For Pharma
For Providers
Eagle Pharmacy
KnippeRx
Contact Us

Privacy Policy

CareTria Privacy Policy

 

Notice at Collection (California Residents)

California Notice of Collection of Personal Information: CareTria ,, Inc.(“CareTria,” “we,” “our,” or “us”) is committed to respecting your privacy. We collect the information described below under “TYPES OF PERSONAL INFORMATION COLLECTED BY CARETRIA BY CATEGORY” for the business and commercial purposes described below under “How the Information Is Used.” To learn more about exercising your California Privacy Rights please review the “Your Rights Under the CCPA” section below.

 

Privacy Policy

This Privacy Policy applies to you as a visitor (“you,” “your,” “Visitor”) of the CareTria.com website located at https://www.CareTria.com (the “Site”). The Site is intended for a United States audience. Any information you provide, including medical information, and information we collect when you visit the Site, (“Your Information”) will be transferred to, and processed, by a computer server within the United States. This Privacy Policy (this “Policy”) is designed to answer questions to help you understand how CareTria uses Your Information. You must be at least 18 years of age to use the services on the Site.

 

Why We Collect Information

CareTria provides distribution and product replacement services, marketing services to the pharmaceutical, biotechnology and life sciences industries, and to other healthcare related organizations and businesses, including manufacturers of over-the-counter medications, and prescription drug products (“OTC and Rx Products”) and online ordering of OTC Products, medical devices, and other healthcare products to pharmacists, physicians, wholesaler, distributor, and other healthcare professionals. CareTria’s marketing and distribution services include direct mail, direct-to-consumer and direct-to-practitioner programs, kit design and assembly, web-ordering, e-survey programs, e-sampling, fulfillment, telemarketing services, and inside sales services. CareTria may use Your Information to design better services for you, such as customized offers for your personal and/or professional interests.

 

What Information is Collected

We may collect both personally identifiable information (such as contact, financial, including credit card information, and demographic information) and non-personally identifiable information (“Traffic Data,” as described below), when you participate with the following:

  • Discount Coupons or cards requested for the purchase of OTC or Rx Products;
  • Rebate Coupons or cards requested for the purchase of OTC or Rx Products;
  • Rebate Checks or cards in connection with OTC or Rx Products you bought;
  • Trial Samples requested for OTC Products;
  • Survey requests and your submitted responses;
  • Information you request about OTC or Rx Products;
  • Your participation in a Research Project we coordinate for one of our Pharmaceutical Company clients;
  • Enrollment in Patient Assistance or Product Replacement Programs, we coordinate for one  one of our Pharmaceutical Company clients;
  • Requesting a drug, medical device, literature or other healthcare (and related) products available on MySampleCloset.com® or other CareTria websites;
  • Inside Sales Programs; or
  • Online Order Services

 

Through your participation in those programs above, we may collect your name, age, address, telephone number, e-mail address, and any applicable enrollment or registration passwords. We may also collect your medical information, as applicable, as you provide not only to any of the above programs, but also to our business partners such as Pharmaceutical Companies and Health Care Organizations, when you register or enroll on their websites for offers and programs that CareTria has been contracted to fulfill on their behalf.

Your Information may also be collected when you register on CareTria’s Website (www.CareTria.com). CareTria’s registration form may change from time to time. CareTria’s registration form may require you give us basic contact information (such as your name, mailing and e-mail address) and some demographic information (such as your zip code, age and gender). Although we may request additional demographic information at the time of registration, we need only the information marked “required” in order for you to take advantage of the promotional offers in which you may be interested.

We retain Your Information only as long as is reasonably necessary to fulfill the disclosed uses, comply with legal obligations, or as otherwise permitted by law. Specific retention periods for each category are listed in the table below.

 

How the Information Is Used

CareTria uses Your Information for the following purpose:

(a) providing you information, discount coupons, rebate coupons, rebates, trial samples, prescription refill reminders and other marketing and non-marketing communications relating to OTC and/or Rx Products;

(b) responding to your requests;

(c) completing your order or purchasing transactions; and,

(c) generally communicating with you.

CareTria only uses or discloses Your Information as you authorize or as permitted by law. When you register on MySampleCloset.com® or interact with the MySampleCloset platform in other ways, CareTria collects certain additional personal information, which  may include your name, address, phone number and email address. Additional information may include demographic, educational and professional information (state licensure numbers and DEA numbers), which may later be used for the specific purpose of credentials verification for specific sample programs, marketing, educational or detailing campaigns offered by CareTria or its business partners.

