Privacy Policy

Effective Date: 03/09/2018

1. Overview. CannaMD Florida, LLC. (“CannaMD,” “ we,” “us,” “our”) operates the website located at cannamd.com, the MyCannaMD Patient & Physician Portal at mycannamd.com as well as other related websites and mobile applications including, but not limited to those websites and mobile applications where this Privacy Policy appears (collectively the “Sites”). Through these Sites we operate various online services that allow patients to qualify for medical marijuana certifications with the assistance of the patient’s healthcare provider (“Services”).

This Privacy Policy explains our privacy practices that apply to the Services we provide through our Sites.

It is important that you read this Privacy Policy carefully so you understand how we collect, use and disclose Personal Information and other information from and/or about you when you use the Sites or Services. If you do not understand any part of this Privacy Policy, please feel free to contact us using the information found at the end of this Privacy Policy.

We may revise this Privacy Policy at any time. We will post the most recent version of this Privacy Policy with any changes if and when they occur. It is important to check this document periodically so that you are aware of any changes in our Privacy Policy because your continued use of the Sites or Services on or after the effective date at the top of this document means you approve the changes.

This Privacy Policy is part of the CannaMD Terms and Conditions. This means that by accepting the Terms and Conditions or otherwise using our Sites or Services, you are agreeing to the use and disclosure of your Personal Information as outlined in this Privacy Policy. If you do not agree to our use and disclosure of your Personal Information, then do not use our Sites or Services. The Sites are intended only for persons located within the United States.

2. Important Definitions. When use the term “Personal Information” in this Privacy Policy, we mean information about you that could be used to identify you such as your contact information (name, address, email address, or telephone number, etc.), personally identifiable health or medical information (e.g. diagnosis, medications, dates of service, etc.) and any other non-public identifying information about you. When we use the term “De-Identified Information” we mean information that may be about you, but that does not identify you.

3. Information We Collect. Depending on which Sites and Services you use, we collect different kinds of Personal Information about you. We collect information about you from a variety of sources. This includes information we collect directly from you; information we collect in the background or automatically when you look at or use our Sites or Services and information we collect about you from other sources such as your healthcare provider.

We collect information directly from you when you create an account on any of our Sites, call or e-mail us, or otherwise provide information directly to us. The following are examples of the Personal Information we collect or maintain directly from you:

• Your name, photograph(s) or images, age, residential address, shipping address(es), e-mail address(es), username, password, date of birth, phone numbers, gender, emergency contact, social security number, license numbers, registration numbers, government identification and/or OMMU Registry ID;
• Health and medical information about you relating to your medical and health history and/or health status such as your weight, height, laboratory testing results, diagnoses, medications your taking, treatment goals, reasons you want medical cannabis, allergies, and other health related information you provide us;
• Your demographic information;
• Information about your purchases or transactions including, but not limited to, your payment information such as your credit or debit card number and other card information, account and routing numbers, other account information and authentication information as well as billing, shipping and contact details;
• Communications you may have with healthcare providers or others on our Sites or when using our Services; and
• Any other information that you input into the Sites or provide us when using the Services.

We collect information in the background or automatically about you when you visit our Sites or use our Services, view our online ads or promotions, open or view communications from us or others by using cookies and other technologies. A cookie is a tiny data file that resides on your computer, mobile phone, or other device, that allows us to recognize you when you visit the Sites. Using the settings in your browser, you can remove or block cookies, but in some cases doing so may impact your ability to use our Sites and Services. We use other technologies like web beacons and JavaScript that sometimes work together with cookies and other processes to uniquely identify your device or provide us with other information. These other technologies help enable features on and within our Sites and can automatically collect information about you, your devices, your behavior on our Sites and elsewhere. The following are examples of the information we may collect or maintain about you automatically and/or in the background:

• Information from or about the computers, phones or other devices where you install or access our Sites such as your operating systems, hardware version, device settings, file and software names and types, battery and signal strength, and device identifiers;
• Device locations, including specific geographic locations such as through GPS, Bluetooth, or WiFi signals;
• Connection information such as the name of your mobile operator or Internet service provider, browser type, language and time zone, mobile phone number and IP address;
• Information about when and how often you use our Sites, what you did on our Sites or while using our Services; and
• Information about the websites and apps your visit other than the Sites and your use of those websites and apps including but not limited to, what other sites you used prior to visiting one our Sites or used after visiting one of our Sites.

We collect information about you from other people or entities including, but not limited to, healthcare providers who provide Services through the Sites, other healthcare providers you may see outside of our Sites. The following are examples of the information we may collect or maintain from other people or entities:

• Health information about you prepared by healthcare provider(s) such as medical records, treatment, examination or progress notes and other health related information; and
• Communications healthcare providers may have with each other about you.

