Effective October 29, 2018
What personally identifiable information of yours is collected through the Site; Conduct of Research; Health Insurance Portability and Accountability Act Who collects such information; The Information We Collect and Use; How such information is used; With whom your information may be shared; What choices you have regarding collection, use and distribution of your information; What kind of security procedures are in place to protect the loss, misuse or alteration of information under our control.
Conduct of Research
The clinical data to be recorded may include demographics and personal and family history of cancer, history of cancer and risk factors. Clinical information may be obtained from other institutions and doctors’ offices for data filing additional clinical data and clinical follow-up information may be requested from the participating physician’s office as needed.
Good clinical practice (GCP) is an international ethical and scientific quality standard for designing, conducting, recording, and reporting trials that involve the participation of human subjects. Compliance with this standard provides public assurance that the rights, safety, and well-being of trial subjects are protected, consistent with the principles that have their origin in the Declaration of Helsinki, and that the clinical trial data are credible. The Investigator and institution will conduct the data collection in compliance with GCP and HIPAA, with the applicable regulatory requirements, and with the protocol agreed to by the sponsor and given approval by an institutional review board (IRB).
All clinical research is conducted after approval by the IRB that has been designated by the institution to review, approve the initiation of and conduct periodic reviews of biomedical research involving human subjects. The primary purpose of such review is to assure the protection of the rights and welfare of human subjects. The IRB will provide written documentation that the registry design has been reviewed and may be conducted at the institution within the constraints set forth by the IRB and by other institutional and Federal requirements.
Health Insurance Portability and Accountability Act
The MCRC and the institutions where the clinical will be conducted are considered covered entities responsible for keeping confidential Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Individually identifiable health information that is collected and used solely for research is not PHI. The collaborating Investigators agree research related monitoring, audits, IRB review and regulatory inspections by governmental agencies by providing direct access to source data and documents for up to five years post enrollment. The Investigators will permit registry related monitoring, audits, IRB review and regulatory inspection by governmental agencies as requested by the sponsor or by regulatory or governmental agencies. The Investigators and the institution complies with all of the procedures that are necessary for data recording and reporting and will retain the essential research documents. If personal data collected on the sites is protected health information,
MCRC’s use and disclosure of that information is governed by MCRC’s Notice of Privacy Practices. If you have any questions about MCRC’s Notice of Privacy Practices, please contact us at firstname.lastname@example.org.
The Information We Collect and Use
When we use the term “Personal Data” we mean information that we directly associate with a specific person, or that we can reasonably use to identify a specific person such as a name or email address. We collect and use information through your use of the Sites in the following ways.
All Website Visitors
- If you communicate with us through the Sites, we collect the content of the communications and the metadata associated with those communications. We use this information to respond to your inquiries and facilitate communication.
- If you sign up for newsletters, we collect your contact information and communication preferences, which we use to manage how we communicate with you.
- If you use the “email this page” function on our Sites, we collect your contact information and the recipient’s contact information, which we use to facilitate your request.
- If you submit identifiable comments or other content on the Sites, we collect whatever information you supply and use this information to communicate with you if requested and to otherwise fulfill the purpose of the content submission. Please be aware that any stories, comments or other information that you submit on a public forum will be publicly accessible and managed in accordance with the MCRC social media comment policy. If you connect your Facebook or Twitter account to log into any of these Sites, we collect your account information for those services, which we use to authenticate your access to these Sites.
- If you register for any MCRC event, such as a continuing medical or nursing education course, elective program, training, lecture, seminar, workshop or open house event, we collect your contact and demographic information, including education information and medical or other professional credentials, which we use to register you in the program and facilitate and administer the event. We also may use this information to contact you about your experience and to inform you about future events that may be of interest to you.
- If you make purchases through our Sites, we collect payment information and related shipping and contact information, which we use to complete your transaction and deliver products to you.
- If you create a pressroom account, we collect your contact information, username and password, employment information and areas of interest, which we use to facilitate press coverage opportunities and communicate with you.
- If you send us a message that contains information about your or a loved one’s health status, our response to you will be sent through an email system with added security controls. The initial email we send you in response will have “MCRCSECURE” in the subject line. To retrieve the full message, you will need to click on the link in that initial email and follow the instructions.
