Last updated June 2020

340B ESP™ Privacy Policy

This Privacy Policy describes how Second Sight Solutions LLC and its affiliates (“Second Sight,” “Company,” “we,” “us,” “our”) use, share and otherwise process Personal Information that we collect through the website portal hosted at www.340besp.com and associated web pages (our “Websites”) and the 340B ESP™ offering made available therein (together with any updates provided by Second Sight and any corresponding documentation, associated media, printed materials, and online or electronic documentation) (collectively, the “Platform”). The Platform is intended for use by persons located in the United States.

340B ESP™ enables a 340B covered entity (“Covered Entity”) to submit, via an authorized employee or agent acting on its behalf, certain de-identified 340B pharmacy claims data (“Covered Entity Claims Data”) to Second Sight. Second Sight then analyzes this data on behalf of pharmaceutical manufacturers in order to identify duplicate Medicaid and commercial rebates. For additional information about the Platform, please see our Frequency Asked Questions (“FAQs”), available online at www.340besp.com/faqs.

  1. Personal Information We Collect
  2. “Personal Information” means information that allows us to identify an individual or household, directly or indirectly, such as a name, contact details, or address. We may collect and process the following Personal Information:

    • Identifiers, such as name, address, email address, and telephone numbers;
    • Professional or employment information, such as job title and place of work; and
    • Internet or other electronic network activity information, such as internet protocol (IP) address, login data, unique device identifiers, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices used to access the Platform; as well as usage information, such as information about how you use the Platform and our products and services, referring/exit web pages, date/time stamps, error logs, and the frequency of your use of the Platform.

    We also collect, use, and share de-identified information such as statistical or demographic data, which we may use for any purpose. This information could be derived from your Personal Information but will not reveal your identity directly or indirectly. For example, we may aggregate your usage information to calculate the percentage of users accessing a specific Platform feature.

  3. How We Collect Your Personal Information
  4. We collect Personal Information from you via the following:

    1. Personal Information You Provide to Us
      • Forms you complete and other information you enter directly in the Platform (e.g., as part of a registration process); and
      • Your correspondence and interactions with us, including by letter, email, and telephone.
    2. In order to register for an Platform account (“Account”), you must either (a) use an email address having a domain name associated with the Covered Entity to register for an Account that can invite other users to register on behalf the Covered Entity (“Administrator Account”), or (b) register using an invitation from the Administrator Account of the Covered Entity. As part of the registration process you must provide your first name, last name, work e-mail address, cell phone number, and the Covered Entity on whose behalf you are accessing the Platform.

      The Covered Entity Claims Data, as defined under the 340B ESP™ Terms of Use, available online at www.340besp.com/terms-of-use, is fully de-identified in accordance with the HIPAA expert determination method pursuant to 45 C.F.R. §164.514(b)(1) and does not contain any “Protected Health Information” or “PHI” as defined under the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (“HIPAA”). Such Covered Entity Claims Data does not constitute Personal Information under this Privacy Policy

    3. Information Collected Automatically
    4. We may automatically collect certain information about the devices you use to access the Platform, as well as information on how you interact with the Platform, through web server logs as well as cookies and other similar tracking technologies. Information gathered through cookies and web server logs may include information such as the date and time of visits to the Platform, the pages viewed, time spent at the Platform, and the websites visited just before and just after the Platform.

      1. Cookies and Other Data Collection Technologies
      2. We may collect information about your use of the Platform through cookies and other similar tracking technologies. “Cookies” are a feature of web browser software that allows web servers to recognize the computer used to access a website. They are small text files that are stored by a user’s web browser on the user’s hard drive. Cookies can help identify what information a user accesses on one website to simplify subsequent interactions with that site by the same user or to use the information to streamline the user’s transactions on related websites. A number of Cookies we use last only for the duration of your web session and expire when you close your browser. Other Cookies last longer and are used to recognize your computer when you return to the Platform.

        We use Cookies to manage your login session, help you move between screens in the Platform in a smooth and secure manner, and to gather information about the browsing activities of users of the Platform in order to continually improve it and better serve the needs of its users.

