T1D Exchange Privacy Notice
Effective Date: Month Day 2020
- Our Commitment to PrivacyT1D Exchange, Inc. (“T1D Exchange“, “we“, “us“, “our“) is an independent nonprofit organization (501(c)(3)), whose mission is to accelerate therapies and improve care for people living with type 1 diabetes. T1D Exchange values the privacy of your Personal Information. “Personal Information” is information that can be used to identify you, directly or indirectly, alone or together with other information. Personal Information may include, but is not limited to, your name, physical addresses, telephone numbers, e-mail addresses, health data, and demographic information. It may also include your history of transactional or other activities on our Digital Properties. It does not include data where the identity has been irretrievably removed (anonymous data). For example, certain information may not be personally identifiable when standing alone (e.g., your age), but may become so when combined with other information (e.g., your age and name).This Privacy Notice is meant to inform you of T1D Exchange’s data collection and disclosure policies and practices related to your Personal Information gathered by T1D Exchange in connection with our websites, user portals (such as the TID Exchange Registry), platforms (such as the T1D Exchange Quality Improvement Collaborative platform), social media channels, electronic newsletters, and other T1D Exchange digital properties (the “Digital Properties”), T1D Exchange print publications, and any of our other products or services (for example, events, research, surveys, personalized content, and the like). These are collectively referred to as “Services” throughout this Privacy Notice. What Personal Information we collect may vary based on your interaction with us and requests for our Services. By using T1D Exchange’s services and our Digital Properties, and/or submitting any of your Personal Information to T1D Exchange, you agree with the terms of this Privacy Notice. If you do not agree with this Privacy Notice, please do not provide us with any Personal Information and refrain from using our Services, Digital Properties, and/or submitting any Personal Information.
We encourage you to read this Privacy Notice, together with any other privacy notice we may provide on specific occasions when we are collecting or using Personal Information about you, so that you are fully aware of how and why we are using your data. We may post a supplemental privacy notice on a specific Digital Property that is applicable only to that Digital Property. This Privacy Notice is intended to be read together with our supplemental and other privacy notices and is not intended to override them.
- Modifications and Updates to the Privacy NoticeT1D Exchange may periodically update this Privacy Notice. We reserve the right to change, modify, add, or remove portions of this Privacy Notice at any time. We will notify you about material changes to this Privacy Notice by placing a prominent notice on T1DExchange.org (the “T1D Exchange Site“). Your continued participation in our research opportunities and/or use of our Digital Properties and Services indicates your agreement with these modifications and updates. If you do not wish your Personal Information to be subject to the revised Privacy Notice, you will need to discontinue using our Digital Properties and Services.
- ChildrenT1D Exchange does not knowingly or specifically collect Personal Information from users under the age of 13. If you are a minor over age 13, the T1D Exchange Registry will require consent from your parent or guardian before you may use it.
- Categories of Information We CollectT1D Exchange may collect, use, store and transfer Personal Information about you; these categories Include:
- Identity Data (for example, your first name, maiden name, last name, username or similar identifier, birth date, gender, marital status, title, or other demographic information).
- Contact Data (for example, your billing address, delivery address, email address and telephone numbers).
- Financial Data (for example your bank account and payment card details when you make a donation).
- Transaction Data (for example, details about payments and donations you made).
- Technical Data (for example, your internet protocol (IP) address, internet service provider (ISP), your login data, browser type and version, browser language, referring/exit pages, operating system, date/time stamp, clickstream data, time zone setting and basic geolocation, device type, unique device identifiers, plug-in types and versions, platforms and other technology on the devices you use to access our Services and Digital Properties).
- Usage Data (for example, information about how you use our Digital Properties and Services, including, for example, if you contact T1D Exchange we may log information about the means through which you contacted us and our interaction with you).
- Profile Data (for example, your username and password, orders or donations made by you, your interests, preferences, feedback, and identified-survey responses)
- Marketing and Communications Data (for example, your preferences in receiving marketing from us and our third parties, if any, and your communication preferences).
- Employment Information (for example, you may be asked to provide your past and current employment history when applying or volunteering for a position with T1D Exchange).
- Image and Voice Recordings (for example, if you attend or participate at one of our events or conferences you may be photographed or videotaped, or if you provide an interview you may be recorded).
- Educational & Training Data (for example, you may be asked to provide information about your education and training when applying or volunteering for a position with T1D Exchange).
- Family Circumstances.
