Privacy Notice
Last Updated: Dec 05, 2023
Welcome to the UCLA Health Privacy Notice! Our mission is to deliver leading-edge patient care, research, and education. Our vision is to heal humankind, one patient at a time, by improving health, alleviating suffering and delivering acts of kindness. This Privacy Notice explains how the UCLA Health System (“UCLA Health”, “we”, “us” or “our”) collects, uses, discloses, and otherwise processes personal information (as defined below) in connection with our website https://www.uclahealth.org/ and other websites we own and operate that link to this Privacy Notice (the “Sites”), and the related content, platform, services, products, and other functionality offered on or through our services (collectively, the “Services”). It does not address our privacy practices relating to UCLA Health employees and other personnel.
UCLA Health is the controller of the personal information we hold about you in connection with your use of the Services. This means that we determine and are responsible for how your personal information is used.
This Privacy Notice does not apply to the collection, use, and disclosure of your protected health information. Please see our HIPAA Notice of Privacy Practices for more information about how UCLA Health collects, uses, and discloses your protected health information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
GLOBAL APPLICABILITY AND REGION-SPECIFIC DISCLOSURES
This Privacy Notice is designed to apply to our Site visitors and users of our Services. We may choose or be required by law to provide additional disclosures relating to the processing of personal information in certain countries, regions or states. Please refer below for disclosures that may be applicable to you:
European Economic Area, United Kingdom, or Switzerland: If you are located in the European Economic Area (“EEA”), United Kingdom, or Switzerland or otherwise engage with UCLA Health’s European operations, please see the Privacy Disclosures for the European Economic Area, United Kingdom, and Switzerland for additional specific privacy disclosures, including what constitutes your personal information, the lawful bases we rely on to process your personal information, how we use cookies when you access our Sites from the EEA, UK, or Switzerland and your rights in respect of your personal information.
- WHAT IS PERSONAL INFORMATION?
When we use the term “personal information” in this Privacy Notice, we mean any data or information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular natural person or household or any other data or information that constitutes “personal data”, “personal information,” or “personally identifiable information.” As noted above, it does not include protected health information under HIPAA.
- OUR COLLECTION AND USE OF PERSONAL INFORMATION
We collect personal information in a variety of ways. For example, you may provide us your personal information when you contact us or send us messages, conduct a search on our Sites, subscribe to our mailing lists, newsletters or other forms of marketing communications, submit a job application, participate in a survey, make a purchase at our gift shop, or use some other feature of our Service.
We may link or combine your activities and information collected from you on our websites and mobile apps with information we receive from third parties, as well as information we collect automatically through tracking technologies (defined below). This allows us to provide you with a personalized experience regardless of how you interact with us.
Personal Information Collected from You
We may collect the following categories personal information submitted to us by individuals through the Services:
- Contact Information, including first and last name, email address, your country or region and communication preferences. We use this information to fulfill your request, to communicate with you directly, and to send you marketing communications in accordance with your preferences.
- Payment Information. If you make a purchase at one of our gift shops or register for one of our Events or Conferences, we may collect payment information in order to complete your transaction. Please note that we use third party payment processors to process credit card payments made to us. As such, we do not retain any personally identifiable financial information in connection with credit card payments, such as credit card numbers. Rather, all such information is provided directly by you to our third-party processor. The payment processor’s use of your personal information is governed by their privacy notice.
- Inquiry and Communications Information, including information provided in custom messages sent through the forms, in chat messages, to one of our email addresses, or via phone. We use this information to investigate and respond to your inquiries, and to communicate with you, to enhance the Services we offer to our users and to manage and grow our organization.
- Newsletter and Marketing Emails, including email address and applicable interests and communication preferences. We use this information to manage our communications with you and send publications highlighting the latest findings in medicine, research and wellness to support healthy active living. If you wish to stop receiving email messages from us, simply click the “unsubscribe link” provided at the bottom of the email communication. Note that you cannot unsubscribe from certain services-related email communications (e.g., account verification, technical or legal notices).
