National Organization for Rare Disorders, Inc. (NORD®)
II. What Information Does the Company Collect?
The Company occasionally collects Personal Information from Users. “Personal Information” means information that can be used to identify an individual, such as name, postal address, email address, telephone number, user account, health conditions or diagnosis, health treatment data, health observational data, any communications that you choose to have with the Company, or any other information the Company collects that is defined as Personal Information under an applicable law.
The Company also collects information that is about you but individually does not identify you, such as the frequency of User visits to the Platform and demographic and geographic data.
You have choices about the information we collect. When you are asked to provide Personal Information, you may decline. However, if you choose not to provide information that is necessary, you may not be able to use some of our features on the Platform.
The Company collects information in the following ways:
The Company collects information directly provided by Users as part of using various aspects of the Platform. These instances include:
Information Provided Directly
The Platform is intended to collect patient-reported health data, both when a User begins to use the Platform and also over time. Patient-reported health data is collected to accelerate research and ultimately find treatments and cures to rare disorders. Patients submission, use, and sharing of information (including Personal Information), along with a patient’s rights related to their data, are governed by a separate, detailed informed consent document (the “Consent”). In the event of any conflict between the Consent and this Policy as to patient Personal Information, the Consent controls.
For other Users, the Platform will collect information necessary to verify the User’s identity and permission to utilize the Platform, including contact information such as name, email address, IP address, username, and password. The Company also collects information you provide by filling in forms on the Platform, including information provided at the times of creating an account, registering on our Platform, and publicly posting on the Platform.
Information Related to Contact Inquiries
If you make an inquiry through the “Contact Us” feature of the Platform, we collect your first and last name, email address, and information provided directly in the body of your inquiry.
The Platform automatically collects some basic technical information about Users. We use software to keep track of traffic to the Platform and acquire such information as the location from which the traffic originates and which particular pages on the Platform are being viewed and for how long.
The Platform may access, collect, monitor, store on your device, and/or remotely store one or more device identifiers, which are small data files which uniquely identify it.
Metadata is technical information associated with Personal Information, such as how or when Personal Information was collected.
III. Use of Information
The Company may collaborate with the Sponsor of the Registry (Study(s)) that you are participating in to conduct IRB-approved research using your Personal Information. Additionally, they may need to access Personal Information to operate and improve the Platform and its other related products, to deliver the Platform, and to improve the Platform. These uses may include making the Platform easier to use by eliminating the need for you to enter the same information repeatedly; performing research and analysis aimed at improving the Platform; establishing registries for rare disorders; conducting observational natural history studies; changing the stigma around rare disorders; automatically updating the Platform; diagnosing or fixing problems with the Platform; and potentially displaying content and advertising customized to your interests and preferences.
The Company also uses information from Users to communicate with Users. The Company may send certain mandatory service communications, such as welcome letters, information on technical service issues, and security announcements.
The Company will use personal information when it has a lawful basis to do so, as follows:
The Company does not use Users’ Personal Information for building User profiles for commercial purposes not related to the provision of the Platform. The Company may use Anonymous Info (as defined below) as described in this Policy.
IV. Sharing of Information
The Company will not share your Personal Information except as provided for by this Policy. The Company may share information as provided by this Policy.
A. Patient Advocacy Groups and Research Organizations Researchers
Specific rare disease registries are sponsored by disease-specific patient advocacy groups, and data collected in a registry is – consistent with permission obtained from patients – retained in order to facilitate future research. For a patient, information sharing activities related to research are governed by the study’s Consent. As mentioned earlier, in the event of any conflict between this Policy and the Consent, the Consent controls.
The Company may share Personal Information collected by the Platform with businesses that are legally part of the same group as the Company, or that become part of that group (“Affiliates”).
C. Third Party Service Providers
The Company may occasionally hire service providers to provide limited services on its behalf, such as providing customer support, hosting websites, processing transactions, or performing statistical analysis of its services. Those companies will be permitted to obtain only the Personal Information they need to deliver the service. They will be required to maintain the confidentiality of the information and will be prohibited from using it for any other purpose.
D. Disclosures Pursuant to Law
The Company may disclose your Personal Information or any information submitted via the Platform if the Company has a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce any applicable terms of service, including investigations of potential violations thereof; (iii) detect, prevent, or otherwise address fraud or security issues; or (iv) protect against harm to the rights, property or safety of the Company, our Users, yourself or the public. The Company may be required to disclose your Personal Information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
E. Anonymous Information
The Company may use Anonymous Information (as defined below) or disclose it to third party service providers, to provide and improve the Platform. The Company may also disclose Anonymous Information to third parties for a fee. “Anonymous Information” means information which does not enable identification of an individual User, such as aggregated information about use of the Platform. The details, if relevant, will be outlined in your informed consent.
It is the Company’s policy to retain Personal Information regarding Users only for the time period necessary to deliver services requested by the User or to complete transactions initiated by the User unless a longer retention period is required or permitted by law.
VI. Your Choices Regarding Personal Information
Depending on your residence, the rights available to you may differ in some respects. We will respond to any rights request in accordance with local legal regulations. If you wish to make a request regarding any of the below rights, please contact us through the methods provided at the end of the Policy.
Right of access
You may have the right to get confirmation about whether or not your Personal Information is being processed. If so, you have the right to access the Personal Information and other information, such as the purposes, the categories of Personal Information, the recipients (or categories of recipients) to whom the Personal Information have been or will be disclosed – such as our list of service providers who may receive your Personal Information, for particular recipients in third countries or international organizations, where possible, the predicted period that the Personal Information will be stored, or, if not possible, the criteria used to determine that period, your rights, etc.