Donors and Fundraisers
- If you make a donation through the Sites, we collect your contact information, billing and payment information, and donation frequency and preferences. If you make the donation in someone else’s honor or memory, we will collect that individual’s name, contact information and in some circumstances, a message to the honoree. We use this information to complete your donation, notify honorees of your gift and to communicate our thanks to you. Please be aware that information about your donations may become publicly accessible unless you request to make the donation anonymously.
- If you register for one of our fundraiser events, we collect your and your team’s contact and demographic information, username, password, the name of any honoree, fundraising goals, and any other information that you choose to submit, which we use to facilitate your participation in the fundraiser event.
- If you create a personalized fundraising page, such as a Giving Page, or a Community Event, we collect your contact information, username, password, the name of any honoree, fundraising goals, and any other information that you choose to submit. We use this information to establish and administer your page and to communicate with you with updates and event or donation announcements. Please be aware that any fundraising page you create will become publicly accessible. Potential Patients or Research Participants
- If you request an appointment through the Sites, we collect information including your contact details, diagnosis history, family history and insurance information, which we use to facilitate your appointment request and send you appointment reminders. Please note that appointment data is protected health information, which is also governed by MCRC’s Notice of Privacy Practices.
- If you provide information through the Sites related to your potential participation in research studies, we collect information that may include your contact details, diagnosis history, family history, and any other information that you choose to submit, which we use to determine your potential eligibility for research studies and to contact you for further information, as appropriate. Please note that any protected health information we collect for this purpose is also governed by MCRC’s Notice of Privacy Practices. Job or Program Applicants
- If you submit an application for a job, fellowship, postdoctoral position, observership or other MCRC program using the Sites, we collect your contact and demographic information, education, work and research history, employment needs and interests, health history, and any other information relevant to your application. We use this information to evaluate your eligibility and candidacy, communicate with you during, before and after the relevant application process or program, and to facilitate your application, employment, or participation in the program. Information We Collect Automatically
Information We Collect Automatically and Applicable Technology
We collect personally identifiable information in order to supply you with the products or services you request, process payment, perform internal analytics, communicate with you and comply with any legal requirements. The term “personally identifiable information” means information that you voluntarily provide to us and which personally identifies you, such as your name, phone number, physical address, and any other data or information that would allow someone to personally identify you.
To make a purchase, we require you to supply us with personally identifiable information. If you supply us with personally identifiable information, you may later access, update, and modify any inaccuracies. Please note, we generally keep a copy of the previous personally identifiable information for our records. If you would like to review or change your personally identifiable information, you may do so at any time by contacting us at email@example.com. You may also choose not to provide personally identifiable information; however, you will not be able to purchase products. You may also provide us with information you authorize us to make public, such as a screen name, short biography, your location, your website, or a picture. Providing this additional information is entirely optional. In some areas of the Site, you may have the ability to post or publish personally identifiable information. You should take care and consider the possible consequences of posting or publishing personally identifiable information.
We use “cookie” technology to collect additional website usage data and to improve the Site. A cookie is a small data file that is transferred to your computer’s hard disk. We may use both session cookies and persistent cookies to better understand how you interact with our Site, to monitor usage and Web traffic, and to customize and improve the Site. Most Internet browsers automatically accept cookies. You can instruct your browser, by changing its settings, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. It is possible some of the Site’s features may not function properly if you disable cookies. We also collect certain non-personally identifiable information when you visit the Site such as the type of browser you are using, the type of operating system you are using, and the domain name of your Internet service provider.
The Site is not directed to children under the age of 13, and we do not knowingly collect any information from such persons. If you become aware that your child has provided us with personal information without your consent, please contact us at firstname.lastname@example.org.
How Your Information is Used
Our third-party service providers include:
- Third-Party Service Providers. We may engage vendors who perform services on our behalf, including helping us manage the Sites, manage our communication and donation channels and conduct analysis of your use of the Sites.