- Survey Information, including information provided when you provide information included in any questions submitted through surveys or content of any testimonials. We use this information to administer and facilitate the Services, to respond to your submission, to communicate with you, to conduct market research, inform our marketing and advertising activities and improve and grow our business.
- Events and Conferences Registration Information, including, for example, through the Office of Continuing Medical Education (“CME”), we may collect account login information and event registration information.
- Feedback Information. We may collect feedback you provide relating to our Services. We use this information to communicate with you, to conduct market research, inform our marketing and advertising activities and improve and grow our business.
- Employment Application Information, including your contact and demographic information, educational and work history, employment interests, information obtained during interviews and any other information you choose to provide, if you apply for employment.
Information Automatically Collected
As is true of many digital properties, we and our third-party partners may automatically collect certain information from or in connection with your device when visiting or interacting with our Services, such as the list below and in the sub-sections here:
- Log Data, including internet protocol (IP) address, operating system, device type and version, browser type and version, browser id, the URL entered and the referring page/campaign, date/time of visit, other user agent string data, the time spent on our Services, and any errors that may occur during the visit to our Services). Log data may overlap with the other categories of data below.
- Analytics data, Including the electronic path you take to our services, through our services and when exiting our services, UTM source, as well as your usage and activity on our services, such as the time zone, activity information (first and last active date and time), usage history (flows created, campaigns scheduled, emails opened, total log-ins) as well as the pages, links, objects, services you view, click or otherwise interact with.
- Location data, such as general location information we derive from your IP address.
We and our third-party providers may use (i) cookies or small data files that are stored on an individual’s computer and (ii) other, related technologies, such as web beacons, pixels, embedded scripts, location-identifying technologies and logging technologies (collectively, “cookies”) to automatically collect this information. We may also use this information to distinguish you from other users of our Services. This helps us monitor and analyze how you use and interact with our Services. It also helps us and our partners to determine products and services that may be of interest to you.
For more information about these practices and your choices regarding cookies, please see the Cookie Notice.
Personal Information from Third Parties
We also obtain personal information from third parties; which we often combine with personal information we collect either automatically or directly from an individual.
We may receive the same categories of personal information as described above from the following third parties:
- UCLA Health System: We may receive personal information from other hospitals or primary care networks that are part of the UCLA Health System.
- Social Media: When an individual interacts with our Services through various social media networks, such as when someone “Likes” us on Facebook or follows us, comments, or shares our content on Facebook, Twitter, or other social networks, we may receive some information about individuals that they permit the social network to share with third parties. The data we receive is dependent upon an individual’s privacy settings with the social network and may include certain profile information. We use this information to operate, maintain, and provide to you the features and functionality of the Service, as well as to communicate directly with you, such as to send you email messages about products and services that may be of interest to you.
- Service Providers: Our service providers that perform services solely on our behalf, such as survey and marketing providers and payment processors, collect personal information and often share some or all of this information with us. The information may include contact information, demographic information, transaction information, and information about your communications and related activities. We may use this information to administer and facilitate our Services and our marketing activities.
- Community Partners: We may receive your personal information, such as name and email address, from our community partners through which we may offer events, programs, or services that contribute to improving the lives and livelihoods of our communities.
- Other Sources: We may also collect Personal Information about individuals that we do not otherwise have from, for example, publicly available sources, third-party data providers, or through transactions such as mergers and acquisitions. We use this information to operate, maintain, and provide to you the features and functionality of the Service, as well as to communicate directly with you, such as to send you email messages about products and services that may be of interest to you.
Through the provision of our Services, we may also process anonymous and otherwise deidentified information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular consumer or household. UCLA Health commits to maintain and use the information in deidentified form and will not attempt to reidentify the information, except in instances where necessary for determining whether the deidentification process used by UCLA Health satisfies the requirements under applicable law.
