OVERVIEW OF PRIVACY POLICY

This Privacy Policy includes the following information:

Information We Collect from You

• • Non-Personal Information
  • Personally Identifiable Information
  • Automatically Gathered Information
  • Children and Parents

How We Use and Disclose Information Collected

• • Non-Personal Information Use and Disclosure
  • Personally Identifiable Information Use and Disclosure
  • Disclosures with Your Consent
  • Additional Disclosures
  • Access to Your Information
  • Linked Third-Party Sites

Information Security

Data Retention and Deletion

Compliance and Cooperation with Regulatory Authorities

Text Messaging Terms and Conditions

Changes to Our Privacy Policy

• • Contact Us

INFORMATION WE COLLECT FROM YOU

When you use the Services, certain types of data may be collected from you, including: (1) Non-Personal Information; and (2) Personally Identifiable Information. For more detailed information on personal information from children, please refer to the “Children and Parents” section below.

Non-Personal Information

We may automatically collect certain data regarding your use of or access to the Services, such as: the type of device you use to access the Services; the date and time you access the Services; the type of web browser you use to access the Services; and the sections within the Services that you access (collectively, “Non-Personal Information”). For more detailed information, please refer to the “Automatically Gathered Information” section below.

Personally Identifiable Information

You may be able to view and download content through certain Services (or portions thereof) that are accessible to the general public without disclosing any information that, either alone or in combination with other information, can be used to uniquely identify, contact or locate you (collectively, “Personally Identifiable Information” or “PII”). However, certain Services (or portions thereof) may only be accessible by creating an account, providing third-party user credentials (e.g., your Google account) for authentication or otherwise disclosing certain PII, such as your name, email address, home address and phone number. By providing such information, you acknowledge that you understand our collection and use of it, as described in this Privacy Policy.

Automatically Gathered Information

DMG automatically tracks certain information about you based upon your behavior while visiting the Website. This information is used to better understand and serve you by responding to your particular interests and needs.

Internet Protocol Address

We collect an IP address from all visitors to our Website. An IP address is a number that is automatically assigned to a computer when a computer accesses the Internet. We use IP addresses based on our legitimate business interest to help diagnose problems with our server, administer our Website, analyze trends, track user movement on the Website, gather broad demographic information for aggregate use in order for us to improve the Website, and deliver personalized content.

Use of “Cookies”

Our Website uses cookies to enhance user experience while using our Website. Cookies are pieces of information that some websites transfer to the computer that is browsing that website and are used for record-keeping purposes at many websites. Use of cookies makes web browsing easier by performing certain functions such as saving your passwords, saving personal preferences regarding your use of the particular website, and ensuring that you don’t see the same advertisement repeatedly. If you would prefer not to receive cookies, you can turn off the ability to receive these cookies by adjusting the browser on your computer. Most browsers offer instructions on how to reset the browser to reject cookies in the “Help” section of the toolbar. If you refuse cookies, however, certain functions and conveniences of the Website may not work properly.

Children and Parents

The Services are not designed nor intended to collect personal information from children under the age of 18, however parents or legal guardians may use the Services to upload information related to the care of their children or legal dependents. We apply the same rigorous privacy policies set forth in the Health Insurance Portability and Accountability Act of 1996 to children’s information.

DMG does not specifically or knowingly provide or market our Services to children under the age of 18. So that we may comply with the Children’s Online Privacy Protection Act, we ask that children under the age of 18 do not provide or attempt to provide any personal information on or through the Services. If a parent believes that his or her child has provided us with personal information, he or she can contact us via email and we will promptly delete the information upon learning that it relates to a child under the age of 18.

HOW WE USE AND DISCLOSE INFORMATION COLLECTED

Generally, we may use and disclose the information that we collect for our business purposes, including operation of the Services, as well as development of new products and services. Such use and disclosure of information may vary with respect to the type of information collected, including: (1) Non-Personal Information; and (2) Personally Identifiable Information.

Non-personal Information Use and Disclosure

We use Non-Personal Information collected through the Services to monitor the performance and effectiveness of the Services, to help personalize your experience, for statistical and research purposes and for improving the functionality of the Services. This information may also be used for administrative purposes including, without limitation, to troubleshoot and resolve problems with the Services and to protect DMG, the Services and our users. We may rely on third-party partners to collect and analyze Non-Personal Information based on our instructions and subject to appropriate privacy and security measures.

Personally Identifiable Information Use and Disclosure

PII collected may be used for a variety of purposes, such as responding to requests for information, and creation of user accounts. We may disclose your PII to:

(i) our affiliates in your local jurisdiction, or other locations as necessary or appropriate, to assist us with responding to requests for information, and to provide other activities contemplated by the Services; and

(ii) business partners or service providers we use to perform site hosting, analytics, and other information technology and support functions on our behalf, and such activities are performed based on our instructions and in compliance with appropriate privacy and security measures.