Where feasible and permitted by law, we will provide a copy of the Personal Information we are processing. For any further copies, we may charge a reasonable fee based on administrative costs. If you make the request by electronic means, and unless otherwise requested, the information shall be provided in electronic form.
Right to rectification
You may have the right to rectify or complete your Personal Information if inaccurate or incomplete.
Right to erasure (‘right to be forgotten’)
You may have the right to the erasure of your Personal Information in certain circumstances. For examples, see below:
This right shall not apply to the extent that processing is necessary for the below purposes.
Right to restriction of processing
You may have the right to restrict the processing for the below reasons:
Right to data portability
You may have the right to receive the Personal Information that you have given us, in a structured, commonly used and machine-readable format. You have the right to send that Personal Information to another controller, if the processing is based on consent pursuant or on a contract and is carried out by automated means.
Right to object
You may have the right to object, on grounds relating to your particular situation, to processing of your Personal Information which is based on our legitimate purposes. We will stop processing the Personal Information unless we have compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. If Personal Information is processed for direct marketing purposes, including profiling, you may object at any time.
Automated individual decision-making, including profiling
You may have the right not to be subject to a decision based solely on automated processing, including profiling, except under certain exceptions under local law.
Right to withdraw consent
Where the processing of Personal Information is based on your consent, you may have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.
Right to anonymity
You may also have a right to request anonymity. This means that your Personal Information would not be collected or processed. If you choose to exercise this right, we may not be able to provide you with your requested goods or services.
Right to lodge a complaint with a supervisory authority
VII. Other Information
A. Business Transitions
In the event of a direct or indirect reorganization process including, but not limited to, mergers, acquisitions, divestitures, bankruptcies, and sales of all or a part of the Company’s assets, the Company reserves the right to transfer or assign Personal Information in connection therewith. If transferred in such a case, the purchaser will abide by the terms and conditions of this Policy.
B. Security, Confidentiality and Integrity of Personal Information
The security of your Personal Information is important to us. The Company follows generally accepted industry standards, including the use of appropriate administrative, physical and technical safeguards, to protect Personal Information. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while the Company strives to use commercially reasonable means to protect Personal Information, the Company cannot guarantee its absolute security or confidentiality. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you understand that any information that you transfer to us is done at your own risk. If we learn of a security systems breach we may attempt to notify you electronically so that you can take appropriate protective steps. By using the Platform or providing Personal Information to us, you agree that we can communicate with you electronically regarding security, privacy and administrative issues relating to your use of the Platform. We may post a notice via our Platform if a security breach occurs. We may also send an email to you at the email address you have provided to us in these circumstances. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.
Please be aware that certain Personal Information and other information provided by you in connection with your use of the Platform may be stored on your device (even if that information is not collected by the Company). You are solely responsible for maintaining the security of your device from unauthorized access.
C. International Users
We may limit the Platform’s availability, in whole or in part, to any person, geographic area or jurisdiction we choose, at any time and in our sole discretion.
If you are visiting the Platform from a location outside of the United States or Canada, your connection may be through and to servers located in the United States or Canada. This means that, if you choose to use the Platform and/or to communicate with us through the Platform, information about you – including Personal Information – will be transmitted to the United States or Canada. You acknowledge you understand that by providing your Personal Information to the Company, your Personal Information (i) will be used for the uses identified above in accordance with this Policy, and (ii) may be transferred to the United States or Canada as indicated above, in accordance with applicable law. For example, where Personal Information is transferred from the European Economic Area to areas which have not been determined to have an adequate level of protection, we take measures designed to transfer the information in accordance with lawful requirements, such as standard contractual clauses.
D. Other Websites
E. Children’s Privacy
The Platform is neither directed to nor structured to attract Users who are not legal adults. If you are under legal age, you are not permitted to use the Platform. The Company does not knowingly collect Personal Information from Users who are under legal age. The Company may collect Personal Information about Users who are under legal age if entered by a parent or legal guardian of legal age or by the individual under legal age with their parent or legal guardian’s awareness and permission. If you are a parent with concerns about children’s privacy issues in conjunction with the use of the Platform, please contact the Company at [email protected]
F. Do Not Track
Pursuant to the California Online Privacy Protection Act, the Company discloses how it responds to “Do Not Track” signals; and whether third parties collect Personal Information about Users when they use the Platform.
The Company does not authorize the collection of Personal Information from our Users for third party use through advertising technologies.
G. Public Posting Areas-Forums, Podcasts, and Other Public Posting Areas
Please note that any information you include in a message you post to any public posting area is available to anyone with internet access. If you don’t want people to know your e-mail address, for example, don’t include it in any message you post publicly. PLEASE BE EXTREMELY CAREFUL WHEN DISCLOSING ANY INFORMATION IN PUBLIC POSTING AREAS. WE ARE NOT RESPONSIBLE FOR THE USE BY OTHERS OF THE INFORMATION THAT YOU DISCLOSE IN PUBLIC POSTING AREAS.
H. Consent and Modification
By using the Platform, you consent to the terms of the Policy and to our processing of Personal Information in the manner and for the purposes set forth in the Policy. If you do not agree with the Policy, please do not use the Platform.
The Company reserves the right, at its sole discretion, to change the Policy at any time, which change will be effective 10 days following posting of the revision to the Policy on the Platform. Your continued use of the Platform 10 days following such posting means you accept those changes.
If the Company makes any change in how we use your Personal Information, the Company will notify you by revising the “Effective Data” at the bottom of this Policy. If we make material changes to our Policy, we will notify you by using the contact information you have on file with us, such as e-mail (at the e-mail address specified in your account), or by means of a notice on the Platform prior to the change becoming effective.
I. Contact Information
If you have questions about this Policy, please contact [email protected]
J. Effective Date
The effective date of this Policy is January 24, 2023.