Privacy Policy

WASFAGO PRIVACY POLICY

Effective December 2021

OVERVIEW

We understand the importance of keeping your personal health information secure and private. We are required by law to provide you with this notice. This notice informs you about the privacy of your personal information and how we may use and share your personal information. We will make sure that your personal information is only used and shared in the manner described. We may, at times, update this notice. 

The WASFAGO Privacy Policy describes the electronic Protected Health Information (“ePHI”) that we collect from you, how we use it, and to whom we disclose it. To the extent your personal information constitutes PHI under HIPAA. Because WASFAGO’ Service operates in conjunction with pharmacy services provider (“Pharmacy” or “Your Pharmacy”), you are also subject to the Privacy Policy of Your Pharmacy, and you should review the Pharmacy’s website for the applicable notice of Privacy Policy.  

This Privacy Policy is incorporated and made as part of WASFAGO TERMS OF SERVICES.

YOUR ACCEPTANCE OF THIS PRIVACY POLICY AND CHANGES TO IT

By using WASFAGO Services, you consent to the collection and use of your information by WASFAGO in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not download, register with, or use this App. WASFAGO reserves the right to change this Privacy Policy at any time, without prior notice. Changes take effect on the date that appears on the revised Policy. If you use this App following a change in the Policy, your use will be understood that you accept the changes. We urge you to review this Privacy Policy frequently for changes. You can always revoke your consent via sending us a revoke request to  privacy@wasfago.com (See “CONTACT US”) . This policy DOES NOT apply to information that You provide to or is collected by any third party (see “THIRD-PARTY INFORMATION COLLECTION”). Third party websites and applications may have their own privacy policies which we encourage you to read before providing information on or through them.

DEFINITIONS 

HIPAA: The Health Insurance Portability and Accountability Act is a set of regulations developed for protecting the privacy and security of certain health information.

Covered Entities (CE): are defined in the HIPAA rules as health plans, health care clearinghouses, and health care providers who electronically transmit any health information. Examples on CEs; Hospitals, Clinics, Pharmacies, and Insurance companies.

Business Associate (BA): is any entity, individual or a company, that is provided with access to protected health information to perform services for a HIPAA covered entity. Such as but not limited to; Third Party Administrators (TPAs), Cloud services providers, and Wasfago.

Protected Health Information (PHI): Individually identifiable health information held or transmitted by a covered entity (CE) or its business associate (BA), in any form or media, whether electronic, paper, or oral. This is interpreted rather broadly and includes any part of a patient’s medical record (Including but not limited to; Patient’s name, address, email, mobile/telephone number, age, date of birth, gender, Emirates ID etc.) or payment history. When PHI is created, stored, transmitted, or received electronically it is often shortened to “ePHI”.

De-Identified Health Information or Pseudonymization: the processing of personal information in a manner that renders the personal information no longer attributable to a specific consumer without the use of additional information, provided that the additional information is kept separately and is subject to technical and organizational measures to ensure that the personal information is not attributed to an identified or identifiable consumer.

Confidentiality: means that e-PHI is not available or disclosed to unauthorized persons. The HIPAA confidentiality requirements support the prohibitions against improper uses and disclosures of PHI. 

Minimum Necessary: The minimum amount of protected health information needed to accomplish the intended purpose of the use, disclosure, or request. 

WHAT INFORMATION DO WE COLLECT ABOUT YOU AND HOW DO WE COLLECT THEM?

When you register for the Service, we collect information about you that are compelling to the Services we are offering. On minimum necessary basis, WASFAGO staff will not use or access your PHI unless it is necessary to do their jobs: (employees uninvolved in your Service request will not access your PHI). All of our team members are trained on HIPAA Privacy rules and they sign strict Confidentiality Contracts with us committing to protect and keep your PHI privately. In addition, our partners also sign agreements committing to protect and keep private any PHI they may come in contact with. We want you to know that your PHI is protected several layers deep with regards to our business relations. Also, we disclose to others outside our staff, only as much of your PHI as is necessary to accomplish lawful purposes.

