HealthWell Foundation
Privacy Policy
Last Updated: September, 2015
Introduction
This Privacy Policy (“Privacy Policy”) explains how we collect, use, protect, and treat your personal information and user data. The HealthWell Foundation website, located at www.healthwellfoundation.org (the “Website”), is operated by HealthWell Foundation, Inc., (the “Foundation”)
This Privacy Policy covers personal information and data collected or processed by the Foundation, including through the Website, our social media accounts, and offline sources. This Privacy Policy does not cover information or data collected or processed by third parties, including those who provide products and services on the Website (“Service Providers”) or affiliated organizations (“Affiliates”), third party web pages, or websites, products, or services to which we link that do not display a direct link to this Privacy Policy. We are not responsible for the content or privacy practices of other websites or online or mobile services. By using our Website, you signify your consent to the data practices described in this Privacy Policy.
THE FOUNDATION IS NOT A MEDICAL PROVIDER NOR IS IT A “COVERED ENTITY” SUBJECT TO STATE OR FEDERAL LAWS GOVERNING THE PRIVACY OF MEDICAL RECORDS OR INFORMATION, INCLUDING THE HEALTH INSURANCE PORTABILITY AND ACCONTABILITY ACT OF 1996, COMMONLY REFERRED TO AS “HIPAA”.
DONOR PRIVACY: We will not sell, share or trade our donors’ names or personal information with any other entity, nor send mailings to our donors on behalf of other organizations. This policy applies to all information received by the Foundation, both online and offline, as well as any electronic, written, or oral communications.
Information We Collect
A. Personally-identifiable information
Our Website and our Service Providers only collect personally identifiable information (“PII”) with your consent. Collection of PII occurs if you enter it in forms on our website, apply for assistance, subscribe to a newsletter, make a donation, contribute a personal story, tweet to us, post web video on our Facebook page, post a comment on our YouTube videos, post comments on our Facebook page, provide it by U.S. Mail, telephone, email, fax or use other features and resources on the Website and in our social media presences. All PII and other information we collect (including offline) is processed through our Website. You may visit our Website anonymously, but that may prevent you from engaging in certain Website features or Services. PII includes information that can identify you, including:
1. PII we may collect from patients applying for assistance from Foundation:
- first and last name
- telephone number
- account password
- address
- email address
- social media addresses
- social security number
- insurance policy numbers
- pharmacy information
- income level
- medical condition
- medications, and
- other potentially sensitive personal information required to determine eligibility
2. PII we may collect from Foundation’s donors and supporters:
- first and last name
- personal stories
- family relationships
- images and web video submitted to Foundation
- telephone number
- address
- email address
- social media addresses
- credit card number
- amount of donation, and
- other personal details connected to donation
B. Non personally-identifiable information
Our Website and Service Providers may collect non-personally identifiable (anonymous) information from visitors. Non personally-identifiable information (“Non-PII”) is any information that, by itself, cannot be directly associated with you. This information may include:
- gender
- age
- family relationship
- ZIP code
- medical condition
- di-identified health information
- income
- household size, and
- insurer
Our Website and Service Providers use a variety of tools to collect data about your visit to our Website or social media presences, often referred to as “Cookies.” Cookies include technology that records information about your visit to the Website on log files in your browser, web beacons that collect information about you across websites, and other technologies that collect and store Non-PII when you visit our Website or share Website content through a social media account, including:
- domain name
- browser type
- date and time of visit, and
- referring web page
C. California Online Personal Privacy Act Disclosures:
1. When you visit our Website, we or our Service Providers may drop a Cookie on your browser to remember your preferences and collect analytical data about your visit. The Website does not employ technology to track you across multiple websites or override the privacy settings in your web browser.
2. Our Service Providers do not track Website visitors across multiple websites or override the privacy settings in your web browser. If you access our social media sites from the Website, be aware that the social media platforms may track you by across multiple websites and disregard the privacy settings in your web browsers.
D. Canadian and European Union Users
We do not intend to collect PII from Canadian and European Union users. If you are from the European Union or Canada, do not provide us with PII, use our Services, or the Website. If we learn that we collected PII from a user from the European Union or Canada, we will promptly delete that information.
E. Children
The Foundation does not knowingly collect, store or disclose information about children under the age of 18 without parental consent. If we receive information from a child that we know to be under the age of 18, we will use that information only to inform the child that we must have parental consent.
F. Sensitive Personal Information
1. Patients.
During the application process, we may request information such as social security numbers, medical conditions, medications you use to determine which patient assistance programs can properly assist you. Your medical conditions may be considered Protected Health Information (“PHI”) and therefore sensitive personal information. You may elect not to provide your medical condition or other sensitive personal information but you may not be able to participate in patient assistance programs through the Website. We do not use Cookies to enable ad targeting based on sensitive personal information.
