Last updated: October 16, 2023
This Privacy Policy describes the types of information gathered by the The MED13L Foundation, a nonprofit corporation, (“MED13L” “us” or “we”) in the process of providing https://med13l.org (the “Site”) and the associated data, services, information, tools, functionality, updates and similar materials (collectively, the “Service”), how we use it, with whom the information may be shared, what choices are available to you regarding collection, use and distribution of information and our efforts to protect the information you provide to us through the Service.
By using the Service, you hereby consent to allow us to process information in accordance with this Privacy Policy. Please also refer to our Terms of Service HERE, which are incorporated as if fully recited herein. Terms defined in the Terms of Service that are not defined herein shall have the same definition as in the Terms of Service.
This policy applies to information we collect:
● From the Service;
● In email, text, and other electronic messages between you and our Service; and
● When you interact with our advertising and applications on or through third-party websites and services.
It does not apply to information collection by:
● Us offline or through any other means, including on any other website operated by us or any third party; and
● Any third party, including through any application or content (including advertising) that may link to or be accessible form or through the Site.
This policy is subject to change. If our information retention or usage practices change, we will let you know by posting the Privacy Policy changes on the Service and/or otherwise making you aware of the changes. Your continued use of the Service, or other manner of legal acceptance, following our notice of changes to this Privacy Policy means you accept such changes. Please refer to the “Last updated” date above to see when this Policy was last updated.
Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, do not use our Service.
Territoriality
Regardless of where our servers are located, your personal data may be processed by us in the United States, where data protection and privacy regulations may or may not be to the same level of protection as in other parts of the world. BY VISITING THE SITE AND USING THE SERVICE, YOU UNEQUIVOCALLY AND UNAMBIGUOUSLY CONSENT TO THE COLLECTION AND PROCESSING IN THE UNITED STATES OF ANY INFORMATION COLLECTED OR OBTAINED BY US THROUGH VOLUNTARY SUBMISSIONS, AND THAT U.S. LAW GOVERNS ANY SUCH COLLECTION AND PROCESSING.
This Privacy Policy may be subject to the provisions of the EU General Data Protection Regulation (“EU GDPR”), the UK General Data Protection Regulation (“UK-GDPR”, and together with the EU GDPR, the “GDPR”), and other applicable privacy laws. Under the GDPR, MED13L is a data “Controller”. If you are an individual located in the United Kingdom, Northern Ireland, the European Economic Area, or Switzerland (collectively, and for the purposes of this Privacy Policy, the “EEA”), you are a “Data Subject” with certain protected privacy rights concerning your “Personal Data.” We will take commercially reasonable steps to maintain compliance with GDPR. Your Personal Data and other personal information may identify you as a person, and thus may collectively be referred to in this Privacy Policy as Personally Identifiable Information (“PII”).
1. What Information Do We Collect?
We collect two types of information about persons who use the Service: Personal Information and Non-Personal Information.
PII, also referred to as “Personal Information” in this policy, is information that may personally identify you, such as your name, address, email address or phone number, as well as other non-public information that is associated with the foregoing. Anything you publicly post or that is available publicly will not be considered Personal Information and will be outside the restrictions of this policy.
“Non-Personal Information” means information that is not associated with or linked to your Personal Information. We may create Non-Personal Information from (i) automatically gathered information or (ii) Personal Information by excluding information (such as name) that may make the information personally identifiable to you.
Personal Information Collected
We collect certain Personal Information about you, which may be supplied when you sign-up for the Service, when you complete a survey, when you use the Service, when you request services, otherwise when you submit such information, and from third parties. The information that may be collected includes:
● Name;
● Address;
● Phone number;
● Username;
● Email address;
● Health Information (as described below); and
● technical information collected in our logs, such information may include standard web log entries that contain your IP address, browser history, first-party cookies (session and persistent), notifications of when you have read an email that we sent you, page URL, and timestamp.
You may provide us information when you interact with us through email or otherwise. We may retain such information in order to provide you with services, and you agree that we may share this information as needed with other users in order to resolve any issues that may arise between you and another user of the Service.
Non-Personal Information
Non-Personal Information is collected about you when you use the Service, including but not limited to the type of device you used and its browser and operating system information, the pages accessed most frequently, how pages are used, previous page and referring page URLs, and similar non-personal data. If you can be identified from this information, for example by combination with other pieces of information, then we will treat this information as Personal Information.