We collect information from and about users of our App:

INFORMATION YOU PROVIDE

1. Upon registration/Signing up 

You will need to provide us with your mobile number only, you will receive a One Time Password (OTP) to authenticate your mobile device. No email credentials will be requested for using our App Services.

2. When you use the Service

You will need to submit additional information to us about your Emirates ID details, your address, payment details (See TERMS OF SERVICES), order consent, and details related to your prescription (Electronic prescription number or photo/s for your prescription). Your Pharmacy may also provide WASFAGO with information about you, including your prescription and insurance information, and historical data about your prescriptions. For example, Your Pharmacy will provide us with information about your prescribed items; in order that WASFAGO App can send you full payable information about your prescription such as but not limited to Co-payment details per prescribed medication “If required”, cost of items which might not be covered by your insurance plan, etc. 

AUTOMATIC INFORMATION COLLECTION AND TRACKING

When you download, access, and use the App, it may use technology to automatically collect:

IF YOU DO NOT WANT US TO COLLECT THIS INFORMATION, DO NOT DOWNLOAD THE APP OR DELETE IT FROM YOUR DEVICE. FOR MORE INFORMATION, SEE (CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION)

Third-Party Information Collection

When you use the App or its content, certain third parties may use automatic information collection technologies to collect information about you or your device. These third parties may include:

These third parties may use tracking technologies to collect information about you when you use this App. The information they collect may be associated with your PHI or they may collect information, including PHI, about your online activities over time and across different websites, apps, and other online services websites. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties’ tracking technologies or how they may be used, and we do not monitor your interactions with third parties. Any interactions you have with third parties are solely your responsibility. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see (CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION).

HOW DO WE USE THE INFORMATION WE COLLECT?

1. Administration of your WASFAGO App account

In order to provide the Service, we will use your information to:

  1. Create your account on the App.
  2. Manage changes to your account.
  3. Communicate and interact with you in relation to your WASFAGO App account. This can be by phone, secure email (Optional), or in-app push notifications.
  4. Provide you with support so that technical problems can be fixed
  5. Match you with local pharmacies that can dispense medication and if requested their pharmacy services
  6. Inform you about changes and/or updates to the service.
  7. To enforce the WASFAGO TERMS OF SERVICES, and to detect and protect against errors, frauds, and other unauthorized or illegal activities

2. Filling your prescriptions and Pharmacy service requests

WASFAGO will work with Your Pharmacy that has been selected from our network of pharmacies to process your prescription. Typically, We forward your prescription information to Your Pharmacy (Ideally, the nearest Pharmacy to your registered address), so that Your Pharmacy can handle on your behalf communicating with your insurance company or TPA, dispensing the prescribed items, and delivering your prescribed items to the registered address on the App. 

The pharmacy will use the information to identify and engage with you as part of our Services including sending you in-app notifications regarding your Order’s status, your insurance company or TPA’s approval status, filling your prescription, dispensing, and delivering the items prescribed.

The lawful basis for processing the Service is your explicit consent (Which will be needed every time you request the Service), no prescription will be filled and/or processed by Your Pharmacy without your consent. Your consent will enable Your Pharmacy to receive a photo of your prescription or Electronic prescription number (e-Rx number). Your pharmacy may contact you to verify your prescription or if they have any queries with the items prescribed.

3. Processing pill alarm requests

If requested, WASFAGO App will enable you to set a pill alarm to help you or your dependent to remember to take the medication, at the time and quantity advised by your Physician and Your Pharmacy.

4. Filling your dependent’s prescriptions and pharmacy service requests

If requested, WASFAGO App can be used to fill prescriptions for your dependents. To link one or more family/dependent accounts to yours, you will need to upload his/her/their Emirates ID into your App identification details section (See TERMS OF SERVICES section 9). Thereafter, what applies on Filling your prescriptions and Pharmacy service requests will be applied on your dependent’s prescriptions.

5. To bill or collect payment from you

On this App, we do not store, hold, or keep any sensitive payment details. Your payment will be accommodated on a payment hosting page that is managed and powered by a UAE based online payment processing gateway partner (Pointcheckout) and their vetted and approved third party vendor portal. See (WASFAGO TERMS OF SERVICES– SECTION 11 PAYMENT DETAILS).