CareTria engages in e-mail and direct mail marketing on behalf of Pharmaceutical Companies and Health Care Organizations. E-mail or direct mail address lists for these marketing campaigns are compiled from information you provide, as set out above and/or based upon information gathered by Pharmaceutical Companies or Health Care Organizations. CareTria sends you e-mail messages or a direct mail communications as part of a CareTria marketing campaign for those Pharmaceutical Companies or Health Care Organizations, because you chose to be included on those communications. You may choose not to receive future e-mail or direct mail communications from us at any time by following the Opt-Out Policy below.

When you visit our Site, we may automatically collect general anonymous information, such as the date and time of your visit, pages you visited, and “cookie” information from your browser to identify your computer and provide us with a record of your visits to our Site (collectively, “Traffic Data”). The internet browser you use provides the technology used to gather “cookie” information. You may turned off that tracking by setting your browser’s preference buttons. Traffic Data helps us understand how our Site is used (e.g., most popular pages or sections peak activity times) and to plan future improvements to better meet your needs.

Certain cookies and tracking technologies may constitute “sharing” as defined under California law. We honor opt-out preference signals (Global Privacy Control) and provide cookie management options.

 

With Whom Information is Shared

CareTria will not share Your Information, except as you authorized, as permitted by applicable law, or as described below. CareTria may share Your Information with our business partners (Pharmaceutical Companies or Health Care Organizations) to customize marketing and non-marketing communications and provide you with information, discount coupons, rebate coupons, rebates, trial samples and prescription refill reminders relating to OTC and/or Rx Products in which you have expressed an interest by contacting us or our business partners. CareTria may share Your Information confidentially with its third-party service providers that perform work for us. These third-party service providers are not authorized to use or disclose Your Information for any purpose other than to perform services on CareTria’s behalf. CareTria will only disclose Your Information to the Pharmaceutical Companies or Health Care Organizations, CareTria employees, and third-party service providers who require such information for the purposes set out above.

CareTria may be called upon to release Your Information in response to a court order, subpoena, search warrant, or law, or upon request of a regulatory or investigative agency. CareTria’s cooperation in responding to such requests includes notice of the sensitivity of the information that is being sought or provided. CareTria also reserves the right to cooperate with law enforcement authorities in the investigation and prosecution of users who violate our rules or who otherwise engage in harmful or illegal behavior via our websites.

Our Site may include links to third-party websites not under CareTria’s control. These linked sites are provided as a convenience and may include privacy policies or terms of use that differ from CareTria’s site. CareTria has no responsibility or liability to you in connection with your visits to linked sites, or any information disclosed, collected, or used by such third-party websites. If you link to those sites, you are encouraged to review the privacy polices those sites maintain.

 

Security of Your Information

CareTria is committed to ensuring the Your Information’s security. Our success in designing useful products and services depends on your willingness to participate in our programs. CareTria’s business methods include strict policies on the storage, transmission and use of data that includes personal information. Our standard operating procedures are designed to secure such information in accordance with applicable law and industry standards. Notwithstanding CareTria’s efforts, you should be aware there is some risk unauthorized third parties engaging in illegal and deceptive practices may cause the loss, misuse or alteration of Your Information.

 

Opting-Out

If CareTria has collected Your Information and you are no longer interested in receiving our services, you may withdraw your authorization at any time. To opt-out, send a written notice, including the name of the program, product or service from which you wish to withdraw, to CareTria Health, Inc., Attention: Privacy Officer, One Healthcare Way, Lakewood, New Jersey 08701. CareTria will process Your election to opt-out as soon as possible upon receipt. Please be sure to include the name of the program, product or service from which you are opting out. Also, if some other organization or entity collected Your Information, you must contact that entity directly with your opt-out request.

 

Correcting or Updating Information

If you would like to correct or update any of Your Information, please write to us at CareTria Health, Inc., Attention: Privacy Officer, One Healthcare Way, Lakewood, New Jersey 08701. Please be certain to include the name of the program, product or service in question.

 

Changes in Privacy Policy

CareTria reserves the right, at any time and without notice, to add to, update, change, modify or revise this Privacy Policy by posting such addition, update, change, modification or revision on our Site at www.CareTria.com. Any such addition, update, change, modification or revision will be effective immediately upon posting on the Site. CareTria reserves the right to use Your Information in accordance with the Privacy Policy that is in effect.

 

How to Contact Us

If you have any inquiries or comments about this Privacy Policy, please contact us at 1-888-564-7737 or write to us at

CareTria Health, Inc.
Attention: Privacy Officer
One Healthcare Way
Lakewood, New Jersey 08701.