4. How We Use Your Personal Information. We may use all of the information we have about you including Personal Information for the following purposes:

• To provide you with Services including, but not limited to, process payments, personalize your experience on our Sites, allow you to participate in social sharing on our websites, create and manage accounts;
• To improve the Services we offer, to create new products or services, test features in development, analyze the use of our products, services and advertising, and/or conduct audits and troubleshooting activities;
• To create De-Identified Information such as aggregate statistics relating to the use of the Sites, Services or specific cannabis products purchased through our Sites;
• To communicate with you about our Services or offers and promotions, let you know when updates to our Sites are available and to respond to you when you contact us;
• To market and promote our Sites, the Services offered to you through the Site or healthcare providers on our Sites;
• To help verify accounts and activity, to promote safety and security on and off of our Sites such as by investigating suspicious activity or violations of our Terms and Conditions or policies, enforce our Terms and Conditions or policies and otherwise manage our business; and
• To fulfill any other purpose for which you provide us Personal Information or for any purpose for which you give us authorization.

5. Information Sharing. We may share and disclose De-Identified Information created by us or on our behalf without restriction. We may disclose your Personal Information that we collect or you provide as permitted or required by law as follows:

• To any of CannaMD’s wholly owned subsidiaries or affiliated companies;
• To contractors, service providers and other third parties that we use to support, manage, or operate our business;
• When we believe in good faith that disclosure is required by law, which can include, but is not limited to, providing information to law enforcement, or as required by a statute, regulation, subpoena, court order, government request or other legal process;
• When we believe in good faith that disclosure is necessary to protect your safety or the safety of others, to protect our rights, or to investigate or prosecute fraud;
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some of all of CannaMD’s’s or its subsidiaries or affiliates assets or equity, whether as a going concern or as a part of a bankruptcy, liquidation or similar proceeding, in which Personal Information maintained by the Sites is among the assets transferred;
• We transfer your Personal Information to healthcare providers on our Sites as well as to other healthcare providers as permitted by law;
• We may disclose your Personal Information to any one you direct us to; and
• For any other reason permitted by applicable law.

6. Security of Information Collected. We take the security of your information including, Personal Information, seriously. We strive to use industry standard physical, technical, and administrative safeguards to protect the confidentiality and security of your Personal Information. However, the Internet is not a 100% secure environment and we cannot guarantee, ensure, or warrant the security of any information you transmit to us directly or that is collected automatically or in the background. There is no guarantee that any information, including Personal Information, will not be improperly accessed, disclosed, altered or destroyed by breach of any of our physical, technical, or administrative safeguards. Even though there are many benefits to using the Sites, as with all electronic services and communications there are some risks such as failure of hardware, software and/or Internet connections or security breaches due to use of unsecured computers, links or Internet services. This could result in your information, including your Personal Information, becoming lost or intercepted during transmission. We are not responsible for failures, distortions, delays or other problems resulting from equipment configuration, connection, signal power, hardware, software or any equipment used to access the Internet. We cannot guarantee the confidentiality of Personal Information transmitted by e-mail. E-mail sent via the Internet may pass through private and public networks with varying levels of security. It is your responsibility to protect the security of your login and password information and to use good judgment before deciding to send information via the Internet.

7. How to Update, Change or Delete Your Information. You can update or change some of your Personal Information yourself on our Sites. You can also request to change, delete or access your Personal Information or accounts by emailing us at info@cannamd.com. In some cases, we may not be able to accommodate such requests, in which case we will let you know and why. We keep Personal Information only for so long as deemed reasonably necessary and permitted or required by applicable law.

8. Children’s Online Privacy. This Website is not directed to children under eighteen (18) years of age, and children under such age must not use the website or services offered on it for any purpose, including to submit individually identifiable information about themselves.

9. Third Party Sites. Our Sites may contain links to other websites. We do not share Personal Information with those websites unless authorized by you. We are not responsible for the privacy policies of any website linked to our Sites that we do not wholly own and control. We aim to work with trusted partners and organizations which are also bound by state and federal laws governing privacy and security; however, we strongly encourage you to be aware when you leave our Sites and to review any privacy policy of other websites.

10. HIPAA. The healthcare providers that you interact with when using the Sites or Services may or may not be required to comply with the Health Insurance Portability and Accountability Act of 1996, as amended (“ HIPAA”). The healthcare providers on our Sites are independent from us and are not owned or controlled by us. We are merely an intermediary between you and the healthcare providers on the Sites and are not responsible for the privacy or practices of these independent healthcare providers, their compliance with applicable laws, or the security of their information outside of our Sites.

11. Note to California Residents. California residents have special protections under state law regarding the access and use of Personal Information CA Civil Code Sec. 1798.80-1978.84.

12. Report Violations. You should immediately report any security violations or suspicious activity regarding your accounts by contacting us.

13. How to Contact Us with Questions or Complaints. If you have any questions, concerns, complaints, or suggestions regarding this Privacy Policy please contact us.