Privacy Policy

Effective Date: May 15, 2023

All Policies Updated: April 12th, 2024

This Privacy Policy governs the manner in which the RUNX1 Foundation (dba RUNX1 Research Program; hereinafter referred to as “RRP”) collects, uses, maintains and discloses both personal and non-personal identification information collected from visitors (hereinafter referred to as "Users") of this website (hereafter referred to as the "Site"). 

This policy applies to the Site and all products and services offered by RRP, and includes separate sections outlining our compliance with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), as well as the General Data Protection Regulation (GDPR).

Website Privacy Policy

Collection and Use of Personal Information

Personal information is information that identifies you as an individual or relates to an identifiable individual. We currently collect and process the following personal information only if voluntarily provided by a User:

  • Preferred Salutation, First Name and Last Name

  • Address including street, city, state or province, postal code and country.

  • Email Address

  • Phone Number

  • Primary Audience Category the User identifies with (options defined by RRP as well as an option to include User’s own self-descriptor)

  • Any additional Audience Categories the User identifies with [options defined by RRP as well as an option to include User’s own self-descriptor(s)]

  • Gender

  • Race/Ethnicity

  • Permission to include a city/state location marker on our patient location map graphic

  • Any additional comments, questions and feedback provided by the User

How and Why We Collect Personal Information

The majority of personal information we collect is provided to us directly by the User. RRP may collect personal identification information from Users in various ways, including (but not limited to) User Site visits, online form submission, subscribing to the newsletter or responding to a survey. 

Individual information may also be collected in connection with other activities, services, features or resources we make available and that you voluntarily provide to us, such as your feedback and comments about the Site, your public social media account handle or online fundraising platforms.

RRP may collect and use Users' personal information for the following purposes:

  • Improving service: Information you provide helps us address your service requests, inquiries and/or feedback. We may use the email address you provide to respond and support your needs more efficiently.

  • Personalizing user experience: We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.

  • Sending informational emails: If a User chooses to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.

Users can always customize or refuse to supply personal identification information upon their initial visit to the Site via the privacy preferences pop-up banner that appears on the Home screen. Users can also choose to “Change Consent” or “Withdraw Consent” at any time after visiting the Site by clicking the button located in the bottom left-hand corner of the Site.

Anonymous Users

Users may choose to visit our Site anonymously. We will collect personal identification information from these Users only if they voluntarily submit such information to us. 

Disclosure of Personal Information

We will not disclose, trade, rent, sell or otherwise transfer your personal information to any third party without your consent, except as otherwise set out in this Policy.

We may share your personal information with our service providers such as a Customer Service Management (CRM) database, website hosting, data analysis, payment processing, donation processing and other administrative services. Our service providers are required to maintain the confidentiality of your personal information and are prohibited from using your personal information for any other purpose.

Personal Information Storage and Security

We have implemented the following measures designed to protect the personal information that we collect and store through the Site from unauthorized access, use, disclosure or destruction (please be aware that no data security measures can guarantee 100% security):

  • Data Storage: We store the personal information you provide to us securely in accordance with industry standards. This includes both electronic and physical storage methods. Personal information may be stored on our servers or with third-party service providers (e.g., collaborative, analytical and operational Customer Service Management (CRM) providers) who adhere to stringent data security practices.

  • Security Measures: We have implemented appropriate technical and organizational measures to safeguard your personal information against unauthorized access, loss, alteration or disclosure. These measures include, but are not limited to:

  • Secure Socket Layer (SSL) encryption to protect data transmission.

  • Firewalls and intrusion detection systems to prevent unauthorized access.

  • Access controls and restricted user permissions to limit internal access to personal information.

  • Regular security assessments and audits to identify and address vulnerabilities.

  • Data Retention: We retain your personal information only for as long as necessary to fulfill the purposes outlined in our Privacy Policy, unless a longer retention period is required or permitted by law. When personal information is no longer needed, we securely delete or anonymize it.

  • Third-Party Service Providers: We may engage third-party service providers to assist with various aspects of our operations. These service providers may have access to your personal information for the sole purpose of providing services on our behalf. We ensure that any third-party service providers we work with have appropriate data protection measures in place.

