Commitment to Privacy
Since our establishment in 1986, the Histiocytosis Association has been dedicated to preserving the confidentiality of the personal information of our donors and members. To demonstrate the importance of your privacy, the Histiocytosis Association has established this policy outlining our usage of any personal information collected by our organization.
Types of Information We Collect
In the course of operating the Digital Properties and providing the Services, we may collect and/or receive the following types of information.
Contact Information: We may collect contact information via account registration, online information forms, order forms, submission forms, donation forms, event registration forms, over the phone, and/or by email. In most instances, the account information will include name, address, phone number, and/or email address.
Medical Information: We may collect information such as name, date of birth, diagnosis, and date of diagnosis directly from patients or indirectly from their caregivers. The Association is not a regulated party under the Health Insurance Portability and Accountability Act (“HIPAA”), and therefore does not comply with HIPAA.
Employment Information: We may request that physicians or other medical personnel provide information regarding their employers.
Donors: Donors may be required to provide payment information (e.g., credit card data), which will be collected and processed using a third-party merchant and payment gateway engaged by us.
Server Log Information. Our servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of such access, including the device’s IP address, user agent string (e.g., operating system and browser type/version), and the pages and links you’ve clicked on while on our Digital Properties, and details regarding your activity on the Digital Properties, such as time spent on the Website and/or App, and other performance and usage data. We may use these log files for purposes such as assisting in monitoring and troubleshooting errors and incidents, analyzing traffic, or optimizing the user experience.
Search Information. We collect the terms, keywords or items you search for when using the Digital Properties.
Information from Cookies and Similar Technologies. We may collect information using “cookies” and other similar technologies on our Digital Properties. Cookies are small packets of data that a website stores on your computer’s hard drive, your mobile device, or other storage medium so that your computer will “remember” information about your use. We use both first and third party session cookies (which expire when closing a visit to our Digital Properties), and persistent cookies (which remain on your device for an extended time or until you remove them). Information collected by cookies depends on its particular purpose such as conducting analytics or enabling certain functionalities. If you do not want cookies placed on your device, you may be able to turn that feature off on your device. Please consult your browser or device documentation for information on how to do this and how to delete persistent cookies. However, if you decide not to accept cookies from us, certain aspects of the Digital Properties and the Services may not function properly or as intended.
How We Use Your Information
We may use the information collected from and about you, including Personal Information, for the following purposes:
- Manage, operate, enhance and support the Digital Properties, the Services, and our everyday operations;
- Analyze use of the Digital Properties and the Services;
- Communicate with you about our Services and opportunities to support the Association via donations, volunteering, and other activities;
- Contact you about clinical trials, research studies, and educational programs on histiocytic disorders, potential treatments, and other programs that you, someone you care for, or your patient may be interested in pursuing;
- Prevent, detect and investigate any activities that are potentially prohibited, malicious, fraudulent, unlawful or contrary to good practice on our Digital Properties or through the Services;
- Associate or combine your personal information with other information we have such as information collected via cookies and other technologies to improve your experience on our Digital Properties ad provide content of interest to you;
- Anonymize, aggregate and/or de-identify personal information (“Aggregated Data”), then use and/or disclose such Aggregated Data for any lawful purpose including our or third parties’ analytics, marketing, advertising, and data enrichment activities; and
- Carry out other purposes described to you when collecting your personal information to which you consent, or as otherwise permissible under applicable law.
When and Why We Share Information
Service Providers. We may share your information with certain third parties engaged to provide business related services, but only to the extent needed to enable them to provide such services. The types of companies that may receive personal information, and their functions, consist of the following: data storage and hosting services; technical assistance; database management; use analytics; payment processors; email services; customer service organizations.
Affiliated Companies. We may also disclose personal information to our parent companies, subsidiaries, affiliates, joint ventures, or other companies under common control in order to support the Digital Properties, the Services and associated activities and services.
Trials and Research Studies. We may disclose your contact information to sponsors, clinical research organizations, educational institutions, volunteers, service providers, or other entities engaged in conducting or supporting clinical trials, research studies, educational programs and similar activities regarding histiocytic disorders; however, in each case limiting their use of your information to contacting you regarding possible participation or other involvement by you, someone you care for, or your patient in such trials, studies, programs or similar activities.
Merger, Sale, or Other Asset Transfers. In the event of a merger, dissolution, reorganization or similar restructuring event, or the sale of all or substantially all of our assets, we expect that information we have collected including personal information will be transferred to the surviving entity in a merger or the acquiring entity.
Digital Properties Disclosure. Physicians who have provided their information for the Physicians directory have consented to have their contact information (as provided by them directly) listed on our Digital Properties for viewing by anyone who registers for an account on our Digital Properties. Physicians may request updates to their posted information by contacting us at: [insert email].
Awareness Campaigns. Your contact information may be used and disclosed to third parties to spread awareness, to conduct fundraising appeals, and to provide updates on the developments made in the search for a cure for histiocytic disorders.
As Required by Law and Similar Disclosures. We may also disclose personal information to defend ourselves in litigation or a regulatory action; when required or advised to do so by law, such as in response to a subpoena, or similar legal process, including to law enforcement agencies, regulators, and courts in the United States and other countries where we may operate; to enforce our rights or protect our property; to protect the rights, property or safety of others, investigate fraud, respond to a government request; or as needed to support auditing, compliance, and corporate governance functions.
Aggregated Data. We may also disclose Aggregated Data to third parties for lawful purposes.
Online security and privacy are of the utmost importance to the Histiocytosis Association. Therefore, we work with our online system service provider, Blackbaud®, to ensure that our online data collection process is safe and secure. To prevent unauthorized access, maintain data accuracy and ensure the correct use of information, we have put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information we collect online.
When you create an online account through our website, your information is processed by our website and its forms, which are hosted by Blackbaud, and linked to our database, also hosted by Blackbaud. In addition to direct information collected, we employ the use of third party services, such as Google Analytics* and Google Signals to track website usage and visits. This information may include location, device type, page visitation information, and any demographic information you have made available to tracking services.
This includes the use of Blackbaud Merchant Services to process your payment information for any donations made at www.histio.org. Purchases of eStore items are processed through BigCommerce and BrainTree Payments, a division of PayPal.
You may opt out of the use of your personal information for direct marketing purposes by emailing your instructions to email@example.com, or by clicking the "unsubscribe" link located on the bottom of any Histiocytosis Association marketing email and following the instructions found on the page to which the link takes you. Please allow us a reasonable time to process your request. You are not permitted to unsubscribe from Service-related emails and communications.
Security of Personal Information
We use reasonable physical, managerial, and technical safeguards designed to protect your personal information from loss, misuse, unauthorized access or disclosure, and destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee, ensure or warrant the security of our databases or the databases of third parties with whom we may share your information (as permitted herein), or of any information provided to us, or processed on the Digital Properties or through the Services.
California Privacy Rights
Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to obtain certain information about the types of personal information that companies with whom they have an established business relationship (and that are not otherwise exempt) have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. If you wish to submit a request pursuant to Section 1798.83, please contact the Association via email at firstname.lastname@example.org.
Do Not Track
The Association does not respond to “Do Not Track” settings or other related mechanisms at this time.
Nevada Privacy Rights
We do not sell consumers’ covered information for monetary consideration (as defined in Chapter 603A of the Nevada Revised Statutes). However, if you are a Nevada resident, you have the right to submit a request directing us not to sell your personal information. To submit such a request, please contact us at email@example.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account.
Our Commitment to Children's Privacy
Our servers are located in the US and elsewhere. Please be aware that your information may be transferred to, processed, maintained, and used on computers, servers, and systems located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in the country where you are located. If you are located outside the United States and choose to use the Digital Properties or Services, you do so at your own risk.
External Websites and Apps
Conflicts of Interest Policy
It is recognized that occasions may arise when a member of the Board or an officer of the Corporation has a financial interest or has a familial relationship with a person who has a financial interest in a contract or transaction involving the Corporation or a committee thereof. In such cases it is the policy of the Corporation and of its Board that:
(a) Any material facts as to such financial interest shall be disclosed by such interested Trustee or officer to the members of the Board or committee.
(b) The Trustee or officer having such financial interest in any matter shall not vote or use any personal influence with regard to the matter (except that he or she may state a position on the matter and respond to questions about it); however, such interested Trustee or officer may be counted in determining the quorum for the meeting at which the matter is voted upon. The minutes of the meeting shall reflect that the disclosure was made and that such Trustee or officer abstained from voting. At the Board’s discretion, the interested Trustee(s) or officer(s) shall leave the room during discussion and voting on the matter(s) subject to the conflict of interest.
Should you have any questions/comments regarding our Privacy or Conflicts of Interest Policies, please contact us at +1 856-589-6606 or firstname.lastname@example.org.
Effective Date: June 1, 2022