Updated Effective Date – 2/1/2022

 

California Residents

THIS PRIVACY NOTICE, EFFECTIVE DECEMBER 5, 2025, AS REQUIRED BY THE California Consumer Privacy Act of 2018 (“CCPA”), SUPPLEMENTS THE ABOVE PRIVACY POLICY AND CONCERNS visitors, users, and others who reside in the State of California. (The following are addressed in the above privacy policy: HOW CARETRIA COLLECTS YOUR PERSONAL INFORMATION; USE OF YOUR PERSONAL INFORMATION; NON-DISCRIMINATION; CHANGES TO THIS POLICY)

 

California CareTria Employee and Applicant Privacy Notice

If you are an employee, contractor, or applicant, we provide a Notice at Collection describing categories of personal information collected, purposes, and retention periods.

TYPES OF PERSONAL INFORMATION COLLECTED BY CARETRIA BY CATEGORY

CCPA Category of Personal Information Collected by CareTria in the last 12 months Collection Purpose Shared Third Party Recipient Categories Retention Period
i. Identifier Name, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, and other similar identifiers   X Affiliates, service providers and third parties as authorized by you, your employer, or your agent(s)  
ii. Customer Records Name, signature, address, telephone number, education, employment   X    
iii. Protected classification characteristics under California or federal law. not collected        
iv. Commercial Records of products or services ordered or purchased or those which You have access to order or purchase.   X    
v. Biometric not collected        
vi. Internet or network activity. Information regarding a consumer’s interaction with Our websites, application, or advertisement, passwords and pins created to access Our websites   X    
vii. Geolocation data Geographic location based on URL   X    
viii. Sensory data. not collected        
ix. Professional or employment-related information. DEA#s, SLN#s, SAN #s; employee ID#; healthcare provider designations, and/or specialties; employee territories, employers, managers   X    
x. Non-public education information not collected        
xi. Inferences CareTria may make certain inferences from individual or combined pieces of Information in (i) –(x)   X    

DISCLOSURES OF PERSONAL INFORMATION IN LAST 12 MONTHS

  • CareTria does not collect information from minors.
  • CareTria does not sell any information referenced above.
  • In the preceding twelve (12) months, CareTria has not sold any information referenced above.
  • Personal information does not include: Publicly available information from government records; De-identified or aggregated consumer information; health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) or similar state statutes; personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

 

YOUR RIGHTS UNDER THE CCPA

CCPA ACCESS RIGHTS

You have the right to request that CareTria disclose certain information to you about our collection and use of Your Information over the past 12 months. In order to preserve the data privacy of Your Information provided, we may require additional documentation for changes or access to that data. Once CareTria receives and confirms your verifiable consumer request, CareTria will disclose to you:

  • The Personal Information categories CareTria collected about you.
  • The Personal Information categories of sources that CareTria collected about you.
  • CareTria’s business or commercial purpose for collecting, selling, or sharing that Personal Information.
  • The categories of third parties with whom CareTria shared that Personal Information.
  • The specific pieces of Personal Information CareTria collected about you (also called a data portability request).
  • If CareTria disclosed Your Personal Information for a business purpose, identifying the Personal Information categories that each category of recipient obtained.

 

CCPA DELETION RIGHTS

You have the right to request that CareTria delete Your Information, subject to certain exceptions. Once CareTria receives and confirms your verifiable consumer request, we will delete it from our records, unless an exception applies. CareTria may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which CareTria collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of Our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise a right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if You previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We will also will direct our service providers, third parties, and contractors with Your information was shared to delete it as applicable.

 

 

CCPA CORRECTION RIGHTS

You have the right to request correction of Your Information that is inaccurate that we maintain.

 

CCPA RIGHTS TO LIMIT SENSITIVE PERSONAL INFORMATION (“SPI”) USE

Some of the information you provide may be SPI under California law such as your health data, financial information, or professional licensure numbers. You have the right to limit SPI’s use and disclosure to only those purposes necessary to provide requested services.

 

CCPA AUTOMATED DECISION-MAKING RIGHTS

CareTria does not currently utilized automated decision-making software in its hiring or employment processes.

 

CCPA PORTABILITY RIGHTS

To exercise the access, data portability, deletion, correction, and SPI rights described above, please submit to us a verifiable consumer request by contacting us at 1-888-564-7737 or [email protected]. Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to Your Information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows CareTria to reasonably verify you are the person about whom CareTria collected Personal Information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

CareTria cannot respond to Your request or provide You with Personal Information if CareTria cannot verify Your identity or authority to make the request and confirm the Personal Information relates to You.
CareTria will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

 

 

CCPA REQUESTS, RESPONSES, AND TIMING

CareTria will try to respond to a verifiable consumer request within forty-five (45) days of its receipt. If CareTria requires more time, CareTria will inform You of the reason and extension period in writing. CareTria will deliver Our written response by mail or electronically, at Your option. Any disclosures CareTria provides will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response CareTria provides will also explain the reasons CareTria cannot comply with a request, if applicable. For data portability requests, CareTria will select a format to provide Your Personal Information that is readily useable and should allow You to transmit the information from one entity to another entity without hindrance. CareTria does not charge a fee to process or respond to Your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If CareTria determines that the request warrants a fee, CareTria will tell You why CareTria made that decision and provide You with a cost estimate before completing Your request.

