reasonably necessary to:
- Meet applicable laws, regulations, legal processes or enforceable governmental requests
- Detect, prevent, or otherwise address fraud, security or technical issues
- Protect against harm to the rights, property or safety of our users, PM, LLC, or the public as required or permitted by law
- Engage in a merger, acquisition, reorganization, or sale of all or a portion of PM, LLC
Pharmacy Marketplace allows you to directly access, edit, or delete your personal information through your profile settings. If you wish to subscribe to newsletters or notices related to Pharmacy Marketplace, we will use your name and email address to send the information to you. You may choose to stop receiving such newsletters or marketing emails by following the unsubscribe instructions included in these emails or by accessing and managing the email preferences in your profile settings pages. We may display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonials along with your name.
We will retain your personal information for as long as your account is active, as reasonably useful for commercial purposes, or as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
How We Protect Your Information
PM, LLC has established appropriate physical, electronic and administrative safeguards to protect the information we collect from or about our users. We restrict access to personal information to PM, LLC employees, contractors and agents who need to know that information to process it for us, and who are subject to confidentiality obligations. Any sensitive personal information (e.g., credit card number) will be transmitted in an encrypted form at rest within the storage layer of MongoDB using the AES256-CBC encryption mode. Data only exists in an unencrypted state in memory and during transmission. The transmission of unencrypted data only occurs within a secure virtual private cloud (VPC) within the internal AWS infrastructure. Network access to the MongoDB clusters is aggressively restricted using IP address whitelisting (network firewalls). Two-factor authentication is required for MongoDB Atlas (administrative access). IP whitelisting is also imposed when connecting to MongoDB Atlas. Data is encrypted in transit from our servers to client devices using the transport security layer (TLS v1.2) cryptographic protocol, which enables traffic to be sent over HTTPS. This provides privacy and data integrity between PM, LLC servers and its connected clients. PM, LLC servers that handle web traffic have the following HTTP security headers configured (among several others):
- Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement to distribution of malware
- Certificate Transparency is an open framework designed to protect against and monitor for certificate mis-issuances. Newly issued certificates are ‘logged’ to publicly run CT logs which maintain an append-only, cryptographically assured record of issued TLS certificates
- Referrer-Policy which controls which information is sent in the Referrer header. The Referrer header contains the address of the previous web page from which a link to the currently requested page was followed, which has lots of fairly innocent uses including analytics, logging, or optimized caching. However, there are more problematic uses such as tracking or stealing information, or even just side effects such as inadvertently leaking sensitive information.
- Strict-Transport-Security (HSTS) response header lets a web site tell browsers that it should only be accessed using HTTPS, instead of using unsecured HTTP.
- X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should not be changed and be followed. This is a way to opt out of MIME type sniffing, or, in other words, to say that the MIME types are deliberately configured.
- X-Frame-Options response header can be used to indicate whether or not a browser should be allowed to render a page in a frame, iframe, embed, or object. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.
Notwithstanding our security safeguards, it is impossible to guarantee 100% security in all circumstances. If you have any questions about security or have reason to believe that your interaction with us is no longer secure (for example, you feel that the security of any account you might have with us has been compromised), you must immediately notify us of the problem by contacting PM, LLC at email@example.com.
You may also write to us at:
Pharmacy Marketplace, LLC
1090 9th Avenue SW, Suite 110
Bessemer, AL 35022
ATTN: Privacy Officer