1. Your Consent
2. Scope of Policy
3. The Information We Collect, and Our Uses of This Information
We will not share personally identifiable information you provide via the Website with any third party, other than as expressly disclosed in this policy. By "personally identifiable information" we mean information that identifies you, such as your name, mailing address, or email address. We collect information from you at different points on our Website, and use this information as follows:
3.11 In the event you wish to contact us to review your personal information that may have been collected and/or correct any information, please call 1-800-9-MARROW or complete our contact page.
3.2 Processing Requests and Transactions. When you make a request of us via our Website, we will use any personally identifiable information that you provide in connection with that request for the purposes of processing that request. For example, Financial Supporters are able to send e-greetings via our Site. When you request an e-greeting, we use personally identifiable information you provide in connection with that request solely for purposes of transmitting the e-greeting. In each instance where you make a request under our Website, we use the information you provide to us solely for the purpose of fulfilling your request.
3.3 Information concerning Third Parties. If you are a prospective Donor, during our registration process we may ask for certain personally identifiable information concerning one or more of your relatives or close acquaintances (your "Additional Contacts"). We use this information in order to have further contact information for you on file, and in order to assist us in evaluating your eligibility for our Donor programs. We may verify certain information with your Additional Contacts, and discuss with them your interest in our Donor programs. By giving us contact information for these individuals, you are assuring us that they are willing to participate in this process, and that you are willing to allow them to participate.
3.4 Informational Notices and Bulletins. Periodically, we may choose to send news, bulletins, educational materials, marketing materials, or other information to you, and will use personally identifiable information to send such communications. If we choose to undertake such communications, you will have the ability to opt out of receiving these communications as provided in Section 5.
3.5 Information Exchanges with Other Users. The Website may allow users (i) to provide and receive a range of information on topics related to transplants and other matters, and (ii) to engage in other activity that may include, at the option of the user, an exchange of personally identifiable information. In these instances, we use personally identifiable information you provide to us in connection with any such exchanges strictly for the purposes for which you submit the information. If you share personally identifiable information -- via our Website or related discussions -- with persons other than Gift of Life staff or healthcare entities involved in the donation process, you should treat the exchange as you would any other exchange with a third party, and use appropriate discretion and caution.
3.6 Anonymous, Aggregate Information. “Aggregate Information” is information that does not identify you, and may include statistical information that may range from statistical information and analyses concerning use of our Donor services, the number of successful matches coordinated through our Site or services, transplant-related information, and the pages on our Site that users visit most frequently. We use Aggregate Information to analyze the effectiveness of our services and our Site, to improve our services and our Website, and for other similar purposes. In addition, from time to time, we may undertake or commission statistical and other summary analyses of (i) the general behavior and characteristics of users participating in our services, (ii) the effect of our programs on, and the behavior of our Donors, Financial Supporters, Medical Professionals, and Site Visitors, and (iii) the general characteristics of visitors at our Site and participants in our services. We may share these analyses and Aggregate Information with third parties. Rest assured, though, that Aggregate Information provided to third parties will not allow anyone to identify you, or determine anything personal about you. We may collect Aggregate Information through features of the software that supports our services, through cookies, and through other means described below. If you do not wish your non-identified information to be included in the aggregated information, please do not use this website. You may also contact us at 1-800-9MARROW with any concerns.
3.7 IP Addresses. Gift of Life may automatically receive and record information in our server logs from your browser, including your IP address (the Internet address of your PC), your computer's name, the type and version of your web browser, referrer addresses and other generally-accepted log information. We may also record page views (hit counts) and other general statistical and tracking information, which will be aggregated with that of other users in order to understand how our Website is being used. None of this data contains personally identifiable information.
3.8 Cookies. A cookie is a small amount of data, which often includes an anonymous unique identifier, which is sent to your browser from a website's computers and stored on your computer's hard drive. Cookies can be used to provide you with a tailored user experience and to make it easier for you to use a website upon a future visit. We may include cookies on our Website and use them to recognize you when you return to our Website. You may set your browser so that it does not accept cookies. Cookies must be enabled on your web browser, however, if you wish to access certain personalized features of our Services.
3.10 Extent of Information Collected. We do not collect any more personally identifiable information than reasonably necessary to provide our services, operate the Site, and respond to your requests.