- Health Information (for example, if you are a Registry participant providing co-morbidity, device use, self-reported outcome or other health information in responding to research surveys, or if an independent clinic or health provider participating in the Quality Improvement Collaborative provides limited patient health information).Anonymous and Aggregated Data. T1D Exchange also collects, uses, and shares anonymous data such as research, statistical or demographic data, to be used in an aggregate fashion or with identifying data removed. For example, T1D Exchange may aggregate your usage data to help diagnose problems with our servers, to monitor traffic patterns, to determine which services are used most frequently and to assess site usage. We may aggregate information about you to provide materials and external reports for other users of the Digital Properties, our research partners, investors, donors, auditors or similarly situated external parties. For example, T1D Exchange users may voluntarily answer a “Question of the Day,” and we may post the results in summary form (on the site or elsewhere), as in “56% of T1D Exchange users reported that they are satisfied with their insulin pump,” or provide that information to a researcher. However, if we combine or connect anonymous aggregated data with your Personal Information so it can directly or indirectly identify you, we treat the combined data as Personal Information which will be used in accordance with tis Privacy Notice.
Personal Information does not include, and this privacy notice does not cover, data from which individual persons cannot be identified, where the identity of an individual has been irretrievably removed, or situations in which personal information is anonymized.
If you fail to provide Personal Information. Where we need to collect Personal Information by law, under the terms of an agreement we have with you, to provide our Services, or for our other legitimate interest, and you fail to provide that information when requested, we may not be able to perform or provide our Services for you (or the agreement with you), include you in our research surveys, or otherwise fulfil or meet your request, or we may have to cancel a product or Service you have with us. We will notify you if this is the case at the time.
- How We Receive or Collect Your Personal InformationThere are different ways that we may collect information about you, but generally we will collect your Personal Information from either you (directly or indirectly), third parties, or public resources. For example:Directly from You. We may collect your Personal Information directly or indirectly from you, offline or online. For example, you may provide us with your information when you set up a user account, use our Services, participate in a survey, request information from us, or otherwise communicate with us. Depending upon your device and browser settings, we collect your Personal Information, including information about your device, via cookies and tracking mechanisms.
Information from Third Parties. We may receive your Personal Information from third parties, offline or online. As is the case with most organizations, T1D Exchange uses subcontractors and vendors to assist with our technology, security, payment processing, order-fulfillment, delivery, marketing, analytics, and other business services who, in the course of acting on our behalf, may provide us with your Personal Information. We may receive your Personal Information if a third-party recommends you to us for involvement with T1D Exchange, such as a member, researcher, donor, or the like. We may receive your information from an independent clinic or research entity (for example, if they are participating in our Quality Improvement Collaborative program), or from an independent charitable donation website where you donate on our behalf. Another third party source of your Personal Information may be through social media, which depends upon your privacy settings with that third-party platform.
Public Resources. We may also collect Personal Information from public resources, which is usually used to supplement Personal Information we have received from you, but may also be of prospective individuals (such as users, members, supporters, research partners) in order to advance our mission, or to help grow our organization. For example, we may collect Personal Information from websites, curated databases, annual reviews, mailing change of address lists, electoral registers, news or journal websites, or other similar publicly available resources.
- How We Might Use Your Personal InformationT1D Exchange may use your Personal Information for the following purposes:
- To provide Services/products.
- To provide Services on behalf of a third-party organization (for example, in connection with our research activities and the Quality Improvement Collaborative program).
- Conducting T1D-Related Research. (For example, in connection with the Registry and pursuant to a separate Research Consent).
- To provide relevant news and developments about T1D Exchange Services, research opportunities, and initiatives that may be of interest to you.
- To provide information about different T1D Exchange Services and research opportunities, or those of third parties (such as our sponsors, investors or research and industry partners).
- Inquiry/Request response.
- Processing of orders and donations.
- Building and maintaining member, research participants, donor, supporter, and sponsor profiles.
- Maintain relationship records.
- Conduct due diligence and ethical screening.
- General reports on Services, research, and work provided.
- Surveys, Feedback, Reviews, Testimonials, and Exemplars.
- Marketing Purposes.
- Meaningful User Experience.
- Social Media Platforms. We may also collect your Personal Information when you connect with us through social media (e.g. Facebook, Twitter, and Instagram). If you do not want to provide us with this information, you need to adjust the privacy settings on your social media account, and/or otherwise follow the third party’s instructions.