Where permitted, your PII may also be used to create de-identified data sets.

Disclosures with Your Consent

We may share personal information with companies, organizations or individuals outside of DMG, for purposes not specified elsewhere in this Privacy Policy, when we have your consent to do so. We require explicit “opt-in” consent for the sharing of certain sensitive personal information.

Contact Information

Where appropriate and with your permission (obtained through the Authorization, as defined below, or otherwise), we may share your contact information with authorized testing sites, health care professionals involved in collection of any bio specimens, clinical laboratories that process collected bio specimens and relevant public health authorities, such as the Florida Department of Health (FDOH) and the United States Centers for Disease Control and Prevention (CDC), for purposes related to performing tests, administering and improving the testing program and for public health purposes; your information may be used by such third parties consistent with those purposes.

Screener Survey Responses

The Services include features that allow you to complete a screener survey, developed in consultation with CDC. The information collected in connection with the screener survey may include your age and/or date of birth, gender, recent travel history, current health status and any known contact with other individuals who may have been exposed to the virus responsible for COVID-19, referred to as SARS-CoV-2. Such information is collected for the purpose of determining whether you are eligible for testing under this program. Where appropriate and with your permission (obtained through the Authorization, as defined below, or otherwise), we may share your screener survey responses with authorized testing sites, health care professionals involved in collection of any biospecimens, clinical laboratories that process collected biospecimens and relevant public health authorities, such as the FDOH and CDC, for purposes related to performing tests, administering and improving the testing program and for public health purposes; your information may be used by such third parties consistent with those purposes.

Scheduling Information

In the event that the screener survey determines that you are eligible for testing under this program, you may receive certain scheduling information, including the date(s) and times during which you may present at your assigned site for testing. Where appropriate and with your permission (obtained through the Authorization, as defined below, or otherwise), we may also provide such scheduling information (together with your contact information) to authorized testing sites, health care professionals involved in collection of any biospecimens, clinical laboratories that process collected biospecimens and relevant public health authorities, such as the FDOH and CDC, for purposes related to performing tests, administering and improving the testing program and for public health purposes; your information may be used by such third parties consistent with those purposes.

Authorization / Release of Medical Information

The Services include features that allow you to complete an Authorization / Release of Medical Information (the “Authorization”), which may be required in order for you to access certain portions of the Services. The Authorization may collect certain information, including your full name, initials and electronic signature. Such information is collected for the purpose of executing the Authorization. Where necessary, we may share an executed copy of the Authorization with authorized testing sites, health care professionals involved in collection of any biospecimens, clinical laboratories that process collected biospecimens and relevant public health authorities, such as the FDOH and CDC, for purposes related to performing tests, communicating test results, administering and improving the testing program and for public health purposes; your information may be used by such third parties consistent with those purposes.

Service Providers

DMG may share your information with certain service providers engaged to perform services on our behalf, including but not limited to the following:

Google: DMG leverages certain technology and services from Google LLC, including cloud services, security services, data storage, website hosting and other support functions. Google’s access to data is strictly limited to the purpose of providing such services to DMG. Your data collected through the Services will never be joined with your data stored in Google products without your explicit permission.

Salesforce: DMG leverages certain technology services from Salesforce.com, Inc., including customer relationship management solutions. Salesforce’s access to data is strictly limited to the purpose of providing such services to DMG.

Additional Disclosures

In addition to the activities described above, we may share personal information with companies, organizations or individuals outside of DMG if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to: (1) meet any applicable law, regulation, legal process or enforceable governmental request; (2) enforce applicable Terms of Use, including investigation of potential violations; (3) detect, prevent or otherwise address fraud, security or technical issues; or (4) protect against harm to the rights, property or safety of DMG, our users or the public, as required or permitted by law.

Access to Your Information

We aim to provide you with access to your personal information gathered through the Services. In some circumstances you may have the right to review or request your personal information, or request that it be updated or deleted, by contacting us using the method below under the caption “Contact Us.” However, to the extent permitted by law, we may reject requests that are unreasonably repetitive, unduly burdensome, risk the privacy of others, or would be very impractical to honor.

To the extent practicable, where we can provide our users with information access and correction through the Services, we will do so for free, except where it would require a disproportionate effort. We aim to protect information gathered through the Services from accidental or malicious destruction.

You may at any time print, download, or request a printed copy of this Privacy Policy.