Automatically tracking Internet Protocol (IP) addresses is one method of automatically collecting information about your activities online and information volunteered by you. An IP address is a number that is automatically assigned to your device whenever you surf the internet. Further, the Service may utilize user agent strings, web beacons, pixel tags, cookies, embedded links, and other commonly used information-gathering tools. If non-personal information is paired to any of your Personal Information, we will treat the non-personal information as if it was Personal Information too.
Financial Information
Although it may appear that we collect financial information from you on the Service, it is actually collected and processed through a third-party service provider (“Payment Processor”) to process payments for, and donations to, the Service. The Payment Processor may collect financial information such as banking information or credit card number, name, CVV code or date of expiration, from you on the Service. We do not hold your financial information.
Aggregate Information
We may also collect anonymous, non-identifying and aggregate information, the date and time of any request you make, your language preference, pages you visit, the referring website, the website you go to immediately after visiting our Site, which page is most popular on our Site, the domain name of your Internet service provider, and whether you are a unique visitor to our Site.
2. Why Is My Information Being Collected?
We accept and gather information in an effort to provide the Service to you. We need to collect your personal information so that we can respond to your requests for information or to be added to our email lists, enforce our Terms of Service, and otherwise provide the Service. We also collect aggregate information to help us better design the Service. We collect log information for monitoring purposes to help us to diagnose problems with our servers, administer the Service, calculate usage levels, and otherwise provide services to you.
3. How Do We Use Information We Collect?
We use the personal information you provide for the purposes for which you have submitted it, including:
● Internal Uses. We may use your PII to respond to your inquiries, to fulfill your requests for information, track usage trends, conduct usage experiments, develop and improve the Service and other offerings, and perform research and analytics.
● Registering You for the Service and Maintaining Your Records. We may use your PII to create and maintain an account for you to use the Service.
● Making Donations to the Service. Our Payment Processor will use your PII to process your donation for the Service, to verify that your device is recording a sale, and to confirm your identity when a donation is made.
● Administrative and Promotional Emails. We may use your PII to send you emails to: (a) confirm your account information and your other PII; (b) confirm registration; (c) provide you with information regarding the Service; (d) inform you of changes to this Privacy Policy, our Terms of Service, or our other terms, conditions, or policies; or (e) provide you with information on our other services and products, or promotions related to the Service or our other services and products.
We may use anonymous information that we collect to improve the design and content of our Service, and to enable us to personalize your internet experience. We also may use this information in the aggregate to analyze how our Site is used, as well as to offer you programs or services. We may use any anonymous, aggregate information, which may include or be based on your information, without restriction.
4. Sharing Information Collected with Third Parties, Consultants, and Affiliates
We will not share your PII except: (a) for the purposes for which you provided it; (b) with your consent; (c) as may be required by law or as we think necessary to protect our organization or others from injury (e.g., in response to a court order or subpoena, in response to a law enforcement agency request, or when we believe that someone is causing, or is about to cause, injury to or interference with the rights or property of another); (d) with persons or organizations with whom we contract to perform services for us, including the performance, or development of, aspects of the Service and other internal operations or business activities; and (e) with a third-party organization that we work with to grow the community and to attract researchers to investigate potential treatments and cures for MED13L Syndrome.
We may also share aggregate information with others, including affiliated and non-affiliated entities.
We may share your User Content with other users via the Service, as directed by you. We may use and share anonymized User Content for purposes of improving the design and content of our Service, analyzing how the Service is used, performing analytics and benchmarking, and for general business purposes. We do not disclose any Personal Data to, nor do we have any connection or partnership with third-party platforms, or companies.
Finally, we may transfer your PII to another party (affiliated or non-affiliated), or our successor-in-interest, in relation to, or in the event of, a merger, acquisition, sale of all or substantially all of our assets, reorganization, bankruptcy, or other change of control. After such disclosure or transfer, the third party or successor in interest may use the information in accordance with applicable law.
You hereby acknowledge the necessity and legitimate interests that we have in disclosing information as described in this privacy policy and hereby consent to such sharing and disclosures.
