Privacy Policy

Commitment to Privacy

Since our establishment in 1986, the Histiocytosis Association has been dedicated to preserving the confidentiality of the personal information of our donors and members. To demonstrate the importance of your privacy, the Histiocytosis Association has established this policy outlining our usage of any personal information collected by our organization.

Histiocytosis Association, Inc. Privacy Policy

The Histiocytosis Association ("Association,” "us," "our," and "we") values your privacy and is committed to accountability and transparency in the way we collect and use your personal information. In line with these values, this Privacy Policy describes how we may collect, use and share information about you when you visit our website [http://www.histio.org] (“Website”) or any mobile app we may offer from time to time (“App”) (collectively, our “Digital Properties”), request information, materials or support, or otherwise communicate or interact with us in person or electronically (collectively, the “Services”). By visiting our Digital Properties, using our Services, or otherwise manifesting your assent, you are agreeing to the terms of this Privacy Policy. This Privacy Policy is incorporated into and subject to our Disclaimer. Capitalized terms not defined herein have the meaning given to them in the Disclaimer.

Types of Information We Collect

In the course of operating the Digital Properties and providing the Services, we may collect and/or receive the following types of information.

Contact Information:  We may collect contact information via account registration, online information forms, order forms, submission forms, donation forms, event registration forms, over the phone, and/or by email. In most instances, the account information will include name, address, phone number, and/or email address.

Medical Information: We may collect information such as name, date of birth, diagnosis, and date of diagnosis directly from patients or indirectly from their caregivers. The Association is not a regulated party under the Health Insurance Portability and Accountability Act (“HIPAA”), and therefore does not comply with HIPAA.

Employment Information: We may request that physicians or other medical personnel provide information regarding their employers.

Donors: Donors may be required to provide payment information (e.g., credit card data), which will be collected and processed using a third-party merchant and payment gateway engaged by us.

Server Log Information. Our servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of such access, including the device’s IP address, user agent string (e.g., operating system and browser type/version), and the pages and links you’ve clicked on while on our Digital Properties, and details regarding your activity on the Digital Properties, such as time spent on the Website and/or App, and other performance and usage data. We may use these log files for purposes such as assisting in monitoring and troubleshooting errors and incidents, analyzing traffic, or optimizing the user experience.

Search Information. We collect the terms, keywords or items you search for when using the Digital Properties.

Information from Cookies and Similar Technologies. We may collect information using “cookies” and other similar technologies on our Digital Properties. Cookies are small packets of data that a website stores on your computer’s hard drive, your mobile device, or other storage medium so that your computer will “remember” information about your use. We use both first and third party session cookies (which expire when closing a visit to our Digital Properties), and persistent cookies (which remain on your device for an extended time or until you remove them). Information collected by cookies depends on its particular purpose such as conducting analytics or enabling certain functionalities.  If you do not want cookies placed on your device, you may be able to turn that feature off on your device. Please consult your browser or device documentation for information on how to do this and how to delete persistent cookies. However, if you decide not to accept cookies from us, certain aspects of the Digital Properties and the Services may not function properly or as intended.

By accessing or using the Digital Properties, and/or the Services, you consent to the processing of data about you by these third parties in the manner and for the purposes set out in this Privacy Policy.

How We Use Your Information

We may use the information collected from and about you, including Personal Information, for the following purposes:

  • Manage, operate, enhance and support the Digital Properties, the Services, and our everyday operations;
  • Analyze use of the Digital Properties and the Services;
  • Communicate with you about our Services and opportunities to support the Association via donations, volunteering, and other activities;
  • Contact you about clinical trials, research studies, and educational programs on histiocytic disorders, potential treatments, and other programs that you, someone you care for, or your patient may be interested in pursuing;
  • Prevent, detect and investigate any activities that are potentially prohibited, malicious, fraudulent, unlawful or contrary to good practice on our Digital Properties or through the Services;
  • Associate or combine your personal  information with other information we have such as information collected via cookies and other technologies to improve your experience on our Digital Properties ad provide content of interest to you;
  • Anonymize, aggregate and/or de-identify personal information (“Aggregated Data”), then use and/or disclose such Aggregated Data for any lawful purpose including our or third parties’ analytics, marketing, advertising, and data enrichment activities; and
  • Carry out other purposes described to you when collecting your personal information to which you consent, or as otherwise permissible under applicable law.

When and Why We Share Information

We may share or disclose your personal information to third parties pursuant to this Privacy Policy, or with your prior consent.

Service Providers.  We may share your information with certain third parties engaged to provide business related services, but only to the extent needed to enable them to provide such services. The types of companies that may receive personal information, and their functions, consist of the following: data storage and hosting services; technical assistance; database management; use analytics; payment processors; email services; customer service organizations.

Affiliated Companies. We may also disclose personal information to our parent companies, subsidiaries, affiliates, joint ventures, or other companies under common control in order to support the Digital Properties, the Services and associated activities and services.

Trials and Research Studies. We may disclose your contact information to sponsors, clinical research organizations, educational institutions, volunteers, service providers, or other entities engaged in conducting or supporting clinical trials, research studies, educational programs and similar activities regarding histiocytic disorders; however, in each case limiting their use of your information to contacting you regarding possible participation or other involvement by you, someone you care for, or your patient in such trials, studies, programs or similar activities.

Merger, Sale, or Other Asset Transfers. In the event of a merger, dissolution, reorganization or similar restructuring event, or the sale of all or substantially all of our assets, we expect that information we have collected including personal information will be transferred to the surviving entity in a merger or the acquiring entity.

