How do we collect the personally identifiable information of our users?
LabFinder may collect certain personal identifiable information through a variety of means and sources about users who visit, contact, sign up/register for or otherwise use the LabFinder website/LF Service. For example, we collect such information in the following manners:
Information You Provide to Us
Much of the personally identifiable information we receive comes directly from users who are interested in signing up for the LF Service or who are interested in obtaining information, services or products from us. We collect personal information when you register on, complete a profile on or contact us through our website or when you e-mail us. We may also collect other types of information (non-identifiable information), such as gender, age, personal interests and medical or health-related information that we may associate with personally identifiable information.
When you access our website services, we may ask you to voluntarily provide us certain information that personally identifies (or could be used to personally identify) you (“Personal Information”). Personal Information includes (but is not limited to) the following categories of information: (1) contact data (such as your e-mail address and phone number); (2) demographic data (such as your gender, your date of birth and your zip code); (3) insurance data (such as your insurance carrier, insurance plan, member ID, group ID and payer ID); (4) medical data (such as the doctors or other health care providers you use, your reasons for care, your dates of visit, your medical history, and other medical and health information you choose to share with us, and (5) other information that you voluntarily choose to provide to us, including without limitation social security number, unique identifiers such as passwords, and Personal Information in emails, contact submissions or letters that you send to us. You might still be able to access and use some of the LF Service if you choose not to provide us with any Personal Information, but the features of the LF Service that require your Personal Information will not be accessible to you. We may also collect additional information, which may be Personal Information, as otherwise described to you at the point of collection or pursuant to your consent.
Information Collected Through Technology
We may collect information through technology to make our website more useful to you and to track user web activity and interests. Our website may use “cookies,” which are pieces of information a website sends to your computer while you are viewing the website, for a variety of purposes. For example, when you return to our website after logging in, cookies may provide information to the site so that the site will remember who you are. We may also use information collected through web beacons, which are small pieces of data that are embedded in images on the pages of websites, to analyze the traffic patterns on our website, such as the frequency with which our users visit various parts or pages of our website. We may also use these technical methods in HTML e-mails that we send to our users to determine whether our users have opened those e-mails and/or clicked on links in those e-mails.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. The Help feature on most web browsers provides information on how to accept cookies, disable cookies or to notify you when receiving a new cookie.
If you do not accept cookies, you may not be able to use some features of our LF Service and we recommend that you leave them turned on.
You may be able to engage in certain transactions without registering and logging on to our website. We refer to all of these transactions that you engage in without registering and logging on to our website as “Non-Registered Transactions.” When you engage in Non-Registered Transactions (in addition to those engaged in Registered User transactions), we may gather personally identifiable information, such as your computer’s IP address and other traffic data. We may automatically collect the following traffic data: (1) IP address; (2) domain server; (3) type of device(s) used to access the LF Service; (4) web browser(s) used to access the LF Service; (5) referring webpage or other source through which you accessed the LF Service; (6) geolocation information; and (7) other statistics and information associated with the interaction between your browser, mouse or device and the LF Service.
Mobile device identifiers are data stored on your mobile device that may track mobile device and data and activities occurring on and through the mobile device, as well as the applications installed on it. Mobile device identifiers enable collection of Personal Information (such as media access control, address and location) and traffic data. As with other tracking tools, mobile device identifiers help LabFinder learn more about our users’ demographics and internet behaviors.
Information That We Collect from Others
How is personally identifiable information used?
We will never rent, sell, disseminate or share personal information about you with non-affiliated companies or third parties other than to schedule your Lab Services and to secure and store relevant information derived from those services, except when we have your permission or under the circumstances set forth in detail below.
Personally identifiable information collected may be shared within and used by LabFinder, and its affiliated companies, subsidiaries and vendors for several purposes. For example, LabFinder may use your personal information to send you promotional materials about goods and services, including special offers and promotions, either offered by LabFinder or offered by third parties (sent by LabFinder on behalf of these third parties), including Lab Users. These promotional materials may be sent to you by online portal, postal mail, e-mail or other means.