2. Donors.
In making donations to the Foundation, posting on the Foundation’s blog, or sharing content in our social media accounts, please do not disclose sensitive personal information (information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context, such as protected health information, social security numbers, or healthcare account numbers) unless we specifically request your consent.
G. Information about You from Other Sources:
We and our Service Providers may collect personal information about you from other sources, including commercially available sources. All the information we collect about you may be combined to personalize your experience, provide patients and donors with services, to improve our Website and services, and for marketing efforts.
How We Use and Share Your Personal Information
A. How we use Personally-Identifiable Information (PII)
1. We use PII from patients to:
- determine eligibility for assistance for certain out-of-pocket health care costs (“assistance programs”)
- provide qualifying patients with assistance applying for assistance programs
- communicate with patients about assistance programs
- transfer to healthcare providers and their staffs, pharmacy, employer, insurance company, and other persons or entities working on your behalf to obtain eligible treatment or therapy
- transfer to our pharmacy card vendor to process payments, and
- share stories and comments on social media
2. We use PII from donors and supporters of the Foundation for internal purposes only to:
- accept and process donations
- communicate with donors and supporters about contributions
- send Foundation newsletters to donors
- transfer to outside contractors, auditors, consultants or others hired by the Foundation to assist in providing a monthly newsletter for donors, and
- share stories and comments on social media
The Foundation does not trade, sell or share any donor information with third parties.
The Foundation does not send any third party email or third party U.S. Mail to Foundation donors.
B. How we use Non-Personally Identifiable Information (Non-PII)
We use Non-PII to monitor and improve the quality of our services and Website, to remember your Website preferences and selections, and for research and statistical purposes. We also use non-personally identifiable information in aggregate in our annual report and other materials we produce, and to educate the public about the services we provide.
C. Other Uses of Personal Information
We may transfer personal information to Service Providers such as outside contractors, auditors, consultants or others hired by the Foundation to assist in providing financial or operational activities on the Foundation’s behalf, including technical and processing services and analysis of website performance.
D. Legal Requirements
We may transfer PII to other third parties if we receive your permission or we are required to do so by law, or we have a good faith belief that such disclosure is necessary to comply with a current judicial proceeding, a court order, a legal process served on the Foundation or to resolve any potential fraud or perceived irregularity in any audits of the accuracy of any documentation or information submitted to the Foundation by you or on your behalf, as deemed appropriate by the Foundation.
E. Transfers of Business Assets
In the event the Foundation goes through a transaction, such as a merger, being acquired by another entity, bankruptcy, or selling all or a portion of its assets, your PII may be part of the business assets transferred. We can provide no assurance that you will be notified in advance of the transfer, if any, of your PII in connection with any such transition or transfer.
F. Protection of Foundation and Others
We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of our Foundation, employees, users, or others. This includes exchanging information with other companies and organizations for fraud protection and data breach risk reduction.
G. Aggregate or Anonymous Information
We may share Non-PII with Service Providers and other third parties.
H. With Consent
Except as set forth above, you will be notified when PII may be shared with third parties, and will be able to prevent the sharing of this information.
I. Links to Other Websites
The Website includes links (the “Linked Sites”) to other websites. In providing access to these Linked Sites, the Foundation is by no means endorsing the products or services on these Linked Sites. The Foundation is not responsible for the privacy practices or the content of the Linked Sites, and hereby expressly disclaims all responsibility and liability associate with use of the Linked Sites. We recommend that you review the privacy statements posted on those sites to understand their procedures for using and disclosing personal information.
How We Protect and Retain Your Information
A. Security Measures
We and our Service Providers protect your information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of the safeguards we use are firewalls, data encryption, intrusion detection, anti-virus controls, using physical access controls to our data centers, and information access authorization controls. Sensitive Personal Information is not stored on the Foundation Website, see Section III.B below. Because the internet and mobile web are inherently insecure and no information system is 100% secure and even the most secure system can be compromised, we cannot guarantee security. As such, the Foundation cannot ensure or warrant the security of any information you transmit to the Foundation, including without limitation personally identifiable information (“PII”).
B. Patient and Donor Personally Identifiable Information
We store PII in patient and donor data bases hosted by our Service Provider Salesforce. Salesforce’s privacy Policy is located at www.salesforce.com/company/privacy/. Salesforce is a certified licensee of the TRUSTe EU Safe Harbor Seal and abides by the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks.
