Last Updated: June 4, 2025

Privacy Policy

Purpose & Scope

This Privacy Policy explains how On Time DME Corp. (“we,” “us,” or “our”) collects, uses, shares, and protects your information when you visit or interact with our website (https://ontimedme.com). It applies only to information collected online. It does not cover information collected offline or on any other websites that may be linked from our site.

Definitions

• Personal Data: Any information relating to an identified or identifiable individual.
• Protected Health Information (PHI): Health data covered under HIPAA.
• Business Associate: Third parties processing PHI on our behalf under a Business Associate Agreement (BAA).

1. Information We Collect

• Contact & Account Data: When you submit forms, create an account, or place an order, we collect your name, email ([email protected]), phone (718-587-9872), mailing/shipping address, and any other information you provide.
• Health Information (PHI): If you request prescription services or CGM support, we collect prescription details, CGM preferences, and related PHI (HIPAA-protected).
• Payment & Shipping Data: When you make a purchase, we collect payment method details (e.g., credit card number, billing address) and shipping recipient name, address, and phone number.
• Technical & Usage Data: IP address, browser type, device information, pages visited, and interactions collected through cookies, web beacons, and analytics tools.
• Communications Data: Records of phone calls, SMS, WhatsApp messages, and emails if you contact us or we reach out to you (with your consent).

2. How We Use Your Information

• To process orders, confirm purchases, verify insurance/prescription validity, and prevent fraud.
• To communicate with you by phone (718-587-9872), email ([email protected]), SMS, or messaging apps (with consent).
• To personalize and improve our website, products, and services.
• To administer contests, promotions, surveys, or other website features.
• To comply with legal obligations (e.g., HIPAA, CMS, CCPA).
• To detect and prevent unauthorized or fraudulent activity.

3. Marketing & Electronic Communications Consent

By providing your contact details, you consent to receive marketing communications (phone calls, SMS, WhatsApp messages, or email) from On Time DME Corp. Message and data rates may apply. You can opt out of SMS or WhatsApp communications at any time by texting STOP to the number you received or by contacting us. You can withdraw consent to email marketing by using the unsubscribe link in any email. Consent is not required to purchase products or services. For details, see our Privacy Policy.

4. Cookies & Tracking Technologies

We use cookies and similar technologies to remember preferences, analyze traffic, and improve functionality. You can accept or decline non-essential cookies via our Cookie Policy banner. Disabling cookies may limit certain site features.

5. Third-Party Sharing

We share data only with:

• HIPAA-compliant Business Associates under a Business Associate Agreement (CRM, email/SMS providers).
• Analytics and advertising partners for aggregated, non-identifiable data—see their privacy pages below.

We do not sell your personal information.

• Google Analytics Privacy Policy
• Facebook Pixel Privacy Policy

6. Affiliate & Third-Party Links

Our site may contain links to affiliate or third-party websites. These linked sites have their own privacy practices, which may differ from ours. We are not responsible for the content or practices of any linked site. We recommend reviewing their privacy policies before providing any personal information.

7. Your Rights & Choices

• Access & Correction: Request your data or corrections by emailing [email protected] or using our Data Request Form.
• Deletion (“Right to be Forgotten”): Ask us to delete your account and PHI (subject to legal retention requirements).
• Data Portability: Receive a copy of your data in a machine-readable format.
• Opt-Out Marketing: Unsubscribe from promotional emails or texts at any time as described in Section 3.
• Cookie Preferences: Manage via our Cookie Policy banner or your browser settings.
• Do Not Track: If your browser sends a Do Not Track signal, we will not track your online activity beyond essential site functionality.

8. HIPAA Compliance

All PHI is encrypted in transit (TLS/SSL) and at rest. We perform annual risk assessments, enforce role-based access with multi-factor authentication, and maintain audit logs. Our HIPAA policies apply to all staff and vendors handling PHI. In case of a breach, we follow HIPAA breach-notification rules.

9. GDPR & CCPA

EU and California residents have additional rights under GDPR and CCPA. You may contact our Data Protection Officer (DPO) at [email protected] or call 718-587-9872 to exercise those rights or to submit data-subject requests.

10. Data Retention & Secure Disposal

We retain personal and health data only as necessary to fulfill business, legal, and regulatory obligations. When data is no longer needed, we securely dispose of it using NIST-compliant methods. Daily encrypted backups are stored off-site, and quarterly restore tests are performed to ensure integrity.

11. Incident Response & Enforcement

We maintain a documented Incident Response Plan. In the event of a data breach, we notify affected individuals and regulators within required timelines, following HIPAA breach-notification rules, and cooperate with enforcement bodies such as HHS OCR and state attorneys general. Non-compliance with these policies may result in disciplinary action up to termination.

12. Children’s Privacy

Our site is not intended for children under 18. We do not knowingly collect information from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately to have it deleted.

13. International Transfers

By visiting our site and providing data, you acknowledge and agree that we may transfer and store your data in the United States or other jurisdictions. You consent to this transfer and waive any rights provided by local laws or treaties.

14. Security Measures

We implement administrative, technical, and physical safeguards to protect your information, including:

• Encryption (TLS 1.2+ for data in transit; AES-256 for data at rest).
• Multi-factor authentication for internal systems.
• Regular vulnerability scans and penetration tests.
• Restricted access controls and least-privilege principles.
• Continuous monitoring and logging of system activity.

15. Electronic Disclosure of PHI

Your protected health information, whether collected online or offline, may be disclosed electronically in accordance with federal and state laws and our Notice of Privacy Practices. We follow HIPAA guidelines for electronic disclosures and ensure all required safeguards are in place.

16. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Changes become effective when posted on this page. Your continued use of the site after changes indicates acceptance of the revised policy. It is your responsibility to review this page periodically.

17. Online Policy Only

This Privacy Policy applies only to information collected through our website and does not cover information collected offline.

18. Children’s Online Privacy Protection Act (COPPA)

We comply with COPPA and other applicable laws regarding children’s privacy. We do not knowingly solicit or collect personal data from children under 18. If you believe we have collected information from a minor, please contact us immediately.

19. Your Consent

By using our website, you consent to the collection, use, and transfer of your information as described in this Privacy Policy.

20. Contact Us

If you have questions, comments, or requests regarding this Privacy Policy, please contact:

• Email: [email protected]
• Phone: 718-587-9872
• Data Protection Officer: [email protected]