Linked Third-Party Sites

We may provide links to other third-party websites through the Services solely as a convenience to you. However, such linking does not mean, and should not be interpreted to mean, that DMG endorses, is affiliated with or makes any representations concerning such third-party websites. DMG neither reviews, nor controls, nor is responsible for these third-party sites or any content therein. This Privacy Policy only applies to information collected by DMG through the Services. If you decide to access any of the third-party sites linked through the Services, or choose to provide information to such third-party sites, you do so entirely at your own risk. DMG recommends that you always read the privacy policy of a linked site before disclosing any personal information. DMG shall not be liable for any consequences arising from use of any third-party websites to which the Services link.

INFORMATION SECURITY

We work hard to prevent unauthorized accessing, alteration, disclosure, or destruction of the information that we hold. We have many data security safeguards in place, and we regularly review our security practices to proactively guard against unauthorized access.

We strive to maintain the security of your information by using appropriate measures designed to protect our systems. However, we cannot guarantee the security of any information that is disclosed online. Consequently, we do not represent, insure or warrant the security of any information you transmit, and you do so at your own risk.

DATA RETENTION AND DELETION

We collect data when you use our Services. What we collect, why we collect it, and how you can manage your information are described in this Privacy Policy. This section describes why we hold onto different types of data for different periods of time.

For some data, you can request deletion whenever you like, some data is deleted automatically, and some data we retain for longer periods of time when necessary. When data is deleted, we follow internal policies and procedures to make sure that your data is safely and completely removed from our servers or retained only in anonymized form.

Data Retained Until You Request Deletion.

As noted in this Privacy Policy (in the “Access to Your Information” section above), you may have the right to request deletion of your information. In certain circumstances, we may provide you with tools or other features within our Services that enable you to directly manage your information, including deletion of your information. In any event, you can always submit a deletion request by contacting us using the method below under the caption “Contact Us.”

Data That Expires After a Specific Period of Time

In some cases, we store data for a predetermined period of time. For each type of data, we set retention timeframes based on the reason for its collection. Where applicable, we also take steps to anonymize certain data within set time periods.

Information Retained for Extended Time Periods for Limited Purposes.

Sometimes business and legal requirements oblige us to retain certain information, for specific purposes, for an extended period of time. Reasons we might retain some data for longer periods of time include:

• • Security, fraud & abuse prevention
  • Financial record-keeping
  • Complying with legal or regulatory requirements
  • Ensuring the continuity of our Services
  • Direct communications with DMG

We try to ensure that our Services protect information from accidental or malicious deletion. Because of this, there may be delays between when something is deleted and when copies are deleted from our active and backup systems. For our active systems, this process generally takes around two months from the time of deletion; however, data can remain on backup systems for up to six months.

COVID-19 Information

In addition to the general description above, we will retain your data only for so long as necessary to fulfill the above stated purposes or until applicable emergency declarations related to COVID-19 expire or are otherwise terminated, whichever is later. Thereafter, we will delete your information collected through the Services, unless you separately authorize further retention and uses of your information.

COMPLIANCE AND COOPERATION WITH REGULATORY AUTHORITIES

We regularly review our compliance with this Privacy Policy. When we receive formal written complaints, we will contact the person who made the complaint to follow-up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.

TEXT MESSAGING TERMS AND CONDITIONS

DMG offers access to certain service messages via recurring SMS (Short Message Service) and MMS (Multimedia Message Service) text alerts. Enrollment in text alerts requires a user to provide a mobile phone number with an area code within the 50 United States or the District of Columbia. By enrolling to receive DMG text alerts, you agree to these terms and conditions, which become effective upon your enrollment.

You acknowledge that text alerts will be sent to the mobile phone number you provide to DMG. Such alerts may include limited personal information such as testing appointment reminders, and whoever has access to the mobile phone or carrier account will also be able to see this information. DMG does not impose a separate charge for text alerts; however, your mobile carrier’s message and data rates may apply depending on the terms and conditions of your mobile phone contract. You are solely responsible for all message and data charges that you incur. Please contact your mobile service provider about such charges. You may opt-out of such services at any time.

The DMG text alert programs are offered on an “as is” basis and: (1) may not be available in all areas at all times; and (2) may not continue to work in the event of product, software, coverage or other service changes made by your wireless carrier. DMG may change or discontinue any of its text alert programs without notice or liability to you.

CHANGES TO OUR PRIVACY POLICY

From time to time, we may update and post revisions to this Privacy Policy. Any changes will be effective immediately upon the posting of the revised Privacy Policy. We encourage you to review this page periodically for the latest information on our privacy practices. This Privacy Policy was updated as of the date listed below. If DMG is involved in a merger, acquisition, or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.

CONTACT US

If you have any questions or concerns regarding the information gathered through the Services, or would like to submit a request related to your information (including requests to review, update or delete your information), please let us know by emailing us at [[email protected]]

Privacy Policy Last Updated: April 7, 2020