Additional Uses of Personal Information
We may use personal information we collect to:
- Fulfill or meet the reason the information was provided, such as to fulfill our contractual obligations, to deliver the Services you have requested and to process transactions;
- Manage our organization and its day-to-day operations;
- Register you for and provide you access to events and conferences;
- Communicate with individuals, including via email, social media and/or telephone calls;
- Request individuals to complete surveys about our organization, organizations we partner with, and Services;
- For marketing and advertising purposes, including to market to you or offer you through email or direct mail, information and updates on products or services we think that you may be interested in (where applicable, we may send you marketing messages if you have given us your consent to do so);
- Administer, improve and personalize our Services, including by recognizing an individual and remembering their information when they return to our Services;
- Identify and analyze how individuals use our Services, and to improve and customize our Services to address the needs and interests of our user base and other individuals we interact with;
- Test, enhance, update and monitor the Services, or diagnose or fix technology problems;
- Help maintain the safety, security and integrity of our property and Services, technology assets and business;
- To enforce our agreements, to resolve disputes, to carry out our obligations and enforce our rights, and to protect our business interests and the interests and rights of third parties;
- To fulfill any other purpose for which you provide personal information and or any other lawful purpose, or other purpose that you consent to.
Where you choose to contact us, we may need additional information to fulfill the request or respond to inquiries. We may provide you with additional privacy-related information where the scope of the inquiry/request and/or personal information we require fall outside the scope of this Privacy Notice. In that case, the additional privacy notice will govern how we may process the information provided at that time.
UCLA Health’s information management practices conform to the requirements of the Information Practices Act of 1977 (Civil Code Section 1798, et seq.), the Public Records Act (California Government Code Section 6250, et seq.), California Government Code Section 11015.5, and other applicable laws pertaining to information privacy.
Any information acquired by the UCLA Health through the Sites is subject to the limitations set forth in the Information Practices Act. UCLA Health will not distribute or share electronically collected personal information (as defined in subdivision (d) of California Government Code Section 11015.5) about users to any third party without the permission of the user, except in narrow circumstances set forth in this Notice. UCLA Health will not sell any electronically collected personal information to any third party. Such electronically collected personal information is exempt from requests made pursuant to the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1).
- OUR DISCLOSURE OF PERSONAL INFORMATION
We may also share, transmit, disclose, grant access to, make available, and provide personal information with and to third parties, as follows:
- UCLA Health System: We may share personal information with other hospitals or primary care networks that are part of the UCLA Health System.
- Marketing Providers: We coordinate and share personal information with our marketing providers in order to communicate with individuals about the Services we make available.
- Customer Service and Communication Providers: We share personal information with third parties who assist us in providing our customer services and facilitating our communications with individuals that submit inquiries.
- Other Service Providers: In addition to the third parties identified above, we engage other third-party service providers that perform business or operational services for us or on our behalf, such as website hosting, infrastructure provisioning, IT services, analytics services, employment application-related services, payment processing services, and administrative services.
- Survey Providers: We share personal information with third parties who assist us in delivering our surveys and processing the responses.
- Online Advertising Partners: We may also share personal information with advertising networks or permit these partners to collect information from you directly on our websites to facilitate online advertising, such as search engines and social network advertising providers to serve targeted ads to you or to groups of other users who share similar traits, such as likely commercial interests and demographics, on third-party platforms. For more information, including how to opt out of interest-based advertising, please see the Cookie Notice.
- Business Transaction or Reorganization: We may take part in or be involved with a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets. We may disclose personal information to a third party during negotiation of, in connection with or as an asset in such a corporate business transaction. Personal information may also be disclosed in the event of insolvency, bankruptcy or receivership.
- Legal Obligations and Rights: We may disclose personal information to third parties, such as legal advisors and law enforcement:
- in connection with the establishment, exercise, or defense of legal claims;
- to comply with laws or to respond to lawful requests and legal process;
- to protect our rights and property and the rights and property of others, including to enforce our agreements and policies;
- to detect, suppress, or prevent fraud;
- to protect the health and safