LedgerDomain Inc. built the XATP Compliance Suite and XATP Mobile App (“XATP”). This service is provided by LedgerDomain at no cost and is intended for use as is. This page is used to inform visitors regarding our policies with regard to the collection, use, and disclosure of Personally Identifiable Information (PII) if anyone decides to use our Service. If you choose to use our Service, then you agree to the collection and use of information in relation to this policy.
XATP enables users to scan GS1-compliant 2D barcodes or enter the human-readable data associated with said barcodes (hereafter referred to as “the barcode” or “barcodes”) on drug packages distributed within the United States in order to access information about the drugs. These barcodes contain no PII, and the information provided to users is compiled from publicly available US federal government databases.
INFORMATION COLLECTION AND USE
Looking up drug information. When a user submits a unique identifier, XATP may provide publicly available information about the drug. LedgerDomain specifically disclaims any responsibility for the veracity of these public datasets and asks that users confirm this content for themselves.
Applying for a verifiable credential. To gain access to functionality intended only for Authorized Trading Partners as defined under the Drug Supply Chain Security Act of 2013, we may require you to provide us with certain personally identifiable information which we use to validate your identity. These include:
- Email address
- Phone number
- Photo (including the user, and may include an acceptable form of ID)
- Email of your Pharmacist in Charge (PIC)
- Name of dispenser that you operate
- Address of dispenser
- Pharmacy license number
Submitting a verification request. When a user who holds a verifiable credential submits a verification request to another ATP or their agent in compliance with the DSCSA, the unique identifier is uploaded to private storage. The following data may be written to XATP data systems: document ID, uploader user ID, nonce value, document hash value, and upload timestamp. None of the aforementioned data contains any PII.
When you submit a drug verification request, the following PII is provided via email to the drug’s manufacturer as part of the request: name, email address, email of your PIC (where applicable), name of dispenser that you operate, and address of dispenser. The information contained in the barcode is also sent to the manufacturer.
Responding to a verification request. Manufacturers who receive verification requests from dispensers via XATP have the ability to securely respond to the request as part of their obligations under DSCSA. The response (i.e. whether the information contained in the barcode is verified or unverified) is retained in secure data storage, and a notification is sent to the requesting user. While LedgerDomain may be able to determine whether a manufacturer has been able to respond to a given verification request, LedgerDomain may not have the ability to determine whether a particular barcode has been marked as verified or unverified.
The app does use third-party services that may collect information used to identify you.
We want to inform you that whenever you use our Service, in a case of an error in the app we collect data and information (through third-party products) on your phone called Log Data. This Log Data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing our Service, the time and date of your use of the Service, and other statistics. Log Data may be collected from any user, regardless of whether they have been issued a verifiable credential.
Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device’s internal memory.
This Service does not use these “cookies” explicitly. However, the app may use third-party code and libraries that use “cookies” to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this Service.
We may employ third-party companies and individuals due to the following reasons:
- To facilitate our Service;
- To provide the Service on our behalf;
- To perform Service-related services; or
- To assist us in analyzing how our Service is used.
We want to inform users of this Service that these third parties have access to your PII. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.
We value your trust in providing us your PII, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.
LINKS TO OTHER SITES
These Services do not address anyone under the age of 13. We do not knowingly collect PII from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us email@example.com so that we will be able to do necessary actions.