Last Updated: 1/12/16
YOUR PRIVACY IS IMPORTANT TO US.
Please review carefully our Terms of Service that provides the terms, conditions, disclaimers, and limitations of liability governing the use of our Services and if you are or intend to become a subscriber to our Services, your use and access to the Site and Services will be further conditioned upon your agreement to the Terms of Service.
U.S. - EU SAFE HARBOR PRIVACY STATEMENT
PrestoCorp has established a comprehensive privacy program, including a global privacy office and a chief privacy officer, designed to help us respect and protect your data privacy rights. This statement includes both PrestoCorp's European Union - U.S. Safe Harbor Privacy Statement and the Website Privacy Statement.
For personal information of employees, consumers, healthcare professionals, medical research subjects and investigators, customers, investors, and government officials that PrestoCorp receives from the European Economic Area, PrestoCorp has committed to handling such personal information in accordance with the Safe Harbor Principles. PrestoCorp's Safe Harbor certification can be found at http://web.ita.doc.gov/safeharbor/shlist.nsf/webPages/safe+harbor+list. For more information about the Safe Harbor Principles, please visit the U.S. Department of Commerce's Website at http://export.gov/safeharbor.
PrestoCorp believes in protecting your privacy. When we collect personal information from you on our website, we follow the privacy principles of (an independent resource mechanism) and comply with the U.S.-EU Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data from the European Union. These are our promises to you:
Notice. When we collect your personal information, we'll give you timely and appropriate notice describing what personal information we're collecting, how we'll use it, and the types of third parties with whom we may share it.
Choice. We'll give you choices about the ways we use and share your personal information, and we'll respect the choices you make.
Relevance. We'll collect only as much personal information as we need for specific, identified purposes, and we won't use it for other purposes without obtaining your consent.
Retention. We'll keep your personal information only as long as we need it for the purposes for which we collected it, or as permitted by law.
Accuracy. We'll take appropriate steps to make sure the personal information in our records is accurate.
Access. We'll provide ways for you to access your personal information, as required by law, so you can correct inaccuracies.
Security. We'll take appropriate physical, technical, and organizational measures to protect your personal information from loss, misuse, unauthorized access or disclosure, alteration, and destruction.
Sharing. Except as described in this policy, we won't share your personal information with third parties without your consent.
International Transfer. If we transfer your personal information to another country, we'll take appropriate measures to protect your privacy and the personal information we transfer.
Enforcement. We'll regularly review how we're meeting these privacy promises, and we'll provide an independent way to resolve complaints about our privacy practices.
WHAT WE COLLECT
We get information about you in a range of ways.
Information You Give Us. We collect your name, postal address, email address, phone number, username, password, demographic information (such as your gender and occupation) as well as other information you directly give us on our Site.
Information We Get From Others. We may get information about you from other sources. We may add this to information we get from this Site.
Information Automatically Collected. We automatically log information about you and your computer. For example, when visiting our Site, we log your computer operating system type, browser type, browser language, the website you visited before browsing to our Site, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our Site.
Cookies. We may log information using "cookies." Cookies are small data files stored on your hard drive by a website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. This type of information is collected to make the Site more useful to you and to tailor the experience with us to meet your special interests and needs.
Registering with the Service, requires certain information including but not limited to: (1) personally identifiable information, which is information that identifies you personally, including but not limited to your first and last name, email address, home address, date of birth and phone number ("Personal Information"); (2) demographic information, such as information about your location, age, gender, and spending habits ("Demographic Information"); (3) medical information regarding your medical marijuana recommendation, including the name and license number of your recommending physician, the contact information of the physician, the method to verify the recommendation’s authenticity, the expiration date of the recommendation, the recommendation verification number, and the details of any orders placed through the Service (“Medical Information”); and (4) information regarding your usage of our Service, including but not limited to your IP address or other unique identifier, your Device functionality (including browser, operating system, hardware, mobile network information), the URL that referred you to our Service, the areas within our Service that you visit and your activities there (including remembering you and your preferences), your Device location, your Device characteristics; and certain other Device data, including the time of day, among other information (“Usage Information”).