6. Marketing activity 

As part of the service, you may receive push or in-app notifications regarding WASFAGO, services, offers, and complimentary goods offered by Pharmacies. These notifications will be sent to you by WASFAGO App only but not by Pharmacies nor by any other third party. We do not use your ePHI in our marketing materials; however, we create aggregate data that we may publish in reports and marketing materials about the Service. Aggregated Data is De-identified/ pseudo-anonymized Health Information and does not identify any individual User or User information. An example of Aggregated Data would be a finding that says, “65% of WASFAGO Users get their medications home delivered within 60 minutes.”

7. Disclosing your information without your permission

Notwithstanding anything else contained in this Notice, only in accordance with applicable HIPAA Omnibus Rule, and under strictly limited circumstance we may use or disclose your PHI without your permission, consent or authorization for the following purposes:

RETENTION OF YOUR INFORMATION

How long do we keep it for? 

In compliance with the use of information technology and telecommunication in the healthcare field” (The UAE ICT Federal Law no. 2, 2019), we will keep your ePHI for a minimum period of 25 years, or it will be destroyed/deleted immediately upon ceasing our activities. We will keep your WASFAGO account information and the information on any dependent for as long as you remain a user. 

If you cancel your account we will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Where do we store your information?

Your ePHI collected by WASFAGO App Services will be encrypted, processed, and exclusively stored in the United Arab Emirates only.

YOUR CHOICES ABOUT OUR COLLECTION, USE, AND DISCLOSURE OF YOUR INFORMATION

We strive to provide you with choices regarding the PHI and other personal information you provide to us. This section describes mechanisms we provide for you to control certain uses and disclosures of your information.

Tracking Technologies

You can set your browser to refuse all or some browser cookies or to alert you when cookies are being sent. However, the App does not use mobile cookies.

Promotion by WASFAGO. 

If you do not want us to send you promotional messages for our products or services, you can opt-out by emailing us at privacy@wasfago.com 

We do not control third parties collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. 

ACCESSING AND CORRECTING YOUR PHI AND OTHER PERSONAL INFORMATION

You can review and change your PHI or other information by logging into the App and visiting your account profile page. We cannot change your PHI or other information, nor can we delete your PHI or other information. We may deny access to your PHI or personal information when required by law or if we believe such access would cause the PHI or other information of a third party to be revealed.

WASFAGO’ SECURITY STANDARDS

We store all data provided to WASFAGO on UAE based cloud to comply with HIPAA Safeguards as well as the local health authorities’ regulations of the UAE. WASFAGO uses reasonable industry-standard security practices designed to protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction. To the extent your personal information constitutes ePHI, your ePHI will be protected under HIPAA. WASFAGO protects ePHI following the security standards required for business associates under HIPAA. Your information will be stored and processed in the United Arab Emirates by eHosting Datafort. Your requests, as well as your information, will be stored and securely transmitted into our cloud servers via end-to-end encryption. Any payment transaction information will be done through the hosting payment page, encrypted, and managed by Pointcheckout,and not WASFAGO; None of the WASFAGO team members will have any kind of accessibility to your payment details.

The safety and security of your information also depend on you. Where we have given you (or where you have chosen) a password or security pin number for access to certain parts of our App, you are responsible for keeping this password confidential. Do not share your password with anyone.

Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our App. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the App.

MODIFICATIONS TO THIS PRIVACY POLICY

WASFAGO may modify this Privacy Policy from time to time. If WASFAGO makes any material changes to this Privacy Policy, it will send you a notice with a link to the modified Privacy Policy. If you do not agree with the revised Privacy Policy, you may unsubscribe from the Service. If you continue to use the Service after the effective date of the change, you will be deemed to have agreed to the modified Privacy Policy.

EFFECT OF PRIVACY POLICY

This Privacy Policy forms part of and is hereby incorporated into, the WASFAGO TERMS OF SERVICES.

CONTACT US