 

CCPA NON-DISCRIMINATION

We will not discriminate against you for exercising any of your CCPA rights. Other than as allowed by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods and services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives the CCPA permits that can result in different prices, rates or quality levels. We will provide those details for any applicable financial incentive program. You must opt-in prior to participating in such programs and may opt-out at any time.

 

RISK ASSESSMENTS & CYBERSECURITY AUDITS

CareTria will assess its high-risk data processing activities such as selling/sharing personal information, processing SPI, and, to the extent applicable, utilizing automated decision-making technology for significant decisions.

 

 

CareTria Provider Connect Privacy Policy

 

Last Updated: April 17, 2025

This notice describes how Personal Data and/or information about you may be used and disclosed and how you can obtain access to this information. Please review it carefully.

INTRODUCTION

We at CareTria (“we”, “us”, “the Company”, or “CareTria”) value your privacy and are committed to keeping your personal data confidential. We use your data solely in the context of providing (1) you (collectively, with Provider Users and Support Staff Users, “Users”) with access to https://eblu.wpengine.com (our “Website”); and/or (2) a web-based single portal Software-as-a-Service platform (the “Platform”) to healthcare providers (“Provider Users”) and support staff (“Support Staff Users”) to conduct insurance benefit investigations (“Benefit Investigation Services” or “BI Services”), prior authorization support services (“Prior Authorization Services”), and pharmaceutical manufacturer savings program enrollment support services (“Savings Program Enrollment Services”) on behalf of patients (each, a “Patient”). The Benefit Investigation Services, Prior Authorization Services, Savings Program Enrollment Services, and the Platform, including all relevant content and functionality associated with each, are collectively referred to herein as the “Services.”

Privacy Policy Applicability

This Privacy Policy applies to personal data (“Personal Data”) that CareTria collects from Users of the Website and/or Services. The term “Personal Data” includes any information that can be used on its own or with other information in combination to identify or contact one of our Users.

We believe that privacy and transparency about the use of your Personal Data are of utmost importance. In this Privacy Policy, we provide you with detailed information about our collection, use, maintenance, and disclosure of your Personal Data. The Privacy Policy explains what kind of information we collect, when and how we might use your Personal Data, how we protect Personal Data, and your rights regarding your Personal Data.

For additional information related to how we use and disclose your Personal Data, please contact our Privacy Officer at [email protected].

Note regarding third-party sites: Our Website and/or Services may contain links to other sites that are not operated by CareTria. If you click a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy(ies) for every site you visit. CareTria has no control over and assumes no responsibility for the content, privacy policies, or practices of any third-party sites or services. This Privacy Policy does not apply to your use of or access to any third-party sites or services.

Agreement to Privacy Policy Terms

BY ACCESSING AND/OR USING THE WEBSITE AND/OR SERVICES, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND AGREE TO THE TERMS OF THIS PRIVACY POLICY. IF YOU DO NOT AGREE, YOU MUST IMMEDIATELY CEASE USING THE WEBSITE AND/OR SERVICES.

Privacy Policy Updates

Please note that we occasionally update this Privacy Policy, and it is your responsibility to stay up to date with any amended versions. Any revisions to the Privacy Policy will be posted on our Website and on the login page(s) of the Platform. Any changes to the Privacy Policy will be effective immediately upon providing notice via the Website and the Platform login page(s) and will apply to all Personal Data that we maintain, use, and disclose. We will not make retroactive changes that reduce your privacy rights unless we are legally required to do so. If you continue to use the Website and/or Services following such notice, you are agreeing to those changes. The amended Privacy Policy supersedes all previous versions.

FOR PROVIDER USERS AND SUPPORT STAFF USERS ONLY: Account Deletion

If at any point you no longer agree to the use and disclosure of Personal Data, as described in this Privacy Policy, you can delete your User Account (“User Account”) by sending a deletion request to [email protected] with the following information:

  • Your name
  • Your organization
  • Your login email address; and
  • A statement that you are requesting account deletion.

Questions or Concerns

If you have any questions or concerns after reading this Privacy Policy, please contact us at [email protected]. We appreciate your feedback.

