The Lung Cancer Registry (referred to as ‘the Registry’ or LCR) is committed to protecting the privacy of our participants. To better protect your privacy, we provide this notice explaining our information practices. To make this notice easy to locate, we make it available as a link on our home page. We define personal information to include: name(s), email address, mailing address, phone number, survey responses, registry information and non-public information included in your correspondence with us.
When you contact the Registry Coordinator at 1100 Industrial #1, San Carlos, CA 94070, or you use the contact form, your email address and other information included in your email may be forwarded to the appropriate person(s) within the Registry or our professional advisors for a response. A copy of your correspondence may be retained at the Registry home office and also by the responding individual.
The Registry has established and maintains a mailing database. The mailing list may include families of affected individuals, friends, physicians, scientists, contributors and others interested in lung cancer. The Registry will never release our mailing list or the names of our participants to any outside organization or third party unless required to do so by law or unless a participant consents. However, if an outside organization sends us information for distribution to the Registry participants, we may mail it to you after the mailing is approved.
Information determined to be confidential can only be released by written or verbal permission by the subject of the information or organization that owns the information. Verbal permission may be valid in limited circumstances. Any general release must be in writing. Information may be released if required by law, such as in response to an investigation or subpoena. The Registry web site provides links to other sites that may be of interest. The Registry is not responsible for the privacy practices or content of other such web sites.
The Registry is firmly committed to maintaining the confidentiality of your personal information in all of our activities and programs. Every reasonable effort will be made to maintain the privacy and security of all personal information in our possession. Access to personal information will be limited to the Registry staff. All individuals will be instructed in the confidentiality requirements of the organization. No identifiable information will be shared with other users without your express permission. Your participation in this research will be kept private to the extent permitted by law. However, it is possible that other people may become aware of your participation in the registry. We might have to release your private information in a few specific situations—if it is required by the any of the following:
- Food and Drug Administration (FDA) or representatives from regulatory agencies in other countries
- The Registry Institutional Review Board
- Law enforcement officials
2. Collection, Use and Disclosure and Retention of Information
a. Collection of Information. All of the information you provide to the Registry will be maintained in a secure database, and any information that could identify you will not be shared without your express written consent, unless otherwise required by law. This Policy covers all personal information that you voluntarily submit to us. This Policy does not apply to anonymized data as it cannot be used to identify you, such as aggregated data.
b. Use and Disclosure of Information. The goal of this registry to allow you to share personal information for research purposes, and to make the information you provided searchable, while protecting your identity. De-identified data (information where all personal identifiers such as name, address, social security number has been removed) gathered from this profile will be made available to registrants of the Website in the hope that analyses of a substantially larger database will support breakthroughs and clinical trials that could lead to better treatments and care management. The Registry will perform the searches for specific questions within the registry and provide de-identified reports back to you or the requesting party. We may share anonymized or aggregated information with any third parties. Such information no longer reasonably identifies you. As a participant, you can take health surveys, and upload medical records. Your information may be used to inform you about relevant research opportunities and clinical trials.
De-identified information may be disclosed to third parties and otherwise used in accordance with legal requirements.
The Registry may employ independent contractors, vendors and suppliers (“Outside Contractors”) to provide specific services and products related to the Website or to the services provided on the Website, including but not limited to, performing general statistical analysis, maintaining an email suppression list as may be required by state and/or federal law, fraud screening, testing and implementation of special services to users, and developing applications for the Website and the services provided on the Website. These Outside Contractors may have limited access to information collected on the Website, including protected health information and personally identifiable information. In the course of providing such products or services, Outside Contractors will be contractually obligated to protect the privacy and security of all protected health information and personally identifiable information.
c. Retention. We store your personal information for as long as we need it to provide you our Services, to serve the purpose(s) for which your personal information was processed, or as necessary to comply with our legal obligations, resolve disputes, or enforce our agreements to the extent permitted by law. While retention requirements can vary by country, we generally apply the retention periods noted below.
We store information used for marketing purposes indefinitely until you unsubscribe. Once you unsubscribe from marketing communications, we add your contact information to our suppression list to ensure we respect your unsubscribe request. Also, we retain any information collected via cookies, clear gifs, flash cookies, webpage counters and other technical or analytics tools up to one year from expiry of the cookie or the date of collection. If you have any questions about our retention periods, please feel free to contact us.
3. Withdrawal of Information
a. At any time, you have the right to withdraw your information from the Website registry database. At any time if you have questions about your participation or want to withdraw your participation you may do so from within your user profile under “Account Information,” by selecting “Update” and completing a webform. You may also exercise this right by contacting the Registry Coordinator at 1100 Industrial Road #1, San Carlos, CA 94070 and your profile will be removed.
