Last updated August, 2024

340B ESP™ Platform Privacy Policy

This Privacy Policy describes how Second Sight Solutions, LLC and its affiliates (“Second Sight,” “Company,” “we,” “us,” “our”) use, disclose, and otherwise process personal information that we collect online and offline about users of our website portal hosted at www.340besp.com and associated web pages (our “Websites”) and the 340B ESP Platform offering made available therein (collectively, the “Platform”). The Platform is intended for use by persons located in the United States.

340B ESP Platform enables a 340B covered entity (“Covered Entity”) to submit, via an authorized employee or agent acting on its behalf, certain de-identified 340B pharmacy claims data, which predominantly includes 340B claims data that has been deidentified in accordance with the HIPAA deidentification standard (“Covered Entity Claims Data”) to Second Sight. Second Sight then analyzes this data on behalf of pharmaceutical manufacturers (“Manufacturers”) in order to identify duplicate Medicaid, Medicare, TRICARE and commercial payer rebates, determine eligibility under the 340B Drug Pricing Program (codified at 42 U.S.C. § 256b), and determine compliance with Manufacturers’ policies. For additional information about the Platform, please see our Frequently Asked Questions (“FAQs”), available online at www.340besp.com/faqs. This Privacy Policy does not apply to the Covered Entity Claims Data that we process in our capacity as a service provider on behalf of the Manufacturers and Covered Entities, who are the entities that control the processing of that data.

This Privacy Policy also does not cover the personal information that we collect about Company employees or job applicants or contractors engaged by the Company.

For additional information about the privacy choices you have regarding your personal information, please review the Your Privacy Choices section below. If you are a resident of California, please refer to the Additional Information for California Residents section below for information about the categories of personal information we may collect and your rights under California privacy laws.

By using our Platform, you agree that your personal information will be handled as described in this Privacy Policy. Your use of our Platform and any dispute over privacy is subject to this Privacy Policy and the 340B ESP Platform Terms of Use, available at www.340besp.com/terms-of-use, including applicable terms governing limitations on damages and the resolution of disputes.

  1. What Personal Information We Collect
  2. The personal information we collect from you depends upon how you use our Platform or otherwise interact or engage with us, but generally includes the following:

    • Identifiers. Such as name, email address, username and password, and telephone number;
    • Professional or Employment Information. Such as business address, and place of work;
    • Internet or other Electronic Network Activity Information. Such as internet protocol (IP) address, login data, unique device identifiers, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices used to access the Platform; as well as usage information, such as information about how you use the Platform and our products and services, referring/exit web pages, date/time stamps, error logs, and the frequency of your use of the Platform;
    • General Location Information. Such as that derived from Internet/electronic network activity information; and
    • Other Information. Such as information that you voluntarily provide to us (such as via email or our Contact Us page).

    We may also collect and receive certain personal information about you from third-party sources, such as Covered Entities, Manufacturers and other entities with whom we partner to provide our services (“Business Partners”), public databases, and other Platform users, and service providers or other third parties who provide services or perform functions on our behalf. For example, we may collect your name, contact details, and other similar information from Business Partners and service providers for purposes of providing and enabling your use of our Platform.

  3. How We Collect Your Personal Information
  4. We collect personal information from you via the following:

    1. Personal Information You Provide to Us
      • Forms you complete and other information you enter directly in the Platform (e.g., as part of a registration process); and
      • Your correspondence and interactions with us, including by letter, email, and telephone.

      In order to register for a Platform account (“Account”), you must either (a) use an email address having a domain name associated with the Covered Entity to register for an Account that can invite other users to register on behalf of the Covered Entity (“Administrator Account”), or (b) register using an invitation from the Administrator Account of the Covered Entity. As part of the registration process, you must provide your first name, last name, work e-mail address, cell phone number, and the Covered Entity on whose behalf you are accessing the Platform.

    2. Information Collected Automatically
    3. We may automatically collect certain information about the devices you use to access the Platform, as well as information on how you interact with the Platform, through web server logs as well as cookies and other similar tracking technologies.

      1. Cookies and Other Data Collection Technologies
      2. We may collect information about your use of the Platform through cookies and other similar tracking technologies. “Cookies” are a feature of web browser software that allows web servers to recognize the Internet-enabled device used to access a website. They are small text files that are stored by a user’s web browser on the user’s device. Cookies can help identify what information a user accesses on one website to simplify subsequent interactions with that website by the same user or to use the information to streamline the user’s transactions on related websites. A number of Cookies we use last only for the duration of your web session and expire when you close your browser. Other Cookies last longer and are used, for example, to recognize your device when you return to the Platform.

