Last updated: October 18, 2023
THE FOUNDATION IS NOT A MEDICAL PROVIDER NOR IS IT A “COVERED ENTITY” SUBJECT TO STATE OR FEDERAL LAWS GOVERNING THE PRIVACY OF MEDICAL RECORDS OR INFORMATION, INCLUDING THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996, COMMONLY REFERRED TO AS “HIPAA”.
DONOR PRIVACY: We will not sell, share, or trade our donors’ names or personal information with any other entity, nor send mailings to our donors on behalf of other organizations. This policy applies to all information received by the Foundation, both online and offline, as well as any electronic, written, or oral communications.
- INFORMATION WE COLLECT
This policy applies to information we collect:
- On this Website and through our Web Portals.
- In email, text, and other electronic messages between you and this Website.
- When you interact with our email, social media, and marketing applications.
- Sensitive information from patient eligibility forms.
- Sensitive information from our sponsors and donors.
- From employees and board members.
- From outbound marketing communications.
It does not apply to information collected by:
- Us, offline or through any other means, including on any other website operated by the Foundation or any third party (including our affiliates and subsidiaries);
- Our affiliates or subsidiaries; or
- Any third party (including our business partners and service providers), including through any application or content that may link to or be accessible from or on the Website.
Children Under the Age of 18
If you are under 18, do not use or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at email@example.com.
- INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
We collect several types of information from and about users of our Website and our Web Portals, including information:
- By which you may be personally identified, such as first and last name, account password, postal address, email address, social media addresses, telephone number, social security number, insurance information, or any other identifier by which you may be contacted online or offline (“personal information”);
- That is about you but individually does not identify you, such as an alias, a 9-digit ZIP code, or a unique personal identifier; and/or
- About your internet connection, the equipment you use to access our Website, and usage details.
We collect this information:
- Directly from you when you enter it in forms or surveys on our Website or through our Web Portals, apply for assistance, subscribe to a newsletter, make a donation, contribute a personal story, tweet to us, post web videos on our Facebook page, post a comment on our YouTube videos, our Facebook page, our Linkedin profile, our Instagram account and our X (formerly Twitter) account; provide information by postal mail, telephone, email, fax or use other features and resources on the Website and in our other social media presences.
We collect Sensitive Information as follows:
- Sensitive information is collected from donors and sponsors who make donations to the Foundation or sharing content on our social media accounts, please do not disclose sensitive personal information (information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context, such as protected health information, social security numbers, or healthcare account numbers) unless we specifically request your consent.
- Automatically as you navigate through the Website and our Web Portals. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
- From third parties, for example, our business partners.
- INFORMATION WE COLLECT THROUGH AUTOMATIC DATA COLLECTION TECHNOLOGIES
As you navigate through and interact with our Website and our Web Portals, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
- Visit Data. Details of your visits to our Website and our Web Portals, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.
- Device Data. Information about your computer and internet connection, including your IP address, operating system, and browser type.
We may also use a variety of tools to collect data about your visit to our Website and our Web Portals or social media presences, often referred to as “Cookies.”
- Local Data Storage. Certain features of our Website and our Web Portals may use locally stored objects to collect and store information about your preferences and navigation to, from, and on our Website. For information about managing your privacy and security settings for Local Data Storage, see Choices About How We Use and Disclose Your Information.
- Web Beacons. Pages of our Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or [opened an email] and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
- HOW WE USE YOUR INFORMATION
We use information that we collect about you or that you provide to us, including any personal information that:
- Presents our Website and our Web Portals and their respective contents to you.
- Notifies you about changes to our Website and our Web Portals or any products or services we offer or provide through them.
- Provides you with information, products, or services that you request from us, namely determining eligibility for assistance for certain out-of-pocket health care costs (“assistance programs”).
- Provides you with assistance applying for assistance programs.
- Provides communications with patients about assistance programs.
- Allows you to transfer to healthcare providers and their staffs, pharmacy, employer, insurance company, and other persons or entities working on your behalf to obtain eligible treatment or therapy.
- Allows you to transfer to our pharmacy card vendor to process payments, and
- Allows you to share stories and comments on social media
- To fulfill any other purpose for which you provide it.
- Provides you with notices about your account, including expiration and renewal notices.
- Carries out our obligations and enforces our rights arising from any contracts entered into between you and us, including for billing and collection.
- Accept and process donations.
- Communicates with donors and supporters about contributions.
- Sends Foundation newsletters to donors.
- Transfers to outside contractors, auditors, consultants or others hired by the Foundation to assist in providing a monthly newsletter for donors.
- Shares stories and comments on social media.
If you do not want us to use your information in this way, please adjust your user preferences in your browser and account profile. For more information, see Choices About How We Use and Disclose Your Information.
- DISCLOSURE OF YOUR INFORMATION
- To our subsidiaries and affiliates.
- To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Foundation’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by the Foundation about our Website users is among the assets transferred.
We may also disclose your personal information:
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Foundation, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
Third parties may provide you with ways to choose not to have your information collected or used in this way:
- You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI’s website.
- California residents may have additional personal information rights and choices. Please see Your State Privacy Rights, for more information.
- Nevada residents who wish to exercise their sale opt-out rights under Nevada Revised Statutes Chapter 603A may submit a request to this designated address: firstname.lastname@example.org. However, please know we do not currently sell data triggering that statute’s opt-out requirements.
Your State Privacy Rights
State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information. If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to email@example.com or write us at: HealthWell Foundation, 20440 Century Blvd, Suite 250, Germantown, MD 20874.
Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to:
- Confirm whether we process their personal information.
- Access and delete certain personal information.
- Data portability.
- Opt-out of personal data processing for targeted advertising and sales.
Colorado, Connecticut, and Virginia also provide their state residents with rights to:
- Correct inaccuracies in their personal information, taking into account the information’s nature processing purpose.
- Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.
To exercise any of these rights please send an email to firstname.lastname@example.org or write us at: HealthWell Foundation, 20440 Century Blvd, Suite 250, Germantown, MD 20874. To appeal a decision regarding a consumer rights request please send an email to email@example.com or write us at: HealthWell Foundation, 20440 Century Blvd, Suite 250, Germantown, MD 20874.
- DATA SECURITY
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. See our data security measures, below.
- Your Responsibility. All information you provide to us is stored on our secure servers behind firewalls. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Website like message boards. The information you share in public areas may be viewed by any user of the Website. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
- Security Measures. We and our Service Providers protect your information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of the safeguards we use are firewalls, data encryption, intrusion detection, anti-virus controls, using physical access controls to our data centers, and information access authorization controls. Sensitive Personal Information is not stored on the Foundation Website, see the Patient and Donor Personally Identifiable Information, Because the internet and mobile web are inherently insecure and no information system is 100% secure and even the most secure system can be compromised, we cannot guarantee security. As such, the Foundation cannot ensure or warrant the security of any information you transmit to the Foundation.
- Donor Documentation. Information about patients and donors may be included in donor documents, proposals, and agreements retained on the Foundation’s systems. The Foundation restricts access to patient and donor information to authorized Foundation employees and our Service Providers, contractors, and agents who need that information in order to operate, develop, or improve the Foundation, our Website, Web Portals and services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination, if they fail to meet these obligations. We delete and destroy individual records of patient and donor information according to Foundation’s Record Retention Schedule.
- or write us at: HealthWell Foundation, 20440 Century Blvd, Suite 250, Germantown, MD 20874.