4. Protection of User Information
b. Security Measures. We have partnered with experts in the field of online protection and privacy to protect your information and keep it secure. Alta Voice is an authorized contractor for the National Institute of Health (NIH) in the development of global disease registries. Their programs are designed in accordance with applicable US privacy protection provisions of HIPAA (Health Insurance Portability and Accountability Act of 1996) as well as the Federal Information Security Management Act of 2002 (FISMA). FISMA compliant hosting is much more extensive than HIPAA and requires specific documented operational controls and security procedures, which are audited by an independent IT security firm annually to ensure compliance. Employees handling data must have a background check and pass high level security testing . Your information is stored off-site in a secured environment on secure Amazon servers located in the USA. All storage and transmittal is done in encrypted form.
Any personal information that could be used to identify you or your family is labeled with a special code. The code is securely stored with a password. Only authorized staff will be able to access the code and contact you if needed. Information that has had all of the personally identifying information changed to a code is called “de-identified.”
We use reasonable technical, administrative and physical measures to protect information contained in our system against misuse, loss or alteration. Information that you provide through our Websites is encrypted using industry standard Secure Sockets Layer (SSL) technology, with the exception of information you send via email. Your information is processed and stored on controlled servers with restricted access. Unfortunately, no method of electronic transmission is 100% secure, so we cannot ensure or warrant the security of any information you transmit to our Websites, and you do so at your own risk. Please recognize that protecting your personal information is also your responsibility. You should keep your user name, password, ID numbers, or other access credentials secure as the Lung Cancer Registry cannot secure personal information that you release on your own or that you request us to release. If we receive instructions using your log-in information we will consider that you have authorized the instructions.
5. Ownership of Information
a. All of the information you provide to the Registry in connection with the Website is owned by the Registry. Your information may contribute to the development of inventions or commercial products from which others may derive economic benefit. You will have no rights to any inventions, commercial products or other such discoveries and you will receive no economic benefit.
6. Third Party Notifications/Advertising
a. The Registry reserves the right, in its discretion, to allow third parties to provide advertising or notices when you visit the Website. These companies may use information you provided on this Website (excluding your name, address, email address or telephone number) in order to provide advertisements or relevant notifications on the Website about goods and services that may be of interest to you. The Registry will require such companies to follow best practices with respect to the collection and use of non-personally identifiable information; however, the Registry assumes no responsibility for the activities of the third parties with respect to the collection and use of such information.
a. When you visit the Website, we may send one or more cookies to your computer that will uniquely identify your browser. In addition, in the course of serving advertisements to this site, our third-party advertisers may place or recognize a unique “cookie” on your browser. A cookie is a piece of data stored on the user’s hard drive containing information about the user. Cookies may be used by the Registry to enable it to track and target the interests of users to enhance their experience on the Website. Usage of a cookie is in no way linked to any personally identifiable information while on the Website. If a user rejects the cookie, he or she may still use the Site, but the functionality of the Site, including the user’s access to secured areas of the Site, may be impaired. You can enable, disable, or delete cookies via your browser settings. To do this, follow the instructions provided by your browser, usually located in the “Help,” “Tools,” or “Edit” settings of your browser.
8. Log Files; Web Beacons
a. The Registry may use log file information sent by your web browser (which may include information such as your web request, Internet Protocol (“IP”) address, browser type, browser language, referring/exit pages and URLs, platform type, and other information) to analyze trends, administer the Website, track the movement of users, and gather broad statistical information for aggregate use. IP addresses are not linked to personally identifiable information. The Registry may also employ “web beacons” (also known as clear gifs) to track online usage patterns of users. This information is not linked to personally-identifiable information. Web beacons may also be employed for tracking and receipt purposes in connection with web-based emails we send to users.
9. Website Links
10. Communications From The Registry
a. From time to time, the Registry or other related entities will notify users of updates and other valuable information about the Registry, the Website and related clinical and research information. By using the Website or registering or subscribing for services provided on or through the Website, users consent to being contacted by the Registry and related entities, and to receiving such updates and information. If a participant has consented to the Registry sharing the participant’s email address with the non-profit patient advocacy groups and associations that support the Registry, you are consenting to being contacted by these groups and associations and receiving updates and information. The Registry encourages related entities, including its business partners, to follow best practices with respect to email communications, security and privacy. However, the Registry cannot control, and assumes no responsibility for, any contact of users by related entities, including its business partners. In the case of emails coming directly from the Registry such emails will clearly be from the Registry and will include instructions on how to unsubscribe from future emails.
b. Registry membership. When you become a member of the registry, we will send administrative or account-related information to you to keep you updated about our registry. As service-related communications are not promotional in nature you are not able to unsubscribe from such communications, otherwise you may miss important developments relating to your account or our registry that could affect your use.
11. Required Disclosures
a. You understand and agree that the Registry may disclose information provided by you if in its good faith belief such disclosure is required by applicable law.
12. Contact Us; Member Accounts
13. Children Under the Age of eighteen (18)
14. Notice To Individuals Located in the Economic European Union or Switzerland
This Section only applies to users of the Registry that are located in the European Economic Area, United Kingdom or Switzerland (collectively, the “Designated Countries”) at the time of data collection. We may ask you to identify which country you are located in when you use some of our Services, or we may rely on your IP address to identify which country you are located in.