We may also use your personal information for “Operational Uses,” such as to complete transactions requested by you (for example, insurance eligibility verification, Lab Service scheduling, Lab Services test result acquisition from Lab Users and storage for your access, and your purchase of or subscription to a product or service offered on our website or by a Lab User) or to send you administrative communications.
LabFinder may take your personally identifiable information that is associated with other information about you (i.e. demographic information including age, sex, etc.) and make it non-personally identifiable (“non-identifiable”) by removing all personally identifiable characteristics, such as your name, insurance identifiers, address, phone number and e-mail address.
At times, LabFinder may hire companies to help deliver products or services that you request from LabFinder. Examples of these companies may eventually include packaging, printing, mailing or delivery companies. In these instances, there may be a need to share your information with these companies to fulfill your requests. Unless stated otherwise, these companies are allowed to gather, receive and use your information only for the purposes described in this paragraph or as required by law.
LabFinder may contract with a third party to help manage and optimize our Internet business and communications. As described above, website tracking services help websites to measure the effectiveness of advertising and how visitors use a website through the use of web beacons and cookies provided by such company. The type of information we may collect includes, but is not limited to, the pages visited and links clicked by users. By supplementing our records, this information would help us to learn things such as what pages are most useful and attractive to our visitors and which of our tools and information most interest our visitors and users. Although the third party company would log the information coming from our website on our behalf, we would control how that data and information may and may not be used, though we cannot be responsible for misconduct, acts or omissions by such third parties and you hereby waive any claim against LabFinder for same, fully acknowledging the risk of using and registering for our LF Service.
We may use, publish and exploit any information that is neither Personal Information nor PHI (including PHI that has been de-identified and/or, after de-identified, aggregated) for statistical, research, study, sale and other purposes, including for sharing with our vendors and sale, without any consideration due to you.
We may send communications to you on your mobile telephone by SMS or text message. Message and data rates from your mobile telephone service provider may apply and are subject to the terms and conditions imposed by your provider.
Options for Opting out of Cookies and Mobile Device Identifiers
Some web browsers allow you to reject cookies or to alert you when a cookie is placed on your computer, tablet or mobile device. You may be able to reject mobile device identifiers by activating the appropriate setting on your mobile device. Note if you block or reject LabFinder’s cookies or mobile device identifiers, you may not have access to all features.
- You may opt out of receiving certain cookies and certain trackers by selecting the check box in My Profile section of the Consumer Dashboard. You will need to opt out of each browser and device for which you desire to apply these opt-out features.
- Even after opting out of behavioral advertising, you may still see LabFinder advertisements not targeted toward you. Also, opting out does not mean that LabFinder is no longer using tracking tools as you continue to use our website/app, and may still serve advertisements to you via the services based on information it collects for provision of the website/app services.
Do Not Track Disclosure
Do Not Track (“DNT”) is a preference you can set in certain web browsers including Chrome, Firefox, Safari and Internet Explorer to inform websites that you do not want to be tracked. If a website operator receives a DNT signal, the website operator may refrain from collecting certain Personal Information about the browser’s user. You can enable or disable Do Not Track by visiting the Preferences or Settings of your web browser although not all browsers offer a DNT option and there is currently no industry consensus as to what constitutes a DNT signal. Therefore, LabFinder does not take any action to respond to DNT signals.
HIPAA and PHI
Under a federal law called the Health Insurance Portability and Accountability Act (“HIPAA”), some of the demographic, health and/or health-related information that LabFinder collects as part of providing the LF Service may be considered “protected health information” or “PHI”. Specifically, when LabFinder receives identifiable healthcare information about you from or on behalf of your healthcare providers and Lab User, this information is PHI. HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed. LabFinder may only use and disclose your PHI in the ways permitted by you and your Lab User and/or physician.
You should note the following prior to using, registering for or accessing the LF Service:
We may share your Personal Information with Lab Users with which you choose to schedule through the LF Services.