        You can change your browser settings to notify you of the Cookies being set or updated, and to block Cookies. Please note that if you have turned off all Cookies, some features of the Platform may not be available to you or otherwise function as intended.

        We also may include tracking pixels and web beacons in email messages, newsletters, and other electronic communication. They help us to determine whether a message has been opened and to analyze and personalize our interactions with you. Instructions on how to unsubscribe are included in each email.

        We use Google Analytics, which collects information about usage of the Platform and allows us to receive information about general usage statistics.

        In order for Google Analytics to function, when you use the Platform, Google will place cookies on your device. Google Analytics may also collect information through other methods in addition to cookies. Information collected by Google Analytics when you use the Platform, and the way it is used, is described in the applicable Google Privacy Policy [https://policies.google.com/privacy?hl=en-US] and Google Terms of Service [https://policies.google.com/terms?hl=en-US].

      3. Cookie Management
      4. Most web browsers automatically accept Cookies. You can, however, change your browser to prevent this or to notify you each time a Cookie is set. To learn more about how to manage Cookies on different types of browsers, you can visit the website www.allaboutcookies.org.

      5. “Do Not Track” Browser Settings
      6. We do not currently use technology that recognizes “do not track” signals from your web browser.

  5. How We Use Personal Information
  6. We use Personal Information when doing so is consistent with applicable federal, state, or local law, regulation or rule (“Applicable Laws”) including in the following ways:

    • To operate and improve the Platform, our products and services; facilitate communication between participating pharmaceutical manufacturers and registered Account holders of our Platform; communicate with you; undertake business management, planning, statistical analysis, diagnose and fix bugs, protect Second Sight’s rights and interests, ensure the security of Second Sight’s assets, systems and networks, prevent, detect and investigate fraud, unlawful or criminal activities in relation to our services, and enforce our 340B ESP™ Terms of Use www.340besp.com/terms-of-use;
    • Where required by Applicable Laws; and
    • Where necessary for the establishment, exercise, or defense of legal claims.
  7. How We Protect Personal Information
  8. We take precautions to maintain the confidentiality, integrity, and security of your Personal Information, including the adoption of certain physical, electronic, and procedural safeguards and procedures designed to maintain and secure your Personal Information from inappropriate disclosure in accordance with Applicable Laws. The information you transmit to us secured by industry standard encryption. However, no security measures are perfect, and we cannot assure you that Personal Information that we collect will never be accessed or used in in an unauthorized way.

    We restrict access to Personal Information to those employees and agents of Second Sight who need to know that information in order to provide Second Sight’s services. We may disclose such information to our service providers (including financial, technical, marketing, and professional service providers and consultants) and financial institutions that provide services to Second Sight. We require such third party service providers and financial institutions to protect the confidentiality of your Personal Information and to use the information only for purposes for which it is disclosed to them.

  9. When We Disclose Your Personal Information
  10. We do not sell Personal Information or disclose Personal Information except as may be required or permitted by law, rule, or regulation, or otherwise consented by you. We may disclose Personal Information to the following parties:

    • A service provider to which Second Sight has outsourced institutional services or functions;
    • Participating pharmaceutical manufacturers;
    • Any governmental agency, regulatory authority or self-regulatory organization with jurisdiction over Second Sight or its affiliates, if (i) Second Sight determines that such disclosure is necessary or advisable pursuant to or in connection with any Applicable Laws and (ii) such disclosure is not otherwise prohibited by Applicable Laws;
    • Certain other persons to the extent authorized by you.

    In addition, we may use or disclose your personal data as we deem necessary or appropriate:

    • under Applicable Laws, including laws outside your country of residence;
    • to comply with subpoenas and other legal processes;
    • to pursue available remedies or limit damages we may sustain;
    • to protect our operations or those of any of our affiliates;
    • to protect the rights, privacy, safety or property of us, our affiliates, you and others; and
    • to enforce our terms and conditions.