We may also collect non-personally identifiable and anonymous "Aggregate Information" (for example, tracking the number of visitors to our Site, where visitors enter our site, how long they remain, etc.) in connection with the operation of our Site and Services. Other than Personal Information you supply to us voluntarily or the Aggregate Information that may be gathered via cookies, as described in this policy, PrestoCorp does not at this time collect Personal Information in connection with your use of this Site.
If you are a subscriber or user of PrestoCorp's Services, you provide us, through your acceptance of the TOS, with your Content (as further defined in the TOS), which may contain your personal information or other personal or sensitive information (i.e., Protected Health Information) of your clients and other third parties.
USE OF PERSONAL INFORMATION
Your information will be shared with participating partners (dispensaries) upon your request (using card to enter a dispensary will grant access for a partner to view your information, and you will have the option to view the collective agreement and accept the terms).
In addition, we use your personal information as follows:
• We use your personal information to operate, maintain, and improve our sites, products, and services.
• We use your personal information to process and deliver contest entries and rewards.
• We use your personal information to respond to comments and questions and provide customer service.
• We use your personal information to send information including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.
• We use your personal information to communicate about promotions, upcoming events, and other news about products and services offered by us and our selected partners.
• We use your personal information to link or combine user information with other personal information.
• We use your personal information to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.
• We use your personal information to provide and deliver products and services customers request.
THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) COMPLIANCE
The HIPAA Privacy Rule establishes standards to protect users of the Service individuals’ medical records and other personal health information. The Service has appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization.
We incorporate commercially reasonable safeguards to help protect and secure your Personal Information. However, no data transmission over the Internet, mobile networks, wireless transmission or electronic storage of information can be guaranteed to be 100% secure. Please note that we cannot ensure the security of any information you transmit to us, and you use our Service and provide us with your information at your own risk.
SHARING OF PERSONAL INFORMATION
We may share personal information as follows:
• We may share personal information with your consent. For example, you may let us share personal information with others for their own marketing uses. Those uses will be subject to their privacy policies.
• We may share personal information when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
• We may share personal information for legal, protection, and safety purposes.
o We may share information to comply with laws.
o We may share information to respond to lawful requests and legal processes.
o We may share information in an emergency. This includes protecting the safety of our employees and agents, our customers, or any person.
• We may share information with those who need it to do work for us.
We may also share aggregated and/or anonymized data with others for their own uses.
As noted above, when you visit the Site or utilize Services various general information regarding your browser, operating system, IP address, domain name and the like that you use to access the Site and Services from is automatically collected as part of Site and Services' normal operations.
As part of such Aggregate Information we may collect details about your browsing behavior, such as, but not limited to, the number of times and dates you have visited the Site or Services, and the amount of time you spend viewing the Site or using the Services, if applicable. In addition, PrestoCorp may track your response to our e-mails, including, for example, learning how many users open an e-mail and compiling aggregated statistics about e-mail and other activities conducted for PrestoCorp. Such information is used solely for our internal purposes and in assisting us in enhancing customer experiences, support and the usability and efficiency of our Site and Services.
Although we do not do at this time, in addition to our own cookies for the above purposes, we reserve the right to use "transparent GIFs," on our sites to help manage any online advertising or e-mail marketing we may conduct in the future. These GIF files are commonly used and provided by one or more third-party service providers, and enable service providers to recognize a unique cookie in your web browser to learn which advertisements or e-mails brought you to our website and how you use the site. To conduct these or other activities, we or our service providers sometimes may link Personal Information you previously provided us (such as, for example, your name and e-mail address) to the information the GIF files provide about how you arrive at, navigate through and leave our sites.