We may share your Personal Information with your physician or other clinician to the extent you provide us with their contact information (using the name and contact information you provide or that they otherwise subsequently update with us), such as to to enable them to order or otherwise review results of your Lab Services.
Lab Users will share PHI with us resulting from your use of the Lab Services, for subsequent access by you using the LF Service.
We may use your Personal Information for the purposes of insurance verification, determining eligibility, co-pay, deductible, co-insurance and/or cost-sharing obligations, and otherwise obtaining benefit plan information. We may share the Personal Information with the insurance provider you identify to us, applicable plan administrator or their agent as well as the Lab User and their agent (including potentially via our third party vendor).
We may share your Personal Information with our vendors who perform operational services (such as hosting, billing, fulfillment, data storage, security, user analytics and customized content and/or which make functionality, items, services and products available to our users through or otherwise via our LF Service).
We do not sell email addresses to third parties but may share with third parties to customize communications to you including marketing communications.
We may transfer your information to another company in connection with a merger, sale, exchange of ownership, acquisition or other change of ownership or control by or of LabFinder (whether in whole or in part).
Our LF Service does not address anyone under the age of 13 (“Children”). We respect the privacy concerns of parents and guardians regarding Children and their possible use of this LF Service. LabFinder does not allow Children years 13 or younger to register or use this service, does not knowingly collect or solicit Personal Information from anyone under the age of 13, or knowingly allow such persons to register and/or use the Service. If you are under 13 please do not attempt to register for the LF Service and/or send any information about yourself to us including, but not limited to, your: name, address, telephone number, or email address. No one under the age of 13 may provide Personal Information to us. In the event that we learn that we have collected Personal Information from someone under the age of 13 we will delete such information as quickly as possible. If you are a parent or guardian and you learn that your Children have provided us with Personal Information, please contact us at firstname.lastname@example.org.
What choices do you have about the collection and use of your personally identifiable information?
As a threshold, you should not register for or use the LF Service if you do not agree to these terms.
Please keep in mind that any opt-out choices you make will not apply in situations where (a) you either have made, simultaneously make or later make a specific request for information or action from LabFinder or use particular LF Service functionality that necessitates use of the Personal Information, (b) LabFinder uses your personal information for “Operational Uses” (as described above), (c) you either have engaged, simultaneously engage or later engage in Non-Registered Transactions as described above, or (d) LabFinder collects your personally identifiable information under any of the provisions above.
What kinds of security measures do we take to safeguard your personally identifiable information?
The security of your information is of utmost importance to us. We have implemented technical, administrative and physical security measures to protect user information from unauthorized access and improper use. For example, we limit access to personal information about you to employees who we believe reasonably need to come into contact with that information to provide products or services to you or in order to do their jobs. From time to time, we review our security procedures in order to consider appropriate new technology and methods. All communication uses industry standard secure sockets layer (SSL) encryption to ensure the connect between your browser and LabFinder servers remains private. Once personal health information reaches our system, it is encrypted using unique keys for ongoing storage allowing only those with special permission to access your records. Please be aware though that, despite our best efforts, no security measures are perfect or impenetrable. Once information including Personal Information/PHI is accessed by a viewer or recipient, however, we have no control over the privacy or security of such information.
Attn: Privacy Officer
845 Third Avenue 6th FL
New York, NY 10022
Information for California Residents
California residents have the right to request in writing from businesses with whom they have an established business relationship (1) a list of the categories of personal information, such as name, address, e-mail address and the type of services provided to that customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes, and (2) the names and addresses of all such third parties. You can request information by writing to us at:
Attn: Privacy Officer
845 Third Avenue 6th FL
New York, NY 10022
We will respond to such written requests within thirty (30) days following receipt at the mailing address above. We reserve the right not to respond to requests submitted other than to the address specified above or as otherwise exempted by law. Please note that we are required to respond to each customer only once per calendar year.
Third Party Software
Special Note to International Users