Last updated: December 17, 2018
2. Personal Information We Collect
A. Actively Collected Information
In order to donate to Chordoma Foundation through the Site, you will be required to provide us with the following personal information about you: full name, billing address, e-mail address, telephone number, credit/debit card number, credit/debit card expiration date, credit/debit card CVV number, credit/debit card type (Visa, MasterCard, Discover, or American Express), and such other financial information necessary to process your payments. You will also be asked to indicate whether your employer will match your donation, whether your current estate plan provides for Chordoma Foundation, and your relationship to chordoma (for example, as a patient, family member of a patient, or clinician/researcher).
B. Passively Collected Information
In order to access and use certain areas or features of the Site, you consent to our collection of certain information about your use of the Site through the use of tracking technologies or by other passive means, including the use of Google Analytics or similar programs to help us collect and analyze this information. You consent to our access and use of this type of “passively collected” information, including, but not limited to, the domain name of the website that allowed you to navigate to the Site, search engines used, the internet protocol (IP) address used, the length of time spent on the Site, the pages you looked at on the Site, other websites you visited before and after visiting or accessing the Site, the type of internet browser you have, the frequency of your visits to the Site, and other relevant statistics, including the following:
- Log Information. When you access the Site, you consent to our servers automatically recording information that your browser sends whenever you visit a website. These server logs may include information such as your web request, IP address, MAC address, computer type (e.g., Windows or Macintosh), operating system version, browser type and version, browser language, the date and time of your request, and one or more cookies (small text files containing a string of characters) that may uniquely identify your browser. We use this information to calculate Site usage levels, to diagnose server problems, to administer the Site, and to improve the quality of the Site.
- Links. The Site may include links in a format that enables us to keep track of whether these links have been followed by IP addresses. You consent to our use of this information to improve the quality of the Site design.
- Cookies. When you visit or access the Site, you consent to us sending one or more cookies (small text files containing a string of characters) to your computer that uniquely identify your browser, and you consent to our use of these cookies to improve the quality of the Site by storing user preferences and tracking user trends. Cookies also help us better serve you with more tailored information and facilitate your ongoing access to and use of the Site. Most web browsers accept cookies automatically, but can be configured not to do so or to notify the user when a cookie is being sent. If you wish to disable cookies, refer to your browser help menu to learn how to disable cookies. Please note that if you disable cookies, you may not be able to use some customized features on the Site.
- Web Beacons. Web beacons (also known as “pixel tags” or “clear ‘GIFs’”) are 1×1 single-pixel graphics that allow us to count the number of users who have visited or accessed the Site and to recognize users by accessing our cookies. You consent to us employing web beacons to facilitate Site administration and navigation, to track the actions of users of the Site, to compile aggregate statistics about Site usage and response rates, and to provide an enhanced online experience for visitors to the Site, and including web beacons in HTML-formatted e-mail messages that we send to determine which e-mail messages were opened.
3. How We Use Personal Information
Chordoma Foundation complies with its obligations under GDPR by: keeping personal information up to date where needed based on the purposes for which the personal information is being processed; by not collecting or retaining excessive amounts of data; by ensuring that appropriate technical measures are in place to protect personal information from loss, alteration, misuse, unauthorized access and disclosure as it is transmitted, stored, or otherwise processed, and by using appropriate measures to securely destroy personal information when it is no longer needed by Chordoma Foundation.
You consent to our use of the personal information collected through the Site by Chordoma Foundation and its affiliates for purposes of:
- Processing donations made through the Site;
- Creating a list of donors who have contributed to Chordoma Foundation;
- Responding to your questions, emails, or other inquiries or requests;
- Contacting you, whether by email or postal mail, with information about the Site or our programs, services, and fundraising efforts, or to conduct surveys or gather other information regarding the Site;
- For such purposes as you may authorize at the time you submit the information;
- Auditing, research, and analysis to maintain, protect, and improve our service offerings, to enhance the Site, to identify usage trends, or to determine the effectiveness of our fundraising campaigns and/or individual fundraising campaigns;
- Creating a profile based on the information you have provided;
- Ensuring the technical functions of our network;
- Developing new services; or
- Compiling personal information and other information collected through the Site on an aggregate basis.
