Effective date: June 2018
Your privacy is of great importance to the Cardiovascular Research Foundation, 1700 Broadway, 9th Floor, New York, United States of America ("CRF", "we" or "us") and we are committed to being responsible custodians of the information you provide us and the information we collect in the course of operating our business.
We take your personal privacy seriously. This privacy statement ("Statement") describes how we, as a data controller, may collect, use and share information, particularly in association with the operation of our website (the "Site"). This Statement applies to all personal data collected by us from individuals in the United States, European Union or from countries where similar data protection laws apply.
Because we want to demonstrate our commitment to your privacy, we share our information practices with you, including:
- What personal data is collected from users of the Sites.
- The organization collecting the personal data.
- How the collected personal data is used.
- With whom the personal data may be shared.
- What rights and choices are available to users.
- The security procedures in place to protect the loss, misuse or alteration of information under our control.
What personal data is collected from users of the Site
We collect your personal data when you provide it to us, for instance by visiting our website, contacting us or by entering into a contract with us. "Personal data" is any information that can be used to identify you or that we can link to you, for instance your name, email address and IP address. We may automatically collect certain information when you use, access, or interact with us via our websites, for instance via browser settings or cookies. We may also collect information from other sources, such as social media platforms that may share information about how you interact with our social media content, or if you interact with us via our social media accounts.
All personal data you provide to us or that we (automatically) collect is voluntarily. However, without providing certain data, for instance your email address, we may not be able to respond to your request or deliver our services.
Our websites and services are generally not directed to children under 16. We do knowingly collect personal data from anyone under 16 without parental consent. If you become aware that we have collected personal data from a child under the age of 16 without parental consent, please let us know so we can take appropriate action.
How we use the information we collect
We will only process personal data where we have a legal basis to do so. We may use the information we collect:
(a) To enter into a contract or settlement, or to take steps at your request prior to entering into a contract or settlement (such as account registration for which we require your name, e-mail address, city, state, country, zip/postal code, and clinical/non-clinical classification);
(b) To communicate with you; we send each new member a welcome email to verify username and password. Members who elect to join one or more of our electronic communication distribution lists will furthermore occasionally receive communications about features, products, services, or updates from us or in relation to the Site. It is our legitimate interest to send these communications. Members who elect to join one or more of our electronic communication distribution lists and consent to receiving third party communication, may also occasionally receive communications about features, products, services, or updates sponsored by third parties that may be of interest to users of our Site;
(c) To respond to your inquiries, to provide you with services that you request, to communicate with third parties in the handling of claims or complaints, to maintain business administration records and prevent fraud, which is our legitimate interest;
(d) To keep records and administration on how services were provided, claims and complaints were handled, including the documents underlying such services, claims and complaints, which is our legitimate interest;
(e) To understand how people use our websites and services, to operate, maintain and improve our website and services, which is our legitimate interest;
(f) To comply with legal obligations applicable to us, such as respond to legal process or requests for information issued by government authorities or other third parties.
How we may share the information we collect
We and our affiliated entities share information with each other or with third-party service providers (including consultants and attorneys) for general business purposes pursued by us, such as internal administration, billing, claim handling and services, and providing you or your organization with services.
We and our affiliated entities may share information with third-party data controllers (including law enforcement agencies and potential transaction partners, sponsors and investors) where we and our affiliated entities have a legal basis to do so.
During your attendance at an event organized by us, your badge containing personal data or information that reasonably identifies you will be scanned for administrative and legal compliance purposes (e.g., attendance, Sunshine Act reporting) and moreover, will also provide third party data controllers (i.e., our sponsors, supporters and exhibitors whose event, presentation or booth you visited or attended) with your personal data or information for such third party data controller’s independent use in compliance with their privacy statements.
If we transfer your personal data to a recipient outside of the European Union, we will only do so in compliance with the European General Data Protection Regulation. If you have questions about the international transfers of your personal data or the appropriate safeguards we have in place or wishes to obtain a copy of such safeguards, please contact us via firstname.lastname@example.org.
Third-party services and content
Protection and storage of the information we collect
We deploy administrative, technical, and physical safeguards designed to safeguard the information that we collect. However, no information system can be 100% secure. This means that we cannot guarantee the absolute security of your personal data. Moreover, we are not responsible for the security of information you transmit to us over networks that we do not control, including the Internet and wireless networks.
We retain the information we collect in an identifiable form as reasonably necessary and only for as long as required to fulfill the purposes for which we collect the information and to comply with our legal obligations.
Your choices and rights
We encourage you to contact us to update or correct your information if it changes or if you believe that any information that we have collected about you is inaccurate. If provided for under applicable law, you can also ask us to see what personal data we hold about you, to rectify or erase your personal data, or to port your personal data and you may tell us if you object to or want to restrict our use of your personal data. If you would like to discuss or exercise such rights, please notify email@example.com. You can also use this address to lodge a complaint. If you are not satisfied about the manner in which we handle your complaint. Depending on your location, you may also lodge a complaint with the competent data protection authority.
Where we process your personal data on the basis of your consent, you may withdraw your consent at any time by contacting us at the address below. Where we process your personal data on the basis of our or a third party's legitimate interest, depending on your location, you may object to such processing at any time by contacting us.
Changes to this Statement
We may update this Statement from time to time. The effective date of the current Statement is noted at the top of this page. We encourage you to periodically review this page. You will be informed separately if needed, for instance should we process your personal data for other purposes than set out in this Statement.
We collect certain information by automated means when you visit our websites. By collecting this information, we learn how to best tailor our websites to our visitors. We collect this information through various means such as “cookies,” “web beacons”, and “IP addresses” as explained below.
Like many companies, we use “cookies” and “web beacons” (also known as internet tags, pixel tags and clear GIFs) on our websites. Cookies are bits of text that are placed on your computer's hard drive when you visit certain websites. Web beacons allow us to obtain information such as the IP address of the computer that downloaded the page on which the beacon appears, the URL of the page on which the beacon appears, the time the page containing the beacon was viewed, the type of browser used to view the page, and the information in cookies set by the third-party. We use the information collected from these technologies to compile reports and help us improve the website.
For example, a cookie might tell us whether you have visited us before, the number of visitors to the website, which site a visitor has come from, the pages they visited, and to help us identify site features in which you may have the greatest interest. Cookies may enhance your online experience by saving your preferences while you are visiting a particular site. We also collect IP addresses. An IP address is a unique identifier that certain electronic devices use to identify and communicate with each other on the Internet. When you visit our websites, we may view and/or store the IP address of the device you use to connect to the Internet. We use this information to determine the general physical location of the device and understand from what regions of the world our website visitors come from. We also may use this information to enhance our Site.
Most browsers will tell you how to stop accepting new cookies, how to be notified when you receive a new cookie, and how to disable existing cookies. Please note, however, that without cookies you may not be able to take full advantage of all our website features. Some browsers offer a “Do Not Track” (“DNT”) signal whereby you may indicate your preference regarding tracking and cross-site tracking. Although we do not currently employ technology that recognizes DNT signals, we will only process your personal data in accordance with this Statement.