- Creating a Member Profile. We may use your Personal Information, such as your name and email address, when you create a “Member Profile.” For example, you may create a Member Profile with us on the T1D Exchange Site to comment on content or share experiences, or participate in our forums or discussion groups. You also may create a Member Profile on the Registry prior to the eligibility screening and consent process. If you are an authorized clinic or health provider representative, you may create a Member Profile to access the Quality Improvement Collaborative platform.A Note on Member Profiles: We may provide on our Digital Properties the ability to use your Member Profile to post comments and messages in chat rooms, discussion boards, comments, online forums, and other interactive technologies that may be tied to your username and email. Please be careful when posting Personal Information, as information you post in such community forums is public information and we cannot control how third parties may use the Personal Information you choose to share.
- Online Forum Engagement. We may collect your Personal Information when you engage with the online communities on our Digital Properties. Please note that our online forums are public within the T1D Exchange community, so we recommend that you exercise care in deciding what information and content you wish to disclose.
- Administer donation, legacy, or support fundraising (including by providing charitable tax deduction information).
- To apply for grant(s) or funding.
- At your direction. We may collect and use your Personal Information at your direction or as otherwise needed to fulfill the purposes for which you provided the Personal Information or that were distributed when it was collected.
- To verify and/or authenticate an identity, access rights, privileges, etc.
- Job and Volunteer Application Administration.
- Background Checks.
- Credit checks/credit risk reduction.
- Government Reporting/Audit/Requests Requirements. We may use or share Personal Information in order to satisfy governmental reporting, tax, and other requirements, as required by law. This may include having to meet U.S. national security or law enforcement, regulatory, or self-regulatory requirements.
- Internal or Third-Party Audits, Compliance and Certification Reviews.
- Staff Administration.
- Other Business-Related or Mission-Related Purposes. For other business- or mission-related purposes permitted or required under applicable local law and regulation or to enforce our agreements, policies, and terms of service.
- As otherwise obligated by law.
- Third Party Personal InformationWhen you use our Services, donate, communicate with us, post on our Digital Properties, or otherwise interact with T1D Exchange, you might provide us with/disclose another person’s Personal Information. If you choose to provide us with that Personal Information, you represent that both the disclosure and the processing of that information in accordance with this Privacy Notice is permitted under applicable law.
- With Whom Do We Share Your Personal Information?Except as set out in this Privacy Notice or as required by law we do not sell, license, rent, or swap your Personal Information without your permission. We may have to share your Personal Information with the categories and types of parties set out herein for the purposes outlined above. For example, we may share your Personal Information with our service providers, vendors and consultants, with our marketing partners, sponsors, funding partners and Investors, social media platform providers, online forum visitors, other Digital Property members and participants, research and industry partners, analytics solution providers, survey administrators, auditors and due diligence entities, merger or acquisition partners, other third parties with your consent or as required for legal compliance, law enforcement, public safety, or security purposes. We require all third parties to respect the security of your Personal Information and to treat it in accordance with the applicable law.
- Retention PolicyT1D Exchange will only retain your Personal Information for as long as necessary to fulfil the purposes for which it was received and/or as long as the law requires. To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymize your Personal Information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
- Links on Our Digital PropertiesWe may provide links to other websites and resources (“External Resources“) that are not part of the Digital Properties. We cannot be responsible for the privacy policies, practices, or content of these External Resources. We encourage you to review the privacy policies and terms and conditions of such External Resources so that you understand how they collect, use and share your information. Please be aware that this Privacy Notice does not apply to Personal Information collected on websites or other External Resources that may be linked to or through the Digital Properties.
- Cookies and Similar TechnologiesAs stated above, T1D Exchange uses “cookies” and other automated technologies, such as web beacons, for functionality, the convenience of our users (including recognizing users so they do not have to log-in repeatedly), and to generally enhance your experience using our Digital Properties. A cookie is a small text file that is recorded either temporarily or persistently on your computer by a web page server and is not intended to deliver viruses or other harmful programs to your computer. By relying on cookies, T1D Exchange is able to deliver a more efficient service that is more personalized for each user. Additionally, cookies allow T1D Exchange to monitor traffic patterns, website usage, and session information which help make our Digital Properties more useful.If you prefer, and depending on your web browser or device capabilities, you may have the option of setting how your browser or device handles cookies. Note that most functionality of our Digital Properties may be limited if you direct your browser or device to reject all cookies.
Some parts of our Digital Properties will also use other similar tracking technologies such as web beacons and pixels. These are also for the purpose of tracking activity on and interactions with our Digital Properties, including but not limited to the date and time of a visit, the pages visited, the referring web page or Digital Property, the type of browser, and other similar information.