COLLECTION AND USE OF PERSONAL DATA

What Personal Data Does CareTria Collect?

Through the Website and/or Services, we collect four types of information: (i) demographic data; (ii) support data; (iii) technology data, and, FOR PROVIDER USERS AND SUPPORT STAFF USERS ONLY, (iv) Electronic Health Record (“EHR”) and/or Patient health data. Each category of data is explained in depth below.

Demographic Data: CareTria collects demographic data from Users, which may include, but not be limited to, a User’s name, email address, physical address, phone number, and, for Provider Users and Support Staff Users, role within the organization (i.e. physician, other qualified health care provider, clinical staff, or support staff). FOR PROVIDER USERS AND SUPPORT STAFF USERS ONLY: The collection of this demographic data is primarily used to create a User Account, which Users can utilize to securely access the Website and/or Services.

Support Data: If you contact us for support or to lodge a complaint, we may collect technical or other information from you through log files and other technologies, some of which may qualify as Personal Data. Such information will be used for the purposes of troubleshooting, customer support, software updates, and improvement of the Website and/or Services in accordance with this Privacy Policy. Calls with CareTria may be recorded or monitored for training, quality assurance, customer service, and reference purposes.

Technology Data: We use common information-gathering tools, such as log files, cookies, web beacons, and similar technologies to automatically collect information, which may contain Personal Data from your computer as you navigate our Website and/or Services or interact with emails or other communications, we have sent you. The information we collect may include your IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider, the pages, and files you viewed, your searches, your operating system, and system configuration information, and date/time stamps associated with your usage. This information is used to analyze overall trends, help us provide and improve our Website and Services, and ensure the proper functioning and security of the Website and Services.

FOR PROVIDER USERS AND SUPPORT STAFF USERS ONLY: EHR Data and Patient Health Data: In accordance with the Platform Terms of Use and with individual Patient consent, CareTria may collect certain Patient health data (“Patient Health Data”) through your organization’s EHR via an application program interface (“API”). Data collected from the EHR may contain the Personal Data of Users covered by this Privacy Policy. This information may be shared with Pharmaceutical Company Partners (as defined below) in order to provide you with the Services.

How Will CareTria Use Personal Data?

CareTria processes your Personal Data based on legitimate business interests, the fulfillment of our Website and/or Services to you, compliance with our legal obligations, and/or your consent. We only use or disclose your Personal Data when it is legally mandated or where it is necessary to fulfill those purposes described in this Privacy Policy. Where required by law, we will ask for your prior consent before disclosing your Personal Data to a third party.

More specifically, CareTria processes your Personal Data for the following legitimate business purposes:

  • To provide you with the Website and/or Services;
  • FOR PROVIDER USERS AND SUPPORT STAFF USERS ONLY: To fulfill our obligations to you under the Platform Terms of Use;
  • FOR PROVIDER USERS AND SUPPORT STAFF USERS ONLY: To communicate with you about and manage your User Account;
  • To properly store and track your data within our system;
  • To respond to lawful requests from public and government authorities, and to comply with applicable state/federal law, including cooperation with judicial proceedings and court orders;
  • To protect our rights, privacy, safety, or property, and/or that of you or others by providing proper notices, pursuing available legal remedies, and acting to limit our damages;
  • To handle technical support and other requests from you;
  • To enforce and ensure your compliance with our Platform Terms of Use or the terms of any other applicable services agreement we have with you;
  • To manage and improve our operations and the Website and Services, including the development of additional functionality;
  • To evaluate the quality of service you receive, identify usage trends, and improve your experience;
  • To keep our Website and Services safe and secure; and
  • To send you information about changes to our terms, conditions, and policies.

Does CareTria Use Personal Data for Analytics?

CareTria uses third-party service providers to monitor and analyze the use of the Website and Services. The analytics services we use may include but are not limited to Google Analytics, Azure App Insights, and Elastic.

Where Is Personal Data Processed?

The Personal Data we collect through the Website and/or Services will be stored on secure servers in the United States. Personal Data may be transmitted to third parties, which parties may store or maintain the data on their secure servers. These third parties are not permitted to transfer your Personal Data outside of the United States.

With Whom Does CareTria Share Personal Data?

We do not sell, share, or otherwise disclose your Personal Data for reasons other than those described in this Privacy Policy. We may share your Personal Data with the following categories of individuals/entities:

Business Partners and Vendors: We share Personal Data with a limited number of partners, service providers, and other persons/entities who help run our business (“Business Partners”). Specifically, we may employ third-party companies and individuals to facilitate our Website and Services, provide Services on our behalf, perform Service-related functions, or assist us in analyzing how our Website and Services are used. Our Business Partners are contractually bound to protect your Personal Data and to use it only for the limited purpose(s) for which it is shared. Business Partners’ use of Personal Data may include, but is not limited to, the provision of services such as data hosting, IT services, and customer services.