4. We Do Not Disclose Information to Unaffiliated Third Parties; Limited Exceptions
4.1 Gift of Life Site Vendors. We may employ other companies to perform functions on our behalf, such as maintaining the Website, providing services related to the Site, collecting information, responding to and sending electronic mail, or other functions necessary to our business. We may need to share your personally identifiable information with these companies (collectively, "Site Vendors"). We will provide Site Vendors with only that information necessary to perform their functions, and we will not allow them to use your personally identifiable information for any other purpose.
4.2 Imminent Harm. We may reveal your personally identifiable information to attorneys, private investigator organizations or law enforcement agencies if we believe (a) that you are in risk of harm from another, or (b) that you are harming or interfering (or will imminently harm or interfere) with others or violating (either intentionally or unintentionally) our Terms and Conditions of Use or otherwise violating legal rights.
4.3 Legal. Gift of Life will reveal your personally identifiable information, to the extent we reasonably believe we are required to do so by law. If we receive legal process calling for the disclosure of your personally identifiable information we will attempt to notify you via the email address you supplied during registration within a reasonable amount of time before we respond to the request, unless such notification is not permitted.
5. Changing or Removing Information; Opting Out
5.1 Discretionary Account Information. To allow appropriate control over personally identifiable information, you can contact us at the address provided in Section 11 to access the personally identifiable information you have provided to us via the Website or to change or update discretionary information that you have previously submitted.
5.2 Opt-Out. If we choose to send to you bulletins, updates, or other unsolicited communications that are marketing-related materials, we will provide you with the ability to decline -- or “opt-out of” – receiving such communications. Instructions for opting-out will be provided if and when we determine to send you such a communication. Please understand that you will not be allowed to "opt–out" of formal notices concerning operation of this Website, and legal and other related notices concerning your relationship to the Site.
5.3 Deleting Information. Finally, if you request, unless you have registered as a Donor, we will remove your name and all other personally identifiable information from our databases. Please understand, however, that it may be impossible to remove this information completely, due to backups and records of deletions. In addition, please understand that, if you request deletion of your information, you will be unable to utilize associated features of the Website and any associated services or information. You may not remove de-identified or Aggregate Information from our databases. Donor information is governed by the Registry Consent and may not be deleted, but may, at the Donor's request, be removed from the active registry list.
We have put in place security systems designed to prevent unauthorized access to or disclosure of information you provide to us, and we take all reasonable steps to secure and safeguard this information. We store all personally identifiable information we receive on a separate system protected by firewalls, designed to be secure and isolated from direct connection to the Internet. All data exchange with the Internet is always encrypted via SSL employing certificates with at least 2048 bit encryption. Gift of Life employees (and employees of our Site Vendors) are required to acknowledge that they understand and will abide by our policies with respect to the confidentiality of personally identifiable information. Moreover, we provide access to our databases containing personally identifiable information on a need-to-know basis only. Access to our database is password protected and employs strict industry standard password policies including but not limited to
- password complexity
- limiting password reuse
- password life span
- one-way encryption
As an accredited member of the World Marrow Donor Association, Gift of Life must comply with recognized standards for electronic record keeping. Additionally, Gift of Life complies with FDA’s Title 21 CFR Part 11 that imposes standards on electronic records and electronic signatures.
Our security systems are therefore structured to deter and prevent hackers and others from accessing information you provide to us. We also use software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Please understand, though, that we do not warrant as fail-proof the security of information provided by or submitted to Gift of Life. Due to the nature of Internet communications and evolving technologies, we cannot provide, and disclaim, assurance that the information you provide us will remain free from loss, misuse, or alteration by third parties who, despite our efforts, obtain unauthorized access.
7. Notice of Security Incident
If we detect, despite the safeguards set out above, an intrusion or other unauthorized access to or use of personally identifiable information (an "Intrusion"), we will (i) notify effected users of the Intrusion if the information at issue is sensitive, in our discretion, (ii) deliver this notice by the means we deem most efficient under the circumstances (such as, for example, first class mail or email); (iii) use contact information for each affected user that is current in our files; and (iv) use commercially reasonable efforts to accomplish these steps and effect this notice in a timely manner. To the extent applicable law requires steps in addition to those specified above, we will under all circumstances comply with applicable law.
8. Privacy Protection for Children
Our Website is not directed at children, and we will not accept or request personally identifiable information from individuals we know to be under 13. In accordance with the Children’s Online Privacy Protection Act ("COPPA"), if we learn that a child under 13 has provided personally identifiable information, we will either (i) delete this information from our databases, in accordance with our deletion policy, set out in Section 5.3, or (ii) obtain verifiable parental consent, in accordance with COPPA.
9. Notification of Changes
11. Contact Us
Attention: Operations Manager
12. Effective Date