Privacy Policy
DOWN SYNDROME CLINIC TO YOU (DSC2U) WEBSITE PRIVACY POLICY
1. INTRODUCTION
Purpose. The purpose of this Website Privacy Policy is to describe how Massachusetts General Hospital and its affiliates (collectively, “MGH” or “we”) collects, uses and shares information about you through this Down Syndrome Clinic to You (DSC2U) website (the “Site”). Please read this notice carefully to understand what we do. If you do not understand any aspects of our Website Privacy Policy, please feel free to Contact Us at CISPO@partners.org or as described in Section 7 of this Website Privacy Policy.
Scope; Third Party Sites. This Website Privacy Policy applies only to information we collect at and through the Site. Other sites owned by or affiliated with MGH, Mass General Brigham Incorporated, formerly known as Partners HealthCare System, Inc. ("Mass General Brigham") or any other Mass General Brigham affiliate are governed by their own separate privacy policies. Our Site also contains links to third party sites that are not owned or controlled by MGH or Mass General Brigham. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our Site and to read the privacy statements of each and every website that collects personal information.
Terms of Use and User Agreement and Notice of Privacy Practices. Please note that your use of our Site is also subject to our Terms of Use and User Agreement and the Partners HealthCare Notice of Privacy Practices. Individually identifiable information that we collect in connection with your use of the Site through the registration and submission process is considered “Protected Health Information” as defined under the Health Insurance Portability & Accountability Act and related regulations (collectively referred to as “HIPAA”) and is also subject to the Partners HealthCare Notice of Privacy Practices. Certain non-individually identifiable information that we may collect from visitors to this Site as described in this Website Privacy Policy is not considered “Protected Health Information” as defined under HIPAA and is not subject to the Partners HealthCare Notice of Privacy Practices.
2. INFORMATION THAT WE COLLECT
Information You Provide to Us
We collect information you provide to us, for example when you create or modify your account, register to use our Site, purchase services from us, request information from us, contact customer support, or otherwise communicate with us. This information may include:
- Name
- Address
- Billing address
- Email address
- Telephone number
- Credit card number (solely for payment purposes)
- Date of birth
- Health history
- Insurance carrier and subscriber information
Information We Collect Through Your Use of our Site
Google and Other Third Party Services
We may use web analytics and tag management services and tools service provided by Google, Inc. (“Google”) and other third parties to collect certain information relating to your use of the Site. Google Analytics uses “cookies,” which are text files placed on your computer, and tags (such as tracking codes and event codes) to help us analyze how users use the site. You can find out more about how Google uses data when you visit our Site by visiting “How Google uses data when you use our partners' sites or apps” (located at https://policies.google.com/privacy).
Information Collected Through Cookies and Similar Technologies
We and our service providers use cookies, web beacons, and other technologies to receive and store certain types of information whenever you interact with our Site through your computer or mobile device. A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the Site again, the cookie allows the Site to recognize your browser. Cookies may store unique identifiers, user preferences and other information. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, some Site features or services may not function properly without cookies. We use cookies to improve the quality of our service, including for storing user preferences, and tracking user trends.
No Information from Children Under Age 13
If you are under the age of 13, please do not attempt to register with us at this Site or provide any personal information about yourself to us. If we learn that we have collected personal information from a child under the age of 13, we will promptly delete that information. If you believe we have collected personal information from a child under the age of 13, please Contact Us CISPO@partners.org .
3. HOW WE USE AND SHARE YOUR INFORMATION
To Facilitate or Provide Services and Information. We collect information from you in order to facilitate or provide services that you request from us; register and service your online account; provide information that you request from us; contact you about your services requests; and process credit card transactions, provide updates about our current and future services or other information that may be of interest to you and to conduct user satisfaction surveys that will help us improve our Site and services in the future..
For Clinical Research. We (and our researchers and affiliates) may collect, use and share information from you for the purposes of determining which clinical research opportunities may be of interest to you, contacting you to participate in research opportunities, or conducting clinical research as part of a research study in which you have agreed to participate as a research subject or researcher or in which your existing data is used, or providing information to you regarding research studies or medical information you have requested.
Please note that not every research study will collect, use and share data in the same way. In certain cases, you will be provided with a consent or authorization form relating to a specific research project that explains the types of information collected and the purposes for which the information is collected, used and shared. If you are provided with a consent or authorization form for a particular research study, the description of the collection, use or sharing of your information contained in such form shall apply to the specific study in question.
LuMind Relationship. MGH has received support for the DSC2U program from the LuMind IDSC Down Syndrome Foundation (“LuMind”). Users of the DSC2U application who wish to receive additional information about LuMind and its programs will be presented with the option of sharing their contact information (name and email address) with LuMind. In addition, MGH will share de-identified DSC2U data with the LuMind for the purposes of research or ideation of research topics as described above.