5. How Do We Use Cookies And Other Network Technologies?
To enhance your online experience with us, our web pages may presently or in the future use “cookies.” Cookies are text files that our web server may place on your computer or mobile device to store your preferences. Cookies, by themselves, do not tell us your e-mail address or other PII unless you choose to provide this information to us. Once you choose to provide PII, however, this information may be linked to the data stored in the cookie. Although it may be possible to turn off the collection of cookies through your device or browser, certain features of the Services may not function properly without the aid of cookies.
Our Service uses Google Analytics, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 (“Google”). Google Analytics uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. This service may collect information regarding the use of other websites, apps and online resources. For more information on how Google uses data when you use our Site or Service, please follow this link: https://policies.google.com/technologies/partner-sites. You may be able to opt-out of some or all of Google Analytics features by downloading the Google Analytics opt-out browser add-on, available at, https://tools.google.com/dlpage/gaoptout. For more information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please visit http://optout.aboutads.info.
MED13L or its service providers may also use “pixel tags,” “web beacons,” “clear GIFs” or similar means (collectively, “Pixel Tags”) in connection with some of our Site pages and HTML-formatted email messages for purposes of, among other things, compiling aggregate statistics about website usage and response rates. A Pixel Tag is an electronic image, often a single pixel (1×1), that is ordinarily not visible to website visitors and may be associated with cookies on visitors’ hard drives. Pixel Tags allow us and our service providers to count users who have visited certain pages of our Site, to deliver customized services, and to help determine the effectiveness of promotional or advertising campaigns. When used in HTML-formatted email messages, Pixel Tags can inform the sender of the email whether and when the email has been opened.
6. Links
Our Service may contain links to other websites. We are not responsible for the privacy practices of such other sites. When you leave our Service to visit another website or application, please read the privacy statements of websites that may collect personally identifiable information. This Privacy Policy applies solely to information collected by us through the Service.
7. Storing and Securing Your PII
If you are visiting the Site or otherwise using the Service from outside of the USA, you understand that your connection will be through and to servers located in the USA, and the information you provide will be securely stored in our servers and internal systems located within the USA.
We will store and use your personal information until the earlier of your request that we delete it, or the completion of the purpose for which it was collected, unless we have to keep it in order to comply with applicable law(s) or regulation(s). To the extent possible, we will delete the information within thirty (30) days of the triggering event. Any information which has been automatically logged, backed-up, or archived shall be segregated without use/access until it can be deleted in line with our document retention procedures.
We employ procedural and technical safeguards to secure your personal information against loss, theft, alteration, and unauthorized access, use and disclosure, including but not limited to encryption (at rest and in transit via https protocol, passwords, and a firewall). We also employ security procedures to protect your information from unauthorized access by users inside and outside the company.
Regardless of the precautions we take, no transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under our control to intercept or access transmissions or private communications unlawfully. While we strive to protect personal information, we cannot ensure or warrant the security of any information you transmit to us.
8. Access and Control
To view, retrieve, delete, or revise your information, follow the instructions on the Service, or email us legal@med13l.org and request such information or change. For instructions on how you can further access your personal information that we have collected, or how to correct errors in such information, please send an e-mail to legal@med13l.org. We will also promptly stop using your information and remove it from our servers and database at any time upon your e-mail request to do so. To protect your privacy and security, we will take reasonable steps to help verify your identity before granting access, making corrections, or removing your information. You may opt-out of: our use of your information other than for the primary purpose for which you provided it; and promotional emails (including via the unsubscribe link in any such promotional email from us).
9. Do Not Track
At this time, the Service does not specifically respond to browser do-not-track signals.
10. ‘EEA’ Privacy Rights.
If you currently reside in the EEA, the GDPR applies to your PII and you are a Data Subject. The GDPR requires that we, in our capacity as a Controller, have a legal basis to process your PII.
A. We process your PII under one or more of the following legal bases:
● Processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
● To perform the contract that we are about to enter with you (e.g., our Terms of Service);
● To comply with a legal obligation; and/or
● If we have your consent to do so, such consent capable of being revoked at any time.
B. Under the GDPR, as a Data Subject you have certain rights. They are:
● The right to be informed. This is your right to be informed about what we are processing, why, and who else the data may be passed to.
● The right of access. This is your right to see what data about you is held by us.