        We use Cookies to manage your login session, help you move between screens in the Platform in a smooth and secure manner, and gather information about the browsing activities of users of the Platform in order to continually improve it and better serve the needs of its users.

        You can change your browser settings to notify you of the Cookies being set or updated, and to block Cookies. Please note that if you have disabled Cookies, some features of the Platform may not be available to you or otherwise function as intended.

        We use cookies and other tracking technologies provided by a third party, Intercom, which allow Intercom and us to identify users of our chat feature for customer support and related purposes. For more information regarding Intercom’s privacy practices, see Intercom’s privacy policy.

      3. Cookie Management
      4. For information about how to manage Cookies, such as how to prevent or delete them, please see Your Privacy Choices below.

      5. “Do Not Track” Browser Settings
      6. We do not currently use technology that recognizes “do not track” signals from your web browser.

  5. How and Why We Use Personal Information
  6. We use personal information consistent with applicable federal, state, and local law, regulation and rule (“Applicable Laws”), including in the following ways:

    • Account Registration, Support and Management. To provide and operate our Platform, manage your account, communicate with you about your use of the Platform, provide troubleshooting and technical support, and for similar support purposes; to respond to your inquiries, fulfill your requests, and to otherwise run our day-to-day operations.
    • Analytics and Improvement. To better understand how users access and use the Platform, and for other research and analytical purposes, such as to evaluate and improve the Platform and business operations, including to develop increased functionality, and for internal quality control and training purposes.
    • Communication. To respond to your questions, send you requested materials and newsletters, as well as information and materials regarding our Platform. We may also use this information to send administrative information to you, for example, information regarding the Platform and changes to our terms, conditions, and policies. In addition, we may use personal information to facilitate communication between participating Manufacturers and registered Account holders of our Platform. When you email, call, or otherwise communicate with us and with members of our team, we collect and maintain a record of your contact details, communications and our responses. We and the provider of our chat feature maintain and record communications and information that you post in chat sessions on our Platform, including information you provide to us related to any customer support requests.
    • Research and Surveys. To administer surveys and questionnaires, such as for market research or user satisfaction purposes.
    • Insight Development and Data Enhancement. We may combine personal information collected about users of the Platform with other information that we or third parties collect about you in other contexts. In most cases, the information that we may combine with the personal information collected about the Platform for market research, such as demographic information, does not directly identify individuals.
    • Security and Protection of Rights.To protect the Platform and our business operations, our rights and those of our stakeholders and investors, to prevent and detect fraud, unauthorized activities and access, and other misuse of our Platform, including where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of the 340B ESP Platform Terms of Use.
    • Compliance and Legal Process.To comply with applicable legal or regulatory obligations, including as part of a judicial proceeding, to respond to a subpoena, warrant, court order, or other legal process, or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority.
    • Auditing, Reporting, and Other Internal Operations. To conduct audits and assessments of our operations, including our privacy and security controls, as well as for risk and compliance purposes. We may also use personal information to maintain appropriate business records and enforce our policies and procedures.
    • General Business and Operational Support. To assess and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions such as financings, and to administer our business, accounting, auditing, compliance, recordkeeping, and legal functions.
    • For additional reasons we disclose to you at the time of collection.
  7. When We Disclose Your Personal Information
  8. We may disclose personal information for the purposes described above and to the following entities:

    • Our affiliates and subsidiaries;
    • A service provider to which Second Sight has outsourced institutional services or functions (such as IT or help desk functions);
    • Business Partners. For example, if you are an employee of a Manufacturer or Covered Entity, we may disclose information about you to the Manufacturer or Covered Entity who is your employer;
    • Any governmental agency, regulatory authority or self-regulatory organization with jurisdiction over Second Sight or its affiliates;
    • Others to the extent we have notified you or to the extent necessary to operate the Platform.

    In addition, we may use or disclose your personal information as we deem necessary or appropriate:

    • under Applicable Laws, including laws outside your country of residence;
    • to comply with subpoenas and other legal processes;
    • to pursue available remedies or limit damages we may sustain;
    • to protect our operations or those of any of our affiliates;
    • in support of business transfers, including if we or our affiliates are acquired by, merged with, or invested in by another company, if any of our assets are transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, or if any such business transfer is contemplated and any preparatory or intermediate steps are undertaken;
    • to protect the rights, privacy, safety or property of us, our affiliates, you and others;
    • to enforce the 340B ESP Platform Terms of Use, available at www.340besp.com/terms-of-use
    • as otherwise authorized by you.

    Notwithstanding anything else described in this Privacy Policy, we may use and disclose aggregate, deidentified, and other non-identifiable data related to our business and the Platform for quality control, analytics, research, development, and other purposes. Where we use, disclose, or process deidentified data (data that is no longer reasonably linked or linkable to an identified or identifiable natural person, household, or personal or household device) we will use the information as permitted by Applicable Laws.