Digital Properties Disclosure. Physicians who have provided their information for the Physicians directory have consented to have their contact information (as provided by them directly) listed on our Digital Properties for viewing by anyone who registers for an account on our Digital Properties. Physicians may request updates to their posted information by contacting us at: [insert email].

Awareness Campaigns. Your contact information may be used and disclosed to third parties to spread awareness, to conduct fundraising appeals, and to provide updates on the developments made in the search for a cure for histiocytic disorders.

As Required by Law and Similar Disclosures. We may also disclose personal information to defend ourselves in litigation or a regulatory action; when required or advised to do so by law, such as in response to a subpoena, or similar legal process, including to law enforcement agencies, regulators, and courts in the United States and other countries where we may operate; to enforce our rights or protect our property; to protect the rights, property or safety of others, investigate fraud, respond to a government request; or as needed to support auditing, compliance, and corporate governance functions.

Aggregated Data. We may also disclose Aggregated Data to third parties for lawful purposes.

Online security and privacy are of the utmost importance to the Histiocytosis Association. Therefore, we work with our online system service provider, Blackbaud®, to ensure that our online data collection process is safe and secure. To prevent unauthorized access, maintain data accuracy and ensure the correct use of information, we have put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information we collect online.

When you create an online account through our website, your information is processed by our website and its forms, which are hosted by Blackbaud, and linked to our database, also hosted by Blackbaud.  In addition to direct information collected, we employ the use of third party services, such as Google Analytics* and Google Signals to track website usage and visits. This information may include location, device type, page visitation information, and any demographic information you have made available to tracking services.

This includes the use of Blackbaud Merchant Services to process your payment information for any donations made at www.histio.org. Purchases of eStore items are processed through BigCommerce and BrainTree Payments, a division of PayPal.

Email Management

You may opt out of the use of your personal information for direct marketing purposes by emailing your instructions to privacy@histio.org, or by clicking the "unsubscribe" link located on the bottom of any Histiocytosis Association marketing email and following the instructions found on the page to which the link takes you. Please allow us a reasonable time to process your request. You are not permitted to unsubscribe from Service-related emails and communications.

Security of Personal Information

We use reasonable physical, managerial, and technical safeguards designed to protect your personal information from loss, misuse, unauthorized access or disclosure, and destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee, ensure or warrant the security of our databases or the databases of third parties with whom we may share your information (as permitted herein), or of any information provided to us, or processed on the Digital Properties or through the Services.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to obtain certain information about the types of personal information that companies with whom they have an established business relationship (and that are not otherwise exempt) have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. If you wish to submit a request pursuant to Section 1798.83, please contact the Association via email at privacy@histio.org.

Do Not Track

The Association does not respond to “Do Not Track” settings or other related mechanisms at this time.

Nevada Privacy Rights

We do not sell consumers’ covered information for monetary consideration (as defined in Chapter 603A of the Nevada Revised Statutes). However, if you are a Nevada resident, you have the right to submit a request directing us not to sell your personal information. To submit such a request, please contact us at privacy@histio.org with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account.

Our Commitment to Children's Privacy

We do not knowingly collect, maintain, or use personal information from children under 13 years of age. If you learn that a child has provided us with personal information in violation of this Privacy Policy, then you may alert us at privacy@histio.org.

International Visitors

Our servers are located in the US and elsewhere.  Please be aware that your information may be transferred to, processed, maintained, and used on computers, servers, and systems located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in the country where you are located. If you are located outside the United States and choose to use the Digital Properties or Services, you do so at your own risk.

External Websites and Apps

The Digital Properties or the Services may contain links to third party websites and/or apps.  These third-party websites and apps may collect information about you if you click on a link, and may automatically record information about your browsing behavior every time you visit or use services offered through the site and/or app. We have no control over the privacy practices or the content of these websites or apps.  As such, we are not responsible for the content or the privacy policies of those third-party websites or apps.  You should check the applicable third-party privacy policy and terms of use when visiting any other websites or apps.

Conflicts of Interest Policy

It is recognized that occasions may arise when a member of the Board or an officer of the Corporation has a financial interest or has a familial relationship with a person who has a financial interest in a contract or transaction involving the Corporation or a committee thereof.  In such cases it is the policy of the Corporation and of its Board that:

(a) Any material facts as to such financial interest shall be disclosed by such interested Trustee or officer to the members of the Board or committee.

(b) The Trustee or officer having such financial interest in any matter shall not vote or use any personal influence with regard to the matter (except that he or she may state a position on the matter and respond to questions about it); however, such interested Trustee or officer may be counted in determining the quorum for the meeting at which the matter is voted upon.  The minutes of the meeting shall reflect that the disclosure was made and that such Trustee or officer abstained from voting.  At the Board’s discretion, the interested Trustee(s) or officer(s) shall leave the room during discussion and voting on the matter(s) subject to the conflict of interest.

Changes and Updates to this Privacy Policy

This Privacy Policy is effective as of the date of the Last Update stated at the bottom of the policy.  We may change this Privacy Policy from time to time without notice to you. By visiting the Digital Properties, using our Services, or otherwise interacting with us in person or electronically after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes.  Please be aware that, to the extent permitted by applicable law, and without prejudice to the foregoing, our use of your personal information is governed by the Privacy Policy then currently in effect.  Please refer back to this Privacy Policy on a regular basis.

Contact Us

Should you have any questions/comments regarding our Privacy or Conflicts of Interest Policies, please contact us at +1 856-589-6606 or privacy@histio.org.

Effective Date: June 1, 2022

* For more information on Google Analytics tracking, please see their link here, with the option to opt-out here.