Our Advisors: We may share your Personal Data with third parties that provide advisory services to CareTria, including, but not limited to, our lawyers, auditors, accountants, and banks (collectively, “Advisors”). Personal Data will only be shared with Advisors if CareTria has a legitimate business interest in the sharing of such data.

Third Parties Upon Your Direction or Consent: You may direct CareTria to share your Personal Data with third parties. Upon your request and consent, we may share such Personal Data with those third parties that you identify.

Third Parties Pursuant to Business Transfers: In the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of CareTria’s corporate entity, assets, or stock (including in connection with any bankruptcy or similar proceedings), we may share your Personal Data with a third party.

Government and Law Enforcement Authorities: If reasonable and necessary, we may share your Personal Data to (i) comply with legal processes or enforceable governmental requests, or as otherwise required by law; (ii) cooperate with third parties in investigating acts or omissions that violate this Privacy Policy or, if you are a Provider User or Support Staff User, the Platform Terms of Use; or (iii) bring legal action against someone who may be violating the Platform Terms of Use or who may be causing intentional or unintentional injury or interference to the rights or property of CareTria or any third party, including other users of our Website or Services.

FOR PROVIDER USERS AND SUPPORT STAFF USERS ONLY:

Insurance Companies: We share minimally necessary Personal Data with insurance companies in order to provide the Benefit Investigation Services and the Prior Authorization Services.

Pharmaceutical Manufacturers: When patient(s) provide consent we share Personal Data with pharmaceutical manufacturing companies (each, a “Pharmaceutical Company Partner”) in order to provide the Savings Program Enrollment Services.

How Long Does CareTria Retain Personal Data?

CareTria retains your Personal Data only if necessary and as required for our business operations, the provision of our Website and/or Services, archival purposes, and/or to satisfy legal requirements. The exact period of retention will depend on: (i) the amount, nature, and sensitivity of the Personal Data; (ii) the personal risk of harm for unauthorized use or disclosure; (iii) the purposes for which we process your Personal Data, including whether those purposes can be achieved through other means; and (iv) business operations and legal requirements. FOR PROVIDER USERS AND SUPPORT STAFF USERS ONLY: In general, CareTria strives to retain your data for no longer than seven (7) years after your User Account is closed (the “Retention Period“); however, the above factors may extend or decrease this Retention Period.

At the end of the applicable Retention Period, we will remove your Personal Data from our databases and will require that our Business Partners remove any identifiable Personal Data from their databases. If there is any data that we are unable to delete entirely from our systems for technical reasons, we will put in place appropriate measures to prevent any further processing of such data. Please note that once we disclose your Personal Data to third parties, we may not be able to access that Personal Data and we cannot force the deletion or modification of such information by third parties.

CareTria and its Business Partners reserve the right to continue using aggregated and de-identified data indefinitely, even after Personal Data has been removed from CareTria’s databases. We may continue to disclose aggregated and de-identified data to third parties in a manner that does not reveal personal information, as described in this Privacy Policy. Our continued use of aggregated and de-identified data will comport with applicable law.

What Happens to Personal Data Submitted by Minors?

CareTria does not knowingly collect Personal Data from individuals under the age of 18. Additionally, our Website and Services are not directed to individuals under the age of 18. We request that these individuals not provide Personal Data to us. If we learn that Personal Data from users under the age of 18 has been collected, we will deactivate the User Account associated with that data and take reasonable measures to promptly delete such data from our records. If you are aware of a User under the age of 18 accessing the Website or Services, please contact us at [email protected].

If you are a California resident under the age of 18 and have disclosed Personal Data to us, you may ask us to remove content or information that you have submitted through our Website or Services.

YOUR RIGHTS

What Rights Do Users Have Concerning Their Personal Data?

As a User of CareTria’s Website and/or Services, you may have certain rights relating to your Personal Data. These rights are subject to local data protection and privacy laws, and may include the right to:

  • Access Personal Data held by CareTria;
  • Erase/delete your Personal Data, to the extent permitted by applicable data protection and privacy laws and to the extent technologically feasible;
  • Receive communications related to the processing of your Personal Data;
  • Restrict the processing of your Personal Data to the extent permitted by law;
  • Object to the further processing of your Personal Data, including the right to object to marketing;
  • Request that your Personal Data be transferred to a third party, if possible;
  • Receive your Personal Data in a structured, commonly used, and machine-readable format; and/or
  • Rectify inaccurate personal information and, considering the purpose of processing the Personal Data, ensure it is complete.