Where we rely only on your IP address, we cannot apply the terms of this Section to any User or Customer that masks or otherwise obfuscates their location information so as not to appear located in the Designated Countries. If any terms in this Section conflict with other terms contained in this Policy, the terms in this Section shall apply to users in the Designated Countries.
a. Our relationship to you. A “data controller” is an entity that determines the purposes for which and the manner in which any personal information is processed. We are a controller in relation to the information that you enter into the Registry website about yourself. Any third parties that act as our service providers are “data processors” that handle your personal information in accordance with our instructions. In relation to the Lung Cancer Registry, Alta Voice is the host of the Registry platform at the direction of the Lung Cancer Registry, and as such is a processor.
b. Lawful basis for controlling your personal information. We describe our controlling activities in Section 2 (“Collection, Use & Disclosure of Information & Retention”). The legal basis we rely on in controlling personal information is as follows 1) Controlling is based on our legitimate interest to better understand you, to maintain and improve the accuracy of the information we store about you, and to optimize the registry for research purposes. Controlling is necessary for compliance with our legal obligations, the public interest, or in your vital interests. Controlling is based on your consent as required under the applicable law. In relation to quality control and validation and for research purposes, to the extent the de-identified data is anonymized, it is not considered personal data and falls outside the General Data Protection Regulations (GDPR).
c. Marketing Activities. Direct marketing includes any communications we send to you that are only based on advertising or promoting products and services. Transactional communications about your account are not considered “direct marketing” communications. We will only contact Users by electronic means (including email or SMS) based on our legitimate interest or their consent. When we rely on legitimate interest, we will only send you information about our Registry and services. If you do not want us to use your personal information in this way, please click an unsubscribe link in your emails, or contact us at firstname.lastname@example.org. You can object to direct marketing at any time and free of charge.
d. Individual Rights. We provide you with the rights described below when you use our Services. When we receive an individual rights request from you, please make sure you are ready to verify your identity. Please be advised that there are limitations to your individual rights. We may limit your individual rights in the following ways: (i) where denial of access is required or authorized by law; (ii) when granting access would have a negative impact on other’s privacy; (iii) to protect our rights and properties; and (iv) where the request is frivolous or burdensome. If you have questions or if you would like to exercise your rights under the applicable law please contact us at email@example.com.
- Right to withdraw consent. If we rely on consent to collect, control, and/or process your personal information, you have the right to withdraw your consent at any time. A withdrawal of consent will not affect the lawfulness of our controlling or the processing of any third parties based on consent before your withdrawal.
- Right of access and rectification. If you request a copy of your personal information that we hold, we will provide you with a copy without undue delay and free of charge, except where we are permitted by law to charge a fee. We may limit your access if such access would adversely affect the rights and freedoms of other individuals. You may request to correct or update any of your personal information held by us, unless you can already do so directly via the Services.
- Right to erasure (the “Right to be Forgotten”).You may request us to erase any of your personal information held by us that: is no longer necessary in relation to the purposes for which it was collected or otherwise controlled and/or processed; was collected in relation to controlling and/or processing that you previously consented to, but later withdrew such consent; or was collected in relation to controlling and/or processing activities to which you object, and there are no overriding legitimate grounds for our controlling and/or processing.
- Right to object to controlling and/or processing. You may object to our controlling and/or processing at any time and as permitted by applicable law if we control and/or process your personal information on the legal basis of consent, contract or legitimate interests. We can continue to control and/or process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
- Right to restriction. You have the right to restrict our controlling and/or processing your personal information where one of the following applies:
- You contest the accuracy of your personal information that we controlled and/or processed. We will restrict the controlling and/or processing of your personal information, which may result in an interruption of some or all of the Services, during the period necessary for us to verify the accuracy of your personal information.
- The controlling and/or processing is unlawful and you oppose the erasure of your personal information and request the restriction of its use instead.
- We no longer need your personal information for the purposes of the controlling and/or processing, but it is required by you to establish, exercise or defense of legal claims.
- You have objected to controlling and/or processing, pending the verification whether the legitimate grounds of our processing override your rights.
- We will only control and/or process your restricted personal information with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform you if or when the restriction is lifted.
- Right to data portability. If we control and/or process your personal information based on a contract with you or based on your consent, or the controlling and/or processing is carried out by automated means, you may request to receive your personal information in a structured, commonly used and machine-readable format, and to have us transfer your personal information directly to another “controller” and/or “processor,” where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others.
- Notification to third parties. If we share your personal information with third parties, we will notify them of any requests for rectification, erasure or restriction of your personal information, unless this proves impossible or involves disproportionate effort.
- Right to lodge a complaint. If you believe we have infringed or violated your privacy rights, please contact us at firstname.lastname@example.org so that we can work to resolve your concerns. You also have a right to lodge a complaint with a competent supervisory authority situated in a Member State of your habitual residence, place of work, or place of alleged infringement.
15. Notification of Changes
16. Effective Date