● The right to rectification. This is the right to have your data corrected or amended if what is held is incorrect in some way.
● The right to be forgotten. This is the right to have your personal data to be deleted in the event that such data is no longer required for the purposes it was collected for, your consent for the processing of the data is withdrawn, or the data is being unlawfully processed.
● The right to restrict processing. This is the right to ask for a temporary halt to processing of your personal data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected.
● The right to data portability. This is the right to ask for your personal data to be provided to you in a structured, commonly used, and machine-readable format.
● The right to object. This is the right to object to further processing your personal data if such processing is inconsistent with the primary purposes for which it was collected.
● Rights in relation to automated decision making and profiling. You have the right to not be subject to a decision based solely on automated processing. The Service does not engage in automated decision making and profiling.
You can find instructions for enforcing some of these rights elsewhere in this Privacy Policy. Otherwise, if you wish to find out more about these rights, please contact us at legal@med13l.org.
11. Children and Privacy
As a non-profit, our Service is not subject to the Children’s Online Privacy Protection Act (“COPPA”), or the associated Federal Trade Commission (“FTC”) rules for collecting personal information of/from minors. Nevertheless, we endeavor to not collect, use, or disclose the Personal Information of a child under the age of 13 without the verified consent of their parent.
Upon signing up for the Service, we will verify the parent or guardian’s consent by either of the following: (i) having the parent or guardian sign a consent form in person; or (ii) sending the parent or guardian a consent form, having them sign it, and return it to use via the same method.
Once verified parental consent is received, and we have collected, used and disclosed the Personal Information of your child as described above in this Privacy Policy, we shall employ the same measures to protect its confidentiality as we do any other PII. Our Service will not knowingly accept Personal Information from anyone under 13 years old in violation of applicable laws, without verifiable consent of a parent. In the event that we discover that a child under the age of 13 has provided PII to us, we will make efforts to delete the child’s information in accordance with the COPPA.
Notwithstanding anything to the contrary herein, we shall not retain the Personal Information of any child under the age of 13 longer than is reasonably necessary to fulfill the Service requested, to allow the child to participate in the Service, to ensure the security of our users and our Services, or as otherwise required by applicable law.
A parent may review, edit, object to additional processing, or request the deletion of their child’s Personal Information by emailing us at legal@med13l.org. To protect the child’s privacy and security, we shall take reasonable steps to verify the identity of the parent before giving them access to such PII. We shall also delete a child’s personal information in the event that we find it is collected, used, or disclosed in a manner that is inconsistent of COPPA’s requirements, or immediately seek the parent’s consent for the same. If you believe that your child under 13 has gained access to our Service without your permission, please contact us at legal@med13l.org.
MED13L shall apply the same practices described in this section to children residing in the United Kingdom who are under 13, and to children under the age of 16 who reside in Switzerland and the European Economic Area unless their specific country specifies a different minimum age threshold for parental/guardian consent to be required, in which case MED13L will use such age to guide its practices.
Please see the FTC’s website (www.ftc.gov) for more information on COPPA.
State Privacy Rights
California law allows California residents to request information regarding our disclosures in the prior calendar year, if any, of their personally identifiable information to third parties. To make such a request, please contact us at legal@med13l.org with “Request for Privacy Information” in the subject line. Please include enough detail for us to locate your file; at a minimum, your name, email, and username, if any. We will attempt to provide you with the requested information within thirty (30) days of receipt. We reserve our right not to respond to requests sent more than once in a calendar year, or requests submitted to an address other than the one posted in this notice. Please note that this law does not cover all information sharing. Our disclosure only includes information covered by the law.
Nevada provides its residents with a limited right to opt-out of certain personal information sales. Residents who wish to exercise this sale opt-out rights may submit a request to this designated address: legal@med13l.org. However, please know we do not currently sell data triggering that statute’s opt-out requirements.
Contact Information
If you have any questions or suggestions regarding our Privacy Policy, please contact us via email at legal@med13l.org.
Copyright © The MED13L Foundation. All rights reserved. The Service is the property of The MED13L Foundation, and is protected by United States and international copyright, trademark, and other applicable laws. This includes the content, appearance, and design of the Service, as well as the trademarks, product names, graphics, logos, service names, slogans, colors, and designs.