    On all occasions when it is necessary for us to share your Personal Information with other parties, we will require that such information only be used for the limited purpose for which it is shared and will advise such third parties not to further share your information with others except to fulfill that limited purpose.

  11. Your Rights Regarding Your Personal Information
  12. Individuals in California, and certain other jurisdictions may have certain data subject rights. These rights vary, but they may include the right to: (i) request access to and rectification or erasure of their Personal Information; (ii) restrict or object to the processing of their Personal Information; and (iii) obtain a copy of their Personal Information in a portable format. Individuals may also have the right to lodge a complaint about the processing of Personal Information with a data protection authority. We do not sell your information, so you are already opted-out of such sales. We will not discriminate against you for exercising any of these rights.

    How to Exercise Data Subject Rights

    If you wish to exercise any of these rights please email us at the contact provision with the phrase “Data Subject Rights” in the subject line. You may also call us toll-free at 1.888.398.5520 or email us at support@thinkbrg.com. We will review your requests and respond accordingly. The rights described herein are not absolute and we reserve all of our rights available to us at law in this regard. Additionally, if we retain your Personal Information only in de-identified form, we will not attempt to re-identify your data in response to a Data Subject Rights request.

    If you make a request related your Personal Information, we will need to verify your identity. To do so, we will request that you match specific pieces of information you have provided us previously, as well as, in some instances, provide a signed declaration under penalty of perjury that you are the consumer whose Personal Information is the subject of the request. If it is necessary to collect additional information from you, we will use the information only for verification purposes and will delete it as soon as practicable after complying the request. For requests related to particularly sensitive information, we may require additional proof of identification.

    If you make a Data Subject Rights request through an authorized agent, we will require written proof that the agent is authorized to act on your behalf. We will process your request within the time provided by Applicable Laws.

    California Shine the Light Law:

    If you are a California resident, you have the right to request information about how we share certain categories of Personal Information with third parties. California law gives you the right to send us a request at a designated address to receive the following information:

    • Categories of information we disclose to third parties for their direct marketing purposes during the preceding calendar year;
    • Names and addresses of the third parties that received that information; and, if the nature of the third party's business cannot be determined from their name, examples of the products or services marketed.
  13. Retention of Personal Information
  14. We will retain Personal Information only for as long as is necessary for the purposes set out in this Privacy Policy, or as long as we are legally required or permitted to do so. Under certain circumstances, you may have the right to have your Personal Information erased.

    When deciding how long to retain your Personal Information, we take into account our legal and regulatory obligations, the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information described above and whether we can achieve those purposes through other means. We may also retain your Personal Information to investigate or defend against potential legal claims in accordance with the limitation periods of countries where legal action may be brought.

  15. Links to Other Websites
  16. The Platform may contain links to third party websites, products, and services. These third party websites and services have separate and independent privacy policies, which we encourage you to read. We have no responsibility or liability for the content and activities of such linked sites.

  17. Children’s Privacy
  18. The Platform is not directed toward children under the age of 18. We do not promote our Platform to minors, and we do not intentionally collect any personally identifiable information from any person under 18. If we become aware of having collected Personal Information from children under the age of 18 without valid consent from their respective parents or guardians, we will delete it as soon as practicable.

  19. Changes to this Privacy Policy
  20. We may update this Privacy Policy periodically, without prior notice, so please review it frequently. If we decide to change our Privacy Policy, we will post the updated Privacy Policy at www.340besp.com/privacy, so that you are aware of the kinds of Personal Information we collect, use, share, and otherwise process. If we make material changes to this Privacy Policy, we will notify you on this website, in our Platform, update the effective date above, and provide you with notice as required by Applicable Laws.

  21. Contact Us
  22. If you have any questions or concerns about this Privacy Policy, please contact us by:

    • Calling 1.888.398.5520 (toll free)
    • Emailing us at support@340Besp.com
    • Attn: Legal Department
    • Second Sight Solutions, LLC
    • 70 W. Madison, Suite 5000 | Chicago, IL 60602