Where the processing of Personal Data by CareTria is based on consent, the User or Patient has the right to withdraw that consent at any time. To withdraw consent or exercise any of the above rights, please contact us at [email protected].

FOR PROVIDER USERS AND SUPPORT STAFF USERS ONLY: How Can Users Update, Correct, or Delete Personal Data or Their User Accounts?

You have the right to request restrictions on the uses and disclosures of your Personal Data. While we are not required to agree to all restriction requests, we will attempt to accommodate reasonable requests when appropriate.

You may change Demographic Data for a User by accessing their CareTria User Account with their permission. If you need to make changes or corrections to other information, you may contact us at [email protected]. To comply with certain requests to limit the use of your Personal Data, we may need to terminate your ability to access and/or use the Website and/or some or all of the Services. BY REQUESTING TO LIMIT THE USE OF YOUR PERSONAL DATA OR DELETE PERSONAL DATA, YOU ACKNOWLEDGE AND AGREE THAT EBLU WILL NOT BE LIABLE TO YOU FOR ANY CORRESPONDING LIMITATION IN THE SCOPE OF SERVICES OR TERMINATION OF SERVICES AS NECESSARY TO COMPLY WITH YOUR REQUEST.

You have the right to request the deletion of any Personal Data from your User Account or the Platform. To request the deletion of your Personal Data, please email us at [email protected] and include a description of the Personal Data you would like removed. We will respond to all requests for data deletion as soon as reasonably possible.

Should you decide to delete your User Account entirely, you may do so by emailing [email protected]. By terminating your User Account, you agree that you will not be able to access any information previously contained in your User Account. You further understand that it may not be technologically possible to remove all your Personal Data from our systems. While we will use reasonable efforts to remove your Personal Data, the need to back up our systems to protect information from inadvertent loss means a copy of your Personal Data may exist in a non-erasable form that will be difficult or impossible for us to locate or remove.

SAFEGUARDING PERSONAL DATA

Is Personal Data Secure?

CareTria understands the importance of data confidentiality and security. We use a combination of reasonable physical, technical, and administrative security controls to (i) maintain the security and integrity of Personal Data; (ii) protect against any threats or hazards to the security or integrity of Personal Data; and (iii) protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm.

While CareTria uses reasonable security controls, WE CANNOT GUARANTEE OR WARRANT THAT SUCH TECHNIQUES WILL PREVENT UNAUTHORIZED ACCESS TO PERSONAL DATA. EBLU IS UNABLE TO GUARANTEE THE SECURITY OR INTEGRITY OF PERSONAL DATA TRANSMITTED OVER THE INTERNET, AND THERE IS NO GUARANTEE THAT PERSONAL DATA WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. ACCORDINGLY, WE DO NOT AND CAN NOT ENSURE OR WARRANT THE SECURITY OR INTEGRITY OF ANY PERSONAL DATA TRANSMITTED TO US. YOU ASSUME THE RISK THAT UNAUTHORIZED ENTRY OR USE, HARDWARE OR SOFTWARE FAILURE, AND OTHER FACTORS MAY COMPROMISE THE SECURITY OF PERSONAL DATA AT ANY TIME.

What Safeguards Does CareTria Have in Place to Secure Personal Data?

CareTria stores Personal Data on secured servers and uses a combination of technical, administrative, and physical safeguards to protect your personal information. Such safeguards include, but are not limited to, User authentication, encryption, backups, and access controls.

How Can Users Protect Personal Data?

FOR PROVIDER USERS AND SUPPORT STAFF USERS ONLY: Users are solely responsible for preventing unauthorized access to their User Account by protecting account credentials and limiting access to the devices used to operate the Services. ALL USERS: CareTria has no access to or control over device security settings, and it is the User’s responsibility to implement any device-level security features and protections that are appropriate (e.g., password protection, encryption, remote wipe capability). We recommend that each User takes all appropriate steps to secure any device uses to access our Website and Services.

Please note that CareTria will never send a User an email requesting confidential information, such as account numbers, usernames, passwords, or Social Security Numbers. If you receive a suspicious email from CareTria, please notify us at [email protected].

Further, if you know of or suspect any unauthorized use or disclosure of your or another User’s User Account information or any other security concern, please notify CareTria immediately.

What If CareTria Experiences a Data or Security Breach?