- IT service and support providers, including those providers involved in hosting and monitoring the Sites; Analytics providers;
- Marketing and advertising providers, including those providers involved in our newsletter emails and digital advertising campaigns;
- Payment and e-commerce providers, including those providers facilitating the fundraising, donation, and event pages;
- Recruitment and applicant support providers, including those providers involved in the management of our hiring and student management platforms;
- Providers of tools, widgets or buttons on the Sites, including those providers facilitating blog comments, sharing tools, forums and questionnaires; and
- Learning management platform providers, including those providers involved in the provision of virtual education and continuing learning programming.
- Donor Information. MCRC may share its donor names and postal mailing addresses with other non-profit organizations. You may use our online form to opt-out of sharing your donor information with third parties and request that MCRC not contact you in the future.
- Legal Process, Safety and Terms Enforcement. We may disclose your Personal Data to legal or government regulatory authorities in response to a search warrant, subpoena, court order or other request for such information or to assist in investigations. We may also disclose your Personal Data to third parties in connection with claims, disputes or litigation, when otherwise required by law, if we determine such disclosure is necessary to protect the health and safety of us or our users or to enforce our legal rights or contractual commitments that users have made.
- Business Transfers. Personal Data may be disclosed as a part of a corporate business transaction, such as a merger, acquisition, reorganization, joint venture or financing or sale of our assets, and could be sold or transferred to a third party as part of such a transaction. Personal Data also may be disclosed to a successor hospital, provider or other legal entity in the event of insolvency, bankruptcy or receivership.
You may choose not to use the portions or features of the site that collect personally identifiable information. You may take technological steps to limit the non-personally identifiable information we collect. You may take legal action to prevent our disclosure of your information in response to a third party request, court order, or subpoena.
Children and Teens
We are committed to protecting privacy of young people using our Sites. We do not knowingly collect Personal Data on the Sites from children under age 13. We believe children should get their parents’ or guardians’ consent before giving out any Personal Data. If you become aware that we have collected Personal Data from a child without parental consent, please notify us promptly. If we become aware that a child under age 13 has provided us with Personal Data without parental consent, we will take steps to remove it.
If you are a California resident under age 18 and are a registered user of the Sites, then you may request that we remove any submissions you publicly posted on the Sites. To request removal of a submission, please send a detailed description of the specific submission to email@example.com. We reserve the right to request that you provide information to enable us to confirm that you created and posted the submission you want removed. We will make a good faith effort to delete or remove your submission from public view as soon as reasonably practicable. But the submission may remain on backup media, cached or otherwise retained by us for administrative or legal purposes. Your submission also may remain publicly available if you or someone else has forwarded or re-posted your submission on another website or service prior to its deletion. And the law also may require that we not remove or allow removal of your submission.
Links to Other Websites or Mobile Applications
Notice to Individuals Located in the EU/EEA
Please be aware that if you use the Sites to transfer your Personal Data to MCRC in order to seek care at an MCRC facility or a second opinion at MCRC, you will be provided a copy of our EU Patient Notice and our Notice of Privacy Practices, which will govern our use of protected health information. The EU Website Notice will not apply to MCRC’s use of such information.
If our processing is based solely on consent, you have the right to withdraw your consent. You may withdraw your consent by contacting us as set forth in the “Contact Us” section below. Please note that, in certain cases, we may continue to process your Personal Data after you have withdrawn consent, if we have a legal basis to do so. For example, we may retain certain information if we need to do so to comply with an independent legal obligation, or if it is necessary to do so to pursue our legitimate interest in keeping the Sites safe and secure, or if deleting the information would undermine the integrity of a research study in which you are enrolled.
If your Personal Data is processed for EEA Processing Activities, you have the right to (1) see Personal Data that MCRC holds about you and receive any details required to be provided to you under applicable law, (2) correct or update your Personal Data, if inaccurate, (3) limit collection and use of your Personal Data under certain circumstances (for example, if you think it is inaccurate), (4) receive your Personal Data in an electronic format as required by law, except Personal Data that has been used for public interest purposes or for MCRC’s required legal obligations, (5) request deletion of your Personal Data, subject to MCRC’s need to keep such data to comply with legal requirements, for purposes of public health or to preserve the integrity of a research study, or to allow itself to defend itself from legal claims, and (6) file a complaint with a data protection authority (see http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm). If you have questions about the processing of your Personal Data or rights associated with your Personal Data, see the section “Contact Us” below.