Updated April 28, 2023
Torchlight has designed the Site to comply with applicable data protection standards such as SOC2 Type II, HIPAA, CCPA, GDPR, and PIPEDA. Privacy laws vary from country to country and may differ depending on your location. Torchlight has data centers in both the United States and Canada. Your organization will decide where your data is located, i.e., the United States, Canada, or both. In most cases, your data is stored in the same country where your corporate headquarters is located.
The information collected by Advertising Trackers can be used in any one or more of the following ways: (1) to allow us to determine accurately how many people are using the Site, as well as selected sponsors' and advertisers' websites, (2) to determine how many people open our emails, and (3) to determine the purposes for which these actions are being taken. Our Advertising Trackers are not used to track your activity outside of the Site’s domain or the domains of our sponsors and/or advertisers.
We also reserve the right to determine what type of computer and web browser you are using, what website referred you to the Site, and what your connection speed is. This information is collected purely to enhance your experience on the Site. In addition, Torchlight may use IP addresses to analyze trends, administer the Site, track users’ behaviors and gather broad demographic information for aggregate use. We do not link your IP address to other Personally Identifiable Information about you.
By providing us with such personal information, you expressly grant Torchlight and all other persons or entities involved in the operations of the Site the right to transmit, monitor, retrieve, store and use such information in connection with the operation of the Site. In particular, Torchlight may use other information about you (1) to provide you with the products, services or procedures that you request; (2) to communicate with you in general; (3) to respond to your questions and comments; (4) to measure interest in and improve our products, services, and the Site generally; (5) to notify you about special offers and products, services or procedures that may be of interest to you; (6) to otherwise customize your experience with the Site; (7) to enforce our Terms of Service; and (8) as otherwise described to you at the point of collection. In addition, we may ask you to confirm your personal information when you contact us, as this will allow us to protect your confidentiality by verifying your identity.
Torchlight also may share your information in the following situations:
a. Legal Compulsion: In response to legal proceedings, such as subpoenas, court orders, or search warrants; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases we reserve the right to raise or waive any legal objection or right available to us.
b. Investigations: When it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to defend or assert the rights, property, or safety of our organization, our customers, or others; and in connection with our Terms of Service. Should we be legally compelled to disclose your personal information to a third party, we will attempt to notify you about such an action unless doing so would violate the law or court order.
c. Corporate Transactions: In connection with a corporate transaction--including, without limitation, a merger, divestiture, or asset sale--or in the unlikely event of bankruptcy.
Torchlight does not sell any personal information or data at any time, to anyone, for any reason.
You can access your personal information by logging into your account on the Site using the username and password you provided during the registration process. You also can review, correct, change, add, or update information on your account settings page at any time. To delete or to request an export of your personal information, contact us via email at firstname.lastname@example.org, toll free at (844) 693-3477, or by submitting a Torchlight Support Request Form. As discussed above, you can choose not to provide us with certain information beyond the information required to register and establish a member account, although additional information may be needed to properly use certain features on the Site. Even if you registered as a member of the Site, you will still be given the opportunity to unsubscribe from commercial and transactional messages in any such email we send as required by applicable laws. If you have a complaint or problem, please contact us at email@example.com. If you would like to remove your personal information entirely from the Site and our database, please contact us toll free at (844) 693-3477, submit a Torchlight Support Request Form, or email us at firstname.lastname@example.org, accordingly.
After receiving your information access or removal request, we require you to verify your identity before providing or removing your information. After we have verified your identity, we will provide and/or remove your personal information within 30 days of your request. After deletion, you will no longer be actively associated with the Site. Nonetheless, it may be impossible for us to remove every instance of information associated with you from all of our records, including log files, history digests or public forums or message boards, though the information may exist for our internal purposes only and will not be shared with other parties. In addition, you understand that, even after removal, copies of content provided by you may remain viewable in cached and archived pages or if other users have copied or stored such content.
If you choose to have us share your information with a third-party organization, you will have to contact them directly in order to remove your information from their databases. We do not maintain control over the databases of such third-party organizations, and thus we cannot reasonably control the removal of your personal information from the databases of those organizations.
We will never ask you for credit card information or any other financial data, although additional services that require a third party may require such data.
Please note that, there is always a risk that an unauthorized third party may gain access to your information by bypassing our security measures or by intercepting the transmission of your information over the Internet. For example, a spyware program that you may have inadvertently installed on your computer may be logging your keystrokes and sending the information to an unauthorized third party.
We are committed to protecting the privacy and security of our users’ data. As of January 1, 2021, Torchlight operates as a Business Associate in compliance with the Health Insurance Portability and Accountability Act of 1996. If you have accessed the Site through one of our partners with whom we have a Business Associate Agreement, including the CVS Point Solutions Management (PSM) platform, also referred to as Pharmacy Benefits Management (PBM) or Vendor Benefits Management (VBM), or are using the Site through the CVS partnership, Torchlight may collect, store, and transmit Protected Health Information (“PHI”), including demographic, insurance, and payment information. This information is used to verify eligibility with CVS during registration and to facilitate billing.
As mentioned above, you can access your personal information by logging into your account on the Site using the username and password you provided during the registration process. You have the right to inspect and obtain a copy of your Protected Health Information maintained by Torchlight. You may do so by completing a support request or by contacting us at email@example.com. We will work with you to provide a copy of your Protected Health Information in a secure and timely manner. You may also request corrections to your health information through the same means.