4. Personal Information We Share
We do not sell, rent, trade, or otherwise share personal information collected through the Site, except as described below:
- Subsidiaries and Affiliates. We may share personal information with our subsidiaries and affiliates for the purposes for which you provided the information or as reasonably necessary for our internal administrative and business purposes.
- Service Providers. We work with third parties that provide services on our behalf. Such services may include website hosting, marketing, data analysis, infrastructure provision, IT services, customer service, email delivery services, and website usage analytics. We may share personal information with these third parties for the purpose of enabling them to provide these services.
- Google Analytics. We will use Google Analytics to gather statistics on users of the Site. We will use the information gathered to improve web services. According to Google, Google Analytics employs cookies to define user sessions, which allows for the collection of important data about how users use the Site. Google Analytics uses only first-party cookies for data analysis. This means that the cookies are linked to the Site’s website domain(s), and Google Analytics will only use that cookie data for statistical analysis related to your browsing behavior through the Site. According to Google, the data collected cannot be altered or retrieved by services from other domains. If you choose, you can opt out by turning off cookies in the preferences settings in your browser. For more information on Google Analytics, please visit Google’s web site.
- Google Maps. This Site also allows users to access Google Maps, which includes a geolocation feature. The geolocation feature may be used to track information about your location. According to Google, the first time you use the geolocation feature on Google Maps, you will be asked to confirm that you wish to share your location with Google Maps, and you can always undo your decision. For more information on Google Maps, please visit Google’s web site.
- Third Party Payment Processors. If you make donations through the Site, we may share personal information with third parties who process payments on our behalf. Chordoma Foundation is not responsible for the conduct of any third parties who process payments on our behalf, and we expressly disclaim all liability for damages of any kind arising out of the action or inaction of such third parties.
- Consent. We may share personal information in accordance with any consent you provide.
- Donor Lists. If you donate through the Site, we may include your name in our list of donors on the Site.
- Champion and Team Pages. If you create a “Champion” or “Team” page on the Site, any information you provide on the Champion or Team page will be automatically posted to the Site. This information may include your name, photographs, videos, and any other information you voluntarily provide.
- Chordoma Connections. If you choose to become a member of our online community, Chordoma Connections, any information you provide will be posted to the community. This information may include your name, location (city and country), relationship to chordoma, photographs, videos, and any other information you voluntarily provide.
- Required by Law. We may disclose personal information if we are required to do so by law or pursuant to legal process, in response to a request from government officials or law enforcement authorities, or as necessary or appropriate in connection with an investigation of illegal activity.
- Certain Transactions. We may disclose or transfer personal information to third parties who acquire all or a portion of Chordoma Foundation’s business, whether such acquisition is by way of merger, consolidation, or purchase of all or a portion of our stock or assets, or in connection with any bankruptcy or reorganization proceeding brought by or against us.
5. Aggregate Information
6. Your Choices
A. Information You Provide
You can always choose whether or not to provide information through the Site. However, if you choose not to disclose certain information, your access to certain portions of the Site may be limited.
B. Do Not Track
Our Site does not honor “do not track” signals or other mechanisms. As described in more detail below, you can configure your browser not to accept cookies or to notify you when a cookie is being sent.
C. Champion and Team Pages
The Site provides users the opportunity to upload information through “Champion” and “Team” pages. You acknowledge and agree that any information that you choose to upload through a Champion or Team page will become public information. This information may include your name, photographs, videos, and any other information you voluntarily provide. You are solely responsible for the content of any such information you choose to upload to the Site, and you can always choose whether or not to provide information through a Champion or Team page. All information that is uploaded through a Champion or Team page may be viewed by other users of the Site and the general public (for example, through the use of Internet search engines or other Internet applications). Because information that may be uploaded through Champion and Team pages may consist of sensitive health information, we urge you to carefully consider whether or not to upload such information, keeping in mind that once uploaded, this information may be viewed by any member of the public.