- SecurityT1D Exchange has implemented reasonably appropriate security measures to protect your Personal Information both online and offline, including measures to prevent your Personal Information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed, and to maintain its accuracy and integrity. While no security is impenetrable, we implement and maintain reasonably appropriate technical, physical, administrative and organizational measures to ensure a level of security appropriate to the risk for our use of the Personal Information, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing. We restrict unauthorized persons from accessing Personal Information and encryption technologies are used when transferring, receiving and storing Personal Information. We also maintain, monitor, test, and upgrade information security policies, practices, and systems, as well as implement physical and technical safeguards to assist in protecting the Personal Information that we knowingly collect from or receive about you, and to maintain the ongoing confidentiality, integrity, availability and resilience of our systems and services.
- Opt-Out and Access to InformationParticipation by you in the Digital Properties and our Services (including research through the T1D Exchange Registry) is voluntary. If you decide at any point that you no longer want to participate in a research study or other Service, or do not want be contacted about opportunities to participate in research studies and other Services, you may opt-out of future participation and request to be excluded from future opportunities by sending an e-mail to info@T1DExchange.org and identifying your opt-out preferences.You may opt-out of T1D Exchange using your Personal Information, or sharing your Personal Information with third parties, for marketing or fundraising purposes by emailing us at info@T1DExchange.org or by unsubscribing from such marketing emails using the appropriate link in the email. Please note that, in such cases, it will remain necessary for us to use your Personal Information to the extent it is needed to maintain a suppression list, and we may also be required to disclose your opt-out information to third parties so they can suppress your name, from future solicitations. Also, if you are a T1D Exchange Site member, Registry participant, or otherwise using our products or Services, you will continue to receive information and communications pertaining to your T1D Exchange account and/or Services even where you have opted out of marketing communications. Opting out does not affect any of T1D Exchange’s rights to use Personal Information provided to T1D Exchange under any separate Research Consent or other consent or authorization that you provided to T1D Exchange, or as it relates to information that T1D Exchange has already shared with third parties and no longer under T1D’s control, or that was used in a research study or for other purposes authorized by you.
Through your account(s) on our Digital Properties, you will have access to certain Personal Information that you have provided to T1D Exchange, such as your name and email address, and in the case of the Registry, your questionnaire responses. You may correct or amend Personal Information available through your account. Also, at your written request, we will provide you with access to other of your Personal Information held by T1D Exchange that is not available through your account but is otherwise held by T1D Exchange. At your written request and subject to applicable law, T1D Exchange will correct, amend, or delete your Personal Information, except where T1D Exchange determines that the burden or expense of providing access, correction or deletion is disproportionate to your privacy concerns, or where the rights of persons other than you would be violated. You may request correction, amendment and deletion of your Personal Information by sending an e-mail to info@T1DExchange.org.
- Storage of Personal Information in the U.S.T1D Exchange is headquartered and operates in the Commonwealth of Massachusetts, United States. If you are a resident of a country other than the United States, in order to provide you with our Services or products, as well as for operational and other legitimate interest reasons, we may process, store, and transfer Personal Information in a country which may be outside of your own, such as the United States or Ukraine. By providing us with your Personal Information you acknowledge such transfer of information out of your jurisdiction. US law may not offer the same privacy protections as the law of your jurisdiction. If you do not wish for certain Personal Information to be so transferred, please do not provide your Personal Information to us and/or take such steps described herein to prevent the collection of your Personal Information. Please note in your doing so, and without such information, we may be unable to provide a Service to you. If you have any questions, please contact us. Note: Participation in the T1D Exchange Registry is restricted to United States residents only.
- Questions and CommentsWe welcome and thank you for your comments, questions, and suggestions. You are encouraged to direct any comments and questions relating to this Privacy Notice and our use of your information to firstname.lastname@example.org or to email@example.com in writing to T1D Exchange, Inc., 11 Avenue De Lafayette, Boston, MA 02111. Those communications themselves, however, do not alter the terms of this Privacy Notice. Your use of T1D Exchange and related services are subject to this Privacy Notice, as posted on the T1D Exchange site and may be updated from time to time.
- Dispute ResolutionAny questions or concerns regarding the use or disclosure of Personal Information should be directed to T1D Exchange at the address given above. T1D Exchange will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the principles contained in this Privacy Notice. For complaints that cannot be resolved between T1D Exchange and the complainant, please see the Dispute Resolution section of the T1D Exchange Terms and Conditions of Use.
- Applicable LawThis Privacy Notice shall be governed by the laws of the State of Massachusetts, without regard to conflicts of law principles. Exclusive jurisdiction and venue for any dispute arising out of this Privacy Notice shall be the state courts or district federal courts of Massachusetts.