CareTria takes the security of Personal Data seriously. In the event of a data or security breach, CareTria will take the following actions: (i) promptly investigate the security incident, validate the root cause, and, where applicable, remediate any vulnerabilities within CareTria’s control which may have given rise to the security incident; (ii) comply with laws and regulations directly applicable to CareTria in connection with such security incident; (iii) as applicable, cooperate with any affected CareTria User or client in accordance with the terms of CareTria’s contract with such User or client, and (iv) document and record actions taken by CareTria in connection with the security incident and conduct a post-incident review of the circumstances related to the incident and actions/recommendations are taken to prevent similar security incidents in the future. CareTria will notify affected Users of any data or security breaches as required by and in accordance with applicable law.

ADVERTISING, MARKETING, AND TRACKING

Does CareTria Send Marketing or Advertisement Materials?

CareTria may use Personal Data to contact Users with newsletters, marketing, promotional materials, and other information that may be of interest to that User. Users may opt-out of receiving any marketing or advertisement materials from CareTria at any time by following the unsubscribe link or by contacting us at [email protected].

Can Users Opt-Out of Receiving Communications from CareTria?

We may send communications, including emails, to Users regarding their User Account and the Website and/or Services. Users can choose to filter any User Account, Website, and Services emails using the email settings within their User Account, but we do not provide an option for you to opt-out of these communications.

Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask for and obtain from us an annual list identifying the categories of personal customer information which we shared, if any, with our affiliates and/or third parties in the preceding calendar year for marketing purposes. This list will be provided free of charge. Contact information for such affiliates and/or third parties must be included. If you are a California resident and would like a copy of this notice, please submit a written request to the following address:

CareTria

325 W. Main Street

Suite 1500

Louisville, KY 40202

What Is CareTria’s Cookie Policy?

What are Cookies? Cookies are small files that a web server sends to your computer or device when you visit a web application that uses cookies to keep track of your activity on that site. Cookies also exist within applications when a browser is needed to view or display certain content within the application. Cookies hold a small amount of data specific to a web application, which can later be used to help remember information you entered in the application (like your email or username), preferences selected, and movement within the application. We use cookies and other technologies to, among other things, better serve you with more tailored information and facilitate efficient and secure access to the Website and Services.

Types of Cookies We Use:

  1. Essential Cookies: These cookies are strictly necessary for the Website to function and cannot be disabled. They are usually set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms.
  2. Performance and Analytics Cookies: These cookies collect information about how you use our Website, such as which pages you visit most often and if you receive error messages from web pages. These cookies do not collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how the Website works.
  3. Functional Cookies: These cookies allow the Website to remember choices you make (such as your username, language, or the region you are in) and provide enhanced, more personal features. The information these cookies collect may be anonymized, and they cannot track your browsing activity on other websites.

Our cookies do not, by themselves, contain Personal Data. Further, we do not combine the general information collected through cookies with any other Personal Data to identify you. However, we do use cookies to identify that your web browser has accessed aspects of the Website and/or Services and may associate that information with your User Account (if one exists).

How We Use Cookies:

Presently, CareTria uses cookies to monitor and manage access to the Website and Services, including for authorization and authentication purposes. In addition, CareTria may also collect information using pixel tags, web beacons, clear GIFs, or other similar technologies. This information may be used in connection with website pages and HTML-formatted email messages to, among other things, email recipients and compile statistics about usage and response rates.

How Can Users Opt-Out of Cookies?

You have the right to decide whether to accept or reject cookies. You can set or amend your web browser controls to accept or refuse cookies. To find out more about cookies, including how to manage and delete cookies, visit www.allaboutcookies.org. If you prefer, you can usually choose to set your browser to remove cookies and reject cookies. If you enable a do not track signal or otherwise configure your browsers to prevent us from collecting cookies, you may be unable to take advantage of the Website and/or some of the Services.

Do Not Track Disclosure

Some web browsers may transmit do not track (“DNT”) signals to websites with which the User communicates. To date, there is no industry standard for DNT, and Users cannot know how a given company responds to a DNT signal they receive from browsers. CareTria is committed to remaining apprised of DNT standards. However, CareTria does not support DNT browser settings and does not currently participate in any DNT frameworks that would allow CareTria to respond to signals or other mechanisms regarding the collection of your personal information.

STATE PRIVACY RIGHTS

Depending on what state you live in, you may have rights in addition to the rights listed above. These rights may include:

  1. Right to access a copy of your Personal Data.
  2. Right to correction of your Personal Data.
  3. Right to delete your Personal Data from our Services.
  4. Right to receive your Personal Data in a structured, commonly used and machine-readable format.
  5. Right to opt out of certain uses of your Personal Data.
  6. Right to prohibit our collection of Personal Data if it isn’t relevant and necessary to providing you Services.

If you would like to learn more and/or exercise one or more of these rights, please contact us at [email protected].