Sharing with Third Parties. We may provide information to third party service providers that help us operate and manage our Site, process services requests, and deliver services that you purchase through the Site. We may also provide information to affiliated individuals and organizations providing professional medical services that you access through the Site. These service providers will have access to your personal information in order to provide these services, but when this occurs, we implement reasonable contractual and technical protections to limit their use of that information to helping us provide the service.
Your Consent. In addition to the sharing described elsewhere in this Policy, we will share personal information with companies, organizations or individuals outside of Mass General Brigham and its affiliates when we have your consent to do so. By using our Site, you consent to the collection, use and sharing of this information as described in this Policy.
Legal Proceedings. We will share personal information with third party companies, organizations or individuals outside of Mass General Brigham and its affiliates if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- Meet any applicable law, regulation, subpoena, legal process or enforceable governmental request.
- Enforce applicable Terms of Use, including investigation of potential violations.
- Detect, prevent, or otherwise address fraud, security or technical issues.
- Protect against harm to the rights, property or safety of MGH, Mass General Brigham, the Site, our users, customers or the public as required or permitted by law.
Transfer in the Event of Sale or Change of Control. If the ownership of all or substantially all of our business changes or we otherwise transfer assets relating to our business or the Site to a third party, such as by merger, acquisition, bankruptcy proceeding or otherwise, we may transfer or sell your personal information to the new owner. In such a case, unless permitted otherwise by applicable law, your information would remain subject to the promises made in the applicable Website Privacy Policy unless you agree differently.
If you use our website and provide us with information, you understand and agree you understand and agree that your information may be transferred to and stored on servers located outside your resident jurisdiction and, to the extent you are a resident of a country other than the United States, that you consent to the transfer of such data to the United States for processing by us in accordance with this Privacy Policy.
4. ACCESS TO YOUR INFORMATION AND CHOICES
If you have questions about personal information, we have about you or need to update your information, you can Contact Us as described in Section 7 of this Website Privacy Policy.
5. SECURITY OF YOUR INFORMATION
We use industry standard physical, technical and administrative security measures and safeguards to protect the confidentiality and security of your personal information. However, since the Internet is not a 100% secure environment, we cannot guarantee, ensure, or warrant the security of any information you transmit to us. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It is your responsibility to protect the security of your login information. Please note that while communications and information you send to us using our Site are encrypted, e-mails and other communications you send to us outside of the Site are not encrypted. Thus, we strongly advise you not to communicate any confidential information through unencrypted email.
6. CHANGES TO OUR WEBSITE PRIVACY POLICY
Our Website Privacy Policy may change from time to time. We will not reduce your rights under this Website Privacy Policy without your consent in accordance with applicable law. We will post any Website Privacy Policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of Website Privacy Policy changes).
7. QUESTIONS AND HOW TO CONTACT US
If you have any questions, concerns, complaints or suggestions regarding our Website Privacy Policy or otherwise need to contact us, please email us at CISPO@partners.org, call us at 1-800-856-1983, or contact us by US postal mail at the following address:
Partners HealthCare System, Inc.
399 Revolution Drive
Somerville, MA 02145
Attn: Chief Information Security and Privacy Officer
8. COPYRIGHTS AND COPYRIGHT INFRINGEMENT
For a list of MGH registered copyrights and how to report copyright infringement, please visit https://www.massgeneral.org/notices/privacy/copyright.aspx .
9. USERS IN THE EUROPEAN ECONOMIC AREA (EEA) AND SWITZERLAND
If you are a resident of the EEA or Switzerland, the following information applies with respect to personal data collected through your use of our Site.
Use of Website. If you use our website and provide us with information, you consent to the collection, use and sharing of this information as described in this Policy and you understand and agree you understand and agree that your information may be transferred to and stored on servers located outside your resident jurisdiction and, to the extent you are a resident of a country other than the United States, that you consent to the transfer of such data to the United States for processing by us in accordance with this Website Privacy Policy.
Purposes of processing and legal basis for processing: As explained above, we process personal data in various ways depending upon your use of the services. We process personal data on the following legal bases: (1) with your consent; (2) as necessary to provide the services; and (3) as necessary for our legitimate interests in providing the services where those interests do not override your fundamental rights and freedom related to data privacy.
Transfers: Personal data we collect may be transferred to, and stored and processed in, the United States or any other country in which we or our affiliates or processors maintain facilities. We will use reasonable efforts to ensure that transfers of personal data to a country or an international organization outside the EEA or Switzerland are subject to appropriate safeguards.
Your rights: You are entitled to the rights under Chapter III of the EU General Data Protection Regulation or Section 2 of the Swiss Federal Act on Data Protection with respect to the processing of your personal data, which include the right to access and rectify and to request erasure of personal data. In order to verify your identity, we may require you to provide us with personal information prior to accessing any records containing information about you.