  • Children's Privacy: Our website is not intended for children under the age of 12. We do not knowingly collect or store personal information from individuals under 12 years of age. If we become aware of any such data, we will take immediate steps to delete it unless permission to store it is provided in writing by their parent or legal guardian.

  • Data Breach Notification: In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant authorities in accordance with applicable laws and regulations.

Data Protection Rights

Under data protection law, you have certain rights that include:

  • Right of access: You have the right to ask us for copies of your personal information.

  • Right to rectification: You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 

  • Right to erasure: You have the right to ask us to erase your personal information in certain circumstances. 

  • Right to restriction of processing: You have the right to ask us to restrict the processing of your personal information in certain circumstances. 

  • Right to object to processing: You have the right to object to the processing of your personal information in certain circumstances.

  • Your right to data portability: You have the right to ask that we transfer the personal information you gave us to another organization, or to you, in certain circumstances.

You may request access to, correction or deletion of, or a restriction on our use or disclosure of your personal information that we have collected through the Site. You are not required to pay any charge for exercising your rights. If you make a request, we will respond no later than one month from the date we receive, open and acknowledge the request. Please contact us via email at info@runx1-fpd.org if you wish to make such a request.

Retention

We will retain your personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with applicable laws and regulations or as necessary to protect our legal rights.

Non-Personal Identification Information

We may also collect non-personal identification information about Users whenever they interact with our Site. This information is obtained through various technologies, such as cookies, log files and web beacons. Non-personal identification information may include the browser name, the type of computer or device, technical information about Users' means of connection to our Site, such as the operating system, internet service provider and other similar information.

The non-personal identification information collected is used to enhance the user experience and improve the functionality of our Site. It may be used for the following purposes:

  • Website Analytics: Non-personal identification information helps us analyze trends, track user navigation patterns and gather demographic information about our user base. This data is used to improve our Site's performance, content and user interface.

  • Personalization: We may use non-personal identification information to personalize the user experience. This includes remembering user preferences, language settings and displaying relevant content or recommendations based on browsing behavior or location.

  • Technical Troubleshooting: Non-personal identification information assists us in identifying and resolving technical issues or errors on the website. It helps our technical team diagnose problems and ensure a seamless browsing experience for our Users.

  • Aggregated Insights: We may aggregate non-personal identification information to gain insights into user behavior, preferences and general trends. This aggregated data is used for research, reporting and making data-backed decisions to enhance our services and website performance.

We do not disclose non-personal identification information to third parties, except for trusted partners and service providers who assist us in operating our website, conducting business or serving our Users. These third parties are bound by confidentiality agreements and are authorized to use the information solely for the purposes specified by us.

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of non-personal identification information collected on our Site. However, please note that no data transmission over the internet or electronic storage method is 100% secure, and we cannot guarantee absolute security of non-personal identification information.

Web Browser Cookies

Our Site may use "cookies" to enhance User experience. Users' web browsers place cookies on their hard drive for record-keeping purposes and sometimes to track information about them. Users may choose to set their web browsers to refuse cookies or to alert them when cookies are being sent. Please note that some parts of the Site may not function properly if you do make some of these changes.

Changes to This Policy

RRP has the discretion to update this Privacy Policy at any time. When we do, we will revise the updated date at the top of this page. We encourage Users to frequently check this page for any changes in order to stay informed about how we are helping to protect the personal and non-personal information we collect. You acknowledge and agree that it is your responsibility to review this Privacy Policy periodically and become aware of modifications.

Your Acceptance of These Terms

By using this Site, you signify your acceptance of this Privacy Policy. If you do not agree with this policy, please do not use our Site. Your continued use of the Site now and/or following the posting of changes to this policy will be deemed as your acceptance of this Privacy Policy and/or those changes.

If you have any questions or concerns about this Policy or our privacy practices, please contact us at info@runx1-fpd.org.

California Privacy Policy Statement

This California Privacy Policy section supplements the information contained in our Privacy Policy and applies solely to California residents. It sets forth the rights and obligations of both users and RRP under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Categories of Personal Information Collected

In the preceding 12 months, we may have collected the following categories of personal information from California residents through our website:

  • Identifiers, such as name, email address and contact information.