  9. How We Protect Personal Information
  10. We take precautions to maintain the confidentiality, integrity, and security of your personal information, including the adoption of certain physical, electronic, and procedural safeguards and procedures designed to maintain and secure your personal information from inappropriate disclosure in accordance with Applicable Laws. However, no security measures are perfect, and we cannot guarantee that personal information we collect will never be accessed or used in an unauthorized way.

  11. Retention of Personal Information
  12. We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy, or as long as we are legally required or permitted to do so. Under certain circumstances, you may have the right to request that we delete your personal information that we retain.

    When deciding how long to retain your personal information, we take into account our legal and regulatory obligations, the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information as described above and whether we can achieve those purposes through other means. We may also retain your personal information to investigate or defend against potential legal claims in accordance with the limitation periods of jurisdictions where legal action may be brought.

  13. Your Privacy Choices
  14. We make available several ways for you to manage your preferences and privacy choices, as described below:

    • Account and Profile Information. You can review and update some of the personal information we maintain about you by logging into your Account and updating your profile information directly within our Platform.
    • Cookie Settings. To prevent Cookies from tracking your activity on our Platform or visits across multiple websites, you can set your browser to block certain Cookies or notify you when Cookies are set. You can also delete Cookies. The “Help” portion of the toolbar on most browsers will tell you how to prevent your device from accepting new Cookies, how to have the browser notify you when you receive new Cookies, or how to delete Cookies. Visitors to our Platform who disable Cookies will be able to browse the Platform, but some features may not function as intended.
  15. Links to Other Websites
  16. Our Platform may contain links to third-party websites or features or provide certain third-party connections or integrated services. Any access to and use of such linked websites, features, or third-party services is not governed by this Privacy Policy but instead is governed by the privacy policies of those third parties. We are not responsible for the information practices of such third parties, including their collection, use, and disclosure of your personal information. You should review the privacy policies and terms for any third parties before proceeding to those websites or using those third-party features or services.

  17. Children’s Privacy
  18. The Platform is not directed toward children under the age of 18. We do not promote our Platform to minors, and we do not intentionally collect any personal information from any person under 18. If you are a parent or legal guardian and you believe that we have collected your child’s information in violation of Applicable Laws, please contact us using the contact information in the Contact Us section below.

  19. Changes to this Privacy Policy
  20. We may update this Privacy Policy periodically, so please review it frequently. If we decide to change our Privacy Policy, we will post the updated Privacy Policy at www.340besp.com/privacy, so that you are aware of the kinds of personal information we collect, use, share, and otherwise process. If we make material changes to this Privacy Policy, we will notify you on our Websites, in our Platform, revise the last updated date above, and provide you with notice as required by Applicable Laws.

  21. Contact Us
  22. If you have any questions or concerns about this Privacy Policy, please contact us by:

    • Calling 1.866.825.1996 (toll free)
    • Emailing us at privacy@thinkbrg.com
    • Writing us at Attn: Legal Department
    • Second Sight Solutions, LLC

      70 W. Madison, Suite 5000 | Chicago, IL 60602

  23. Additional Information for California Residents
  24. In this section, as required under the California Consumer Privacy Act (“CCPA”), we provide California residents with certain specific information about how we handle their personal information, whether collected online or offline. Under the CCPA, “personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident, household, or device.

    Notice at Collection. The following sub-sections below, read together, are intended to comply with our obligations for Notice at Collection under the CCPA: “Categories of Personal Information We May Collect or Disclose”, “Purposes of Collection, Use, and Disclosure”, “Retention”, and “Sales and Sharing of Personal Information”.

    Scope. This section applies to “personal information” as defined by the CCPA, whether collected online or offline, in our capacity as a business. This section does not address or apply to our handling of publicly available information or personal information that is otherwise exempt under the CCPA. This section also does not apply to personal information we collect about independent contractors or current or former full-time, part-time, and temporary employees and staff, officers, directors, or owners of the Company.

    Categories of Personal Information We May Collect or Disclose.The table below generally sets out the categories of personal information that we may collect about you (and may have collected in the prior 12 months), as defined by the CCPA, as well as the categories of other entities to whom we may disclose this information for business or commercial purposes. Our collection and disclosure of personal information about a California resident will vary depending upon the circumstances and nature of our interactions or relationship with such individuals.