You may choose not to accept any such cookies and our Site will still work if you choose to do so, by adjusting the privacy and cookie settings available in your web browser. You should refer to your browser's help file and other directions to learn how to do this. Note, that under certain circumstances blocking all cookies may restrict the sites you can visits and may affect your use of our Services.
WHAT PERSONAL INFORMATION MAY WE DISCLOSE TO OUTSIDE PARTIES?
Subject to applicable law, we and our various Service Providers (defined below) may disclose and share your Personal Information:
To unaffiliated third parties under contract to perform services for or on behalf of PrestoCorp ("Service Providers"), who are required to uphold and maintain privacy and security policies with respect to privacy and the treatment of your Personal Information;
To a third party in connection with a proposed or actual sale, merger, or transfer of all or a portion of a business or division of PrestoCorp; and
To other such persons or agencies as permitted or required by applicable law or regulations.
For debit, credit card and ACH payments, we of necessity employ third parties to process payments on our behalf. These third-party processing parties will only have access to the information you provide that allows them to fulfill your payment. They are required under agreements with PrestoCorp to process this information securely and in accordance with the relevant privacy or data protection laws, standards, regulations and best practices.
HOW WE PROTECT AND STORE YOUR INFORMATION.
PrestoCorp takes the security of the information it collects through its Site and Services seriously and in response implements a variety of security measures designed to reduce the risk of unauthorized disclosures and accidental destruction or loss of your Content and to maintain the safety of your personal information using methods appropriate to the nature of the data and information provided to us by you.
Personal Information collected via this Site and Services is stored on servers located in the United States, and these servers are subject to PrestoCorp's IT security policies and procedures. To discuss the security programs, procedures and policies that we have selected and utilize to reasonably secure your personal information and Content, please contact your PrestoCorp representative or contact us through our Site. We will be happy to discuss our security program with you.
CALIFORNIA ONLINE PRIVACY PROTECTION ACT COMPLIANCE
CHILDREN'S ONLINE PRIVACY PROTECTION ACT ("COPPA") COMPLIANCE
PrestoCorp is concerned about the safety of children when they use the internet, and will never knowingly collect Personal Information from minors (children under 13 years of age, or any other age defined under applicable law) without prior verifiable parental consent that complies with those recommended practices and applicable rules put forth by the Federal Trade Commission. Our Site and Services are all expressly directed to people who are at least 13 years old or older. If we become aware that a minor is attempting to or has submitted Personal Information, we will not accept such Personal Information and will then take prompt steps to remove any such Personal Information from our records, Site and Services.
LINKS AND THIRD-PARTY WEBSITES.
HOW TO OPT OUT OR REQUEST CHANGES.
Under laws that may apply to you, you are entitled to request that PrestoCorp:
Provide you with a copy of your Personal Information that we hold;
Cease processing your Personal Information, in whole or in part, as you direct us, for the purposes of direct marketing; Correct any errors in that Personal Information; and Update Personal Information as required.
If you would like to receive a copy of the Personal Information we have about you as submitted to us via this Site, or if you wish to opt out of receiving marketing related communications from us, please send a request to PrestoCorp at [email protected] If your Personal Information is incorrect or incomplete, and you wish us to correct or delete it, please contact us. We will then make reasonable efforts to timely correct or update your Personal Information (unless we require further information from you to complete your request).
You may also ask us to remove your name and other Personal Information from our databases. For each such request, we will make all reasonable efforts to do so promptly, subject to legal requirements and other considerations, which may require that we maintain your information for a specified length of time.
INFORMATION CHOICES AND CHANGES
Our marketing emails tell you how to “opt-out.” If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you.
You may send requests about personal information to our Contact Information below. You can request to change contact choices, opt-out of our sharing with others, and update your personal information.
You can typically remove and reject cookies from our Site with your browser settings. Many browsers are set to accept cookies until you change your settings. If you remove or reject our cookies, it could affect how our Site works for you.
340 S. Lemon Ave #1350
Walnut, California 91789