  • Internet or other electronic network activity information, such as browsing history and interactions with our website.

  • Geolocation data, if enabled by the user's device or browser.

  • Any other categories of personal information as described in our main Privacy Policy.

Purposes of Collection

We collect personal information from California residents for the following purposes:

  • To provide and personalize our services to you.

  • To communicate with you, respond to inquiries and provide customer support.

  • To improve our website, products and services.

  • To comply with legal obligations.

  • For any other purposes as described in our main Privacy Policy.

Right to Know and Delete

California residents have the right to request that we disclose certain information to them about our collection and use of their personal information over the past 12 months. They also have the right to request the deletion of their personal information that we have collected and retained, subject to certain exceptions.

To exercise their right to know or delete, California residents may submit a verifiable consumer request by contacting us via email at info@runx1-fpd.org .

Right to Opt-Out

We do not sell personal information of any User of our website, including California residents.

Non-Discrimination

We will not discriminate against California residents who exercise their privacy rights under the CCPA. This means that we will not deny services or provide a different level or quality of service from any non-California resident website User.

Contact Information

For any questions, concerns or requests regarding your privacy rights or this California Privacy Policy section, please contact us via email at info@runx1-fpd.org.

Please note that any requests made by California residents will be verified to ensure the security of personal information and to prevent fraudulent requests.

GDPR Compliance Statement

As part of our commitment to transparency and compliance with the General Data Protection Regulation (GDPR), we have implemented the following measures:

Lawful Basis for Processing

We only collect and process personal data when we have a lawful basis to do so. This includes obtaining consent, fulfilling contractual obligations, complying with legal requirements, protecting vital interests, performing a task in the public interest or pursuing legitimate interests, always considering the rights and freedoms of the individuals concerned.

Data Collection and Purpose

We clearly outline the purpose and legal basis for collecting personal data in our overall website policy above. We collect only the necessary information required to fulfill the specified purpose and ensure that it is not used for any other incompatible purposes.

Data Minimization

We practice data minimization by collecting and retaining only the personal data that is necessary for the intended purpose. We regularly review our data collection practices to ensure we are not storing unnecessary or excessive personal data.

Data Security

We have implemented appropriate technical and organizational measures to safeguard personal data against unauthorized access, disclosure, alteration or destruction. These measures include encryption, access controls, firewalls, secure storage and regular security assessments.

Data Sharing and Transfers

We do not sell, trade, or rent personal data to third parties. In cases where sharing personal data with third parties is necessary to fulfill our services or legal obligations, we ensure that appropriate data processing agreements or safeguards are in place to protect the data and comply with GDPR requirements.

Individual Rights

We respect individuals' rights as outlined in the GDPR, including the right to access, rectify, erase, restrict processing, object to processing and data portability. We have processes in place to address and respond to such requests within the required timeframes. Please email info@runx1-fpd.org with any of these requests. If you make a request, we have one month to respond to you.

Consent and Opt-in

Where consent is required for processing personal data, we obtain explicit, freely given and informed consent from individuals. We provide clear information about the purposes of data processing and offer options to opt-in or opt-out of specific data uses.

Data Retention

We retain personal data for no longer than necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. We have defined data retention periods and regularly review and delete personal data that is no longer needed.

Data Breach Notification

In the event of a data breach that poses a risk to individuals' rights and freedoms, we have procedures in place to detect, investigate and report such breaches to the relevant supervisory authorities and affected individuals, as required by GDPR.

Data Protection Officer (DPO)

We have appointed an internal Data Protection Officer who oversees our data protection practices, provides guidance and ensures compliance with GDPR requirements. You may contact them at any time if you have any questions, concerns or requests regarding our GDPR compliance or the handling of personal data at info@runx1-fpd.org.

Because RRP is able to collect personal data from UK residents, you can also contact the Information Commissioner’s Office if you are unhappy with how we have used your data:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

This GDPR Compliance Statement reflects our commitment to protecting personal data and upholding the principles and obligations outlined in the General Data Protection Regulation.

The RUNX1 Foundation [dba RUNX1 Research Program (RRP)]
1482 East Valley Road, Ste. 137
Santa Barbara, CA 93108-1200
info@runx1-fpd.org