    Categories of personal informationTo whom we may disclose for a business or commercial purpose
    Identifiers.Includes, but is not limited to, direct identifiers such as name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, and telephone number.
    • Affiliates and subsidiaries
    • Advisors and agents
    • Other customers or users
    • Others as required by law
    Usage Data. Includes, but is not limited to, browsing history, clickstream data, search history, and similar information regarding interactions with our Platform and Websites, or emails.
    • Affiliates and subsidiaries
    • Advisors and agents
    • Other customers or users
    • Others as required by law
    Location Data. Such as general location information (including that derived from an IP address) about a particular individual or device.
    • Affiliates and subsidiaries
    • Advisors and agents
    • Other customers or users
    • Others as required by law
    Audio, Visual, and Other Electronic Data. Includes recorded meetings and webinars, videos, and photographs.
    • Affiliates and subsidiaries
    • Advisors and agents
    • Other customers or users
    • Others as required by law
    Professional Information. Includes, but is not limited to, job title, company name, business email, business phone number, and other similar professional-related information.
    • Affiliates and subsidiaries
    • Advisors and agents
    • Other customers or users
    • Others as required by law
    Sensitive Personal Information.We may collect account log-in information, which is considered sensitive personal information under the CCPA.
    • Affiliates and subsidiaries
    • Advisors and agents
    • Others as required by law

    Source of Personal Information.We generally collect personal information from the following categories of sources:

    • Directly from individuals and their employers/our customers;
    • Government agencies or public records;
    • Vendors and service providers; and
    • Business Partners.

    Purposes of Collection, Use, and Disclosure. As described in the How and Why We Use Personal Information section above, in general, we collect and otherwise process personal information for the following business or commercial purposes, or as otherwise directed or consented to by you:

    • Account registration, support and management;
    • Analytics and improvement;
    • Communication;
    • Research and surveys;
    • Insight development and data enhancement;
    • Security and protection of rights;
    • Compliance and legal process;
    • Auditing, reporting, and other internal operations; and
    • General business and operational support.

    Sales and Sharing of Personal Information. The CCPA defines “sale” as disclosing or making available personal information to a third party in exchange for monetary or other valuable consideration, and “sharing” includes disclosing or making available personal information to a third party for purposes of cross-context behavioral advertising. We do not sell or share personal information, including sensitive personal information, nor do we sell or share personal information about individuals we know are under age sixteen (16).

    Sensitive Personal Information. Notwithstanding the above, we do not collect, use, or disclose “sensitive personal information” beyond the purposes authorized by applicable privacy law. Accordingly, we only use and disclose sensitive personal information as reasonably necessary and proportionate: (i) to perform our services requested by you; (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents; (iii) to detect, prevent, and respond to malicious, fraudulent, deceptive, or illegal conduct; (iv) to verify or maintain the quality and safety of our services; (v) for compliance with our legal obligations; (vi) to provide it to our service providers who perform services on our behalf; and (vii) for purposes other than inferring characteristics about you.

    Retention of Personal Information. We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy, or as long as we are legally required or permitted to do so. Under certain circumstances, you may have the right to request that we delete your personal information that we retain.

    When deciding how long to retain your personal information, we take into account our legal and regulatory obligations, the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information as described above and whether we can achieve those purposes through other means. We may also retain your personal information to investigate or defend against potential legal claims in accordance with the limitation periods of jurisdictions where legal action may be brought.

    California Privacy Rights. California privacy law provides California residents with specific rights regarding personal information. Subject to certain conditions and exceptions, California residents have the following rights with respect to their personal information:

    • Right to Know. You have the right to request (i) the categories of personal information we collected about you; (ii) the categories of sources from which the personal information is collected; (iii) our business or commercial purposes for collecting, selling, or sharing personal information; (iv) the categories of third parties to whom we have disclosed personal information; and (v) a copy of the specific pieces of personal information we have collected about you.
    • Right to Delete. You have the right to request we delete personal information we have collected from you.
    • Right to Correct. You have the right to request that we correct inaccuracies in your personal information.
    • Right to Opt-Out of Sales and Sharing. You have the right to opt-out of “sales” and “sharing” of your personal information, as those terms are defined under the CCPA. We do not sell or share personal information; thus, this right is not available to California residents.
    • Right to Limit Use. You have the right to limit use and disclose of your sensitive personal information. We do not use or disclose sensitive personal information beyond the purposes authorized by the CCPA; thus, this right is not available to California residents.
    • Right to Non-Discrimination. You have the right not to be subjected to discriminatory treatment for exercising any of the rights described in this section.

    Exercising Your Privacy Rights. California residents may exercise their CCPA privacy rights as set forth below:

    • Right to Know, Delete, and Correct. California residents may submit CCPA requests to know/access, delete, and correct their personal information by:
    • When you submit a request, we will take steps to verify your identity and request by matching the information provided by you with the information that we have in our records. In some cases, we may request additional information in order to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for the denial.

      You may also designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization in their first communication with us, and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.