C. Credit Card Transaction Information
Donor credit card transactions for donations to the Foundation are processed by our Service Provider CyberSource. The Foundation does not collect or retain any credit card information on our Website or systems. CyberSource’s privacy Policy is located at www.cybersource.com/privacy/. CyberSource is PCI-DSS compliant.
D. Donor Documentation.
Personally identifiable information (“PII”) is included in donor documents, proposals, and agreements retained on the Foundation’s systems.
The Foundation restricts access to Patient PII and Donor PII to authorized Foundation employees and our Service Providers, contractors, and agents who need that information in order to operate, develop, or improve the Foundation, our Website and services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination, if they fail to meet these obligations.
We delete and destroy individual records of patient and donor PII and all Non-PII according to Foundation’s Record Retention Schedule.
How to Control and Correct Your Information
A. Correcting your Personal Information
Donors and Patients may gain access to their personal information collected about you online, and to keep it accurate, complete and current, or to request deletion, you may contact us at support@healthwellfoundation.org. In some cases, where we are required to retain information by law or regulation, or to continue to manage a service you have requested, or to ensure that we honor your preferences, or for other necessary business purposes, we may not be able to delete certain personal information about you. Where offered, you also may update personal information about you online by modifying information that you previously have entered into forms or data fields on our Website. Where permitted by law, your ability to access and correct personal information will be limited where access and correction would: inhibit Foundation’s ability to comply with a legal or ethical obligation, inhibit the Foundation’s ability to investigate, make or defend legal claims, result in disclosure of personal information about a third party, result in breach of a contract or disclosure of trade secrets or other proprietary business information belonging to Foundation or a third party.
B. Your California Privacy Rights
Under California Civil Code Section 1798.83, California residents who have an established business relationship with us have the right to request that we provide certain information regarding the disclosure of their personal information to third parties for their direct marketing purposes during the immediately preceding calendar year. You may send your request for such information to support@healthwellfoundation.org. Requests shall only be accepted via this email address. We are not responsible for requests made over the telephone or by any other means.
C. Unsubscribe from Monthly Newsletter
Patients and Donors may opt out of the monthly newsletter by adjusting the settings in your user account or using the unsubscribe instructions in a newsletter email. We will also use the information you submit to the Website to facilitate completion of your donations made via the Website and to provide you with tools to manage and monitor your transactions.
D. Learn More about Cookies, Web Beacons, and other Technologies
This Website uses various tools to collect information about you as disclosed in Section I. You may accept or decline Cookies. Most browsers automatically accept Cookies. You may elect not to provide user data to us or our Service Providers by following the opt-out procedures set forth below, but you may not be able to access some of our Services.
To learn more about Cookies, including how to refuse Cookies on your computer by adjusting web browser settings, follow these links:
- All About Cookies: www.allaboutcookies.org/cookies/
E. Opting Out of Cookies
The Foundation and its Service Providers’ Cookies do not have an “opt-out” option, but you always have the option of blocking the use of Cookies by changing the privacy settings in your Internet browser. Should you have any questions or concerns regarding this policy, please contact us at: support@healthwellfoundation.org.
F. Limitation of Liability
YOU UNDERSTAND AND AGREE THAT ANY DISPUTE RELATING TO THIS WEBSITE OR YOUR USE OF THIS WEBSITE, INCLUDING BUT NOT LIMITED TO A DISPUTE OVER PRIVACY, IS SUBJECT TO THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY AND THE FOUNDATION’S TERMS OF USE (INCLUDING ANY INDEMNIFICATION AND LIMITATIONS ON DAMAGES CONTAINED THEREIN). A LINK TO THESE TERMS OF USE CAN BE FOUND AT THE BOTTOM OF THE HOME PAGE OF EACH OF THE FOUNDATION’S WEBSITES.
G. Unavailability of Website
The Foundation reserves the right to alter, suspend or discontinue this website at any time for any reason without notice or cause. This website may be temporarily unavailable due to maintenance or malfunction of computer equipment.
Agreement; Changes to this Privacy Policy
By using our Website, you signify your consent to the data practices described in this Privacy Policy and agree that your visit and any dispute over privacy is subject to our Terms of Use, including without limitation, provisions regarding limitations on Foundation liability and application of the laws of the United States of America and the laws of the State of Maryland.
The Foundation may periodically update this policy in response to new technologies, changes in applicable laws, or for any other reason in the Foundation’s sole discretion. If we decide to change this policy, we will post those changes here so you will always know what information we gather, how we might use that information, and whether we will disclose it to anyone. Please be sure to review this policy periodically to stay informed of any changes. You can tell when this Privacy Policy was modified by looking at the “Last Updated” legend at the top of the page.