The Site does not cater to children under the age of 13, and we are deeply committed to protecting the privacy of children. Should a child whom we know to be under the age of 13 send personal information to us, we will use that information only to respond directly to that child to inform them that we must have parental consent before receiving their personal information. Neither Torchlight nor any of its affiliates nor services are designed or intended to attract children under the age of 13. In the unlikely event a person under the age of 13 requires the use of the Site, we encourage that child's parent or legal guardian to establish an account to be used by such parent or legal guardian on behalf of such minor, and it becomes that parent's or guardian’s responsibility to monitor the use of such an account. The parent or guardian is also responsible for maintaining the accuracy of any information so submitted. Furthermore, any information that Torchlight or any of our affiliates provide is directed at the parent or guardian, whom we hold responsible for interpreting and using that information. We take no responsibility for a child who knowingly falsifies their information in order to obtain information from us or from any of our Providers’ or other partners’ websites.
Torchlight does not sell any personal information or data at any time, to anyone, for any reason.
The California Consumer Privacy Act of 2018 (“CCPA”), effective as of January 1, 2020, requires businesses that collect personal information of California residents to make certain disclosures regarding how they collect, use, and disclose such information.
This section addresses those requirements. For a description of all of our data collection, use and disclosure practices, please read this Privacy Notice in its entirety.
California law gives California residents the right to make the following requests with regard to certain information we collect about them, at no charge, two times every 12 months:
See below for more information about each of these requests.
What personal information do you collect about me? If you make this request and we can verify the request comes from you, we will provide (to the extent possible and required by law):
You may request this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to personal information collected in the previous twelve months.
Torchlight will verify that the information you submit in the request matches our records before we fulfill the request along with verifying your identity. You may use an authorized agent to submit a consumer rights request on your behalf using the methods above, however, Torchlight will require the authorized agent to provide signed permission to submit the request on your behalf and may still contact you to confirm your identity and that this request was submitted with your permission. Torchlight does not discriminate against you for exercising your rights or offer you financial incentives related to the use of your personal information. Please note that if you ask us to delete your data, it may impact your experience with us as some personal information is required for registration and some services require personal information to function.
If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland you have the following data protection rights:
You can exercise the rights listed below by contacting us via email at firstname.lastname@example.org, toll free at (844) 693-3477, or by submitting a Torchlight Support form. Once the request has been confirmed and your identity has been verified, we will respond to your request within 30 days. The 30-day period begins from the date that the required documents are received. You will be informed by Torchlight in writing if there will be any deviation from the 30-day timeframe due to other intervening events.
The Personal Information Protection and Electronic Documents Act (PIPEDA) establishes rules to govern the collection, use, and disclosure of personal information in a manner that recognizes the right to privacy of individuals with respect to their personal information and the need of organizations to collect, use, or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances. Torchlight is committed to protecting and respecting the personal information of its customers, employees, business partners, and all other entities it interacts with in accordance with PIPEDA. This policy will provide guidelines to ensure that Torchlight remains compliant with PIPEDA requirements.
Torchlight follows PIPEDA’s 10 fair information principles as they relate to the collection, use, and disclosure of personal information, as well as to providing access to personal information. These principles give individuals control over how their personal information is handled in the private sector.
In addition to these principles, PIPEDA states that any collection, use, or disclosure of personal information must only be for purposes that a reasonable person would consider appropriate in the circumstances.
An organization is responsible for personal information under its control. It must appoint someone to be accountable for its compliance with these fair information principles.
Torchlight has designated the following position responsible for PIPEDA compliance:
Program Manager: Information Security & Compliance Officer
25 Corporate Drive, Suite 100
Burlington, MA 01803
United States of America
The purposes for which the personal information is being collected must be identified by the organization before or at the time of collection.
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information.
Consent may be withdrawn by contacting us using our Support Request Form.
The collection of personal information must be limited to that which is needed for the purposes identified by the organization. Information must be collected by fair and lawful means.
Torchlight requires first name, last name, and a working email address to use the platform although other information may be encouraged to help target content.
Unless the individual consents otherwise or it is required by law, personal information can only be used or disclosed for the purposes for which it was collected. Personal information must only be kept as long as required to serve those purposes.
Personal information must be as accurate, complete, and up to date as possible in order to properly satisfy the purposes for which it is to be used.
Torchlight maintains the integrity of data submitted by users and remains untouched unless edited by the user. Optional profile information, for example, is editable by the user and is used to enhance the experience within the Torchlight platform.
Personal information must be protected by appropriate security relative to the sensitivity of the information.
Torchlight employs technical and other safeguards backed by policy, procedure, and training to ensure personal information is protected. Encryption is used while information is in transit and while at rest.
An organization must make detailed information about its policies and practices relating to the management of personal information publicly and readily available.
Upon request, an individual must be informed of the existence, use, and disclosure of their personal information and be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Torchlight provides to users the Support Request Form. Policies and procedures are in place to satisfy any such request to comply. Responses are provided to verifiable requests within 30 days unless additional time is reasonably required (in which case notice is provided).
An individual shall be able to challenge an organization’s compliance with the above principles. Their challenge should be addressed to the person accountable for the organization’s compliance with PIPEDA, usually their Chief Privacy Officer.
The Support Request Form is the preferred way for an individual to submit a challenge. Challenges are handled by the individual identified under Principle 1.