D. Chordoma Connections Profiles
The Site provides users the opportunity to create a user profile in the Chordoma Foundation online community, Chordoma Connections. You acknowledge and agree that any information that you choose to add to your profile or upload to the Chordoma Connections section of the Site will become available to other users within Chordoma Connections. This information may include your name, photographs, videos, and any other information you voluntarily provide. You are solely responsible for the content of any such information you choose to upload to Chordoma Connections, and you can always choose whether or not to provide information through your profile page and to discussion topics within Chordoma Connections. All information that is uploaded to a profile page or discussion topics may be viewed by other users of Chordoma Connections, but is not viewable by the general public. Because information that may be uploaded to a profile or discussion topics may consist of sensitive health information, we urge you to carefully consider whether or not to upload such information, keeping in mind that once uploaded, this information may be viewed by other users.
E. Communications From Us
If at any time you decide that you no longer wish to receive notices from us regarding the Site, you may indicate this preference by sending us an email at firstname.lastname@example.org or sending a letter via U.S. mail to:
Post Office Box 2127
Durham, North Carolina 27702
F. Updating Information
We encourage registered users of the Site to keep their personal information current. You may request to change personal information you have provided about you by sending us an email at email@example.com or sending a letter via U.S. mail to:
Post Office Box 2127
Durham, North Carolina 27702
G. Your Rights and Your Personal Information
If you are an EU resident, by law you may have the following rights with respect to your personal information:
- If you are within the EU, you have the right to request a copy of your personal information which the Chordoma Foundation holds about you;
- The right to request that the Chordoma Foundation correct any personal information if it is found to be inaccurate or out of date;
- The right to request your personal information is erased where it is no longer necessary for Chordoma Foundation to retain such data. You also have the right if you are within the EU to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- The right to withdraw your consent to the processing at any time of personal information to which you provided consent for processing (“Consent Withdrawal”);
- If you are within the EU, you have the right to request that Chordoma Foundation provide you with your personal information in a commonly used format and where possible, to transmit that data directly to another data controller (known as the right to data portability);
- The right, where there is a dispute in relation to the accuracy or processing of your personal information, to request a restriction is placed on further processing;
- The right to object to the processing of personal information (where applicable); and
- The right to lodge a complaint with a data supervisory authority.
If you want to exercise any of the rights described above, please contact us using the contact details below.
Typically, you will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, except in relation to Consent Withdrawal, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
H. Transfer of Data Abroad
Chordoma Foundation will transfer personal information abroad only when there has been a documented adequacy determination, or where Chordoma Foundation has confirmed adequate privacy protections. If Chordoma Foundation transfers personal information to a third party acting as an agent of Chordoma Foundation, we will also require the third party to have adequate privacy protections in place.
Chordoma Foundation may transfer personal information to and on behalf of clients and third party’s with whom Chordoma Foundation has an existing service agreement or as part of our legal obligations, each of which shall be subject to Chordoma Foundation policies, and only to the extent necessary for purposes of legitimate interests pursued by the data controller (or by a third party).
I. Automated Decision Making
Under GDPR, data subjects shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.
If the decision: (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject’s explicit consent, Chordoma Foundation shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.
If a data subject wishes to exercise the rights concerning automated individual decision-making, he or she may at any time directly contact us.
J. Further processing
7. Information Storage and Security
We employ reasonable security precautions to protect personal information about you. The Site is operated from a secure environment with integrated security measures to help protect against the loss, misuse, and alteration of personal information provided through the Site. These security measures include Secure Socket Layer (SSL) technology data transmission. However, no method of transmitting or storing data is completely secure. As a result, although we strive to protect personal information about you, we cannot guarantee the security of any information you transmit to us through or in connection with the Site. If you have reason to believe that personal information is no longer secure, please notify us immediately by contacting us in accordance with the last section below.
8. A Special Note about Children
The Site is neither designed nor intended to attract children under the age of 13, and we do not collect personal information from any individual who we actually know is under the age of 13. We ask that children under the age of 13 not submit any personal information to us.
9. External Links
10. Special Admonitions for International Use
The owner of the Site is based in the State of North Carolina in the United States. Access to the Site may not be legal by certain persons or in certain countries. If you access the Site from outside the United States, you do so on your own initiative and are responsible for compliance with local laws. If you are located outside the United States and you contact us or provide information through the Site, please be advised that any information you provide to us will be transferred to the United States, and that by submitting information, you explicitly consent to and authorize such transfer.
Post Office Box 2127
Durham, North Carolina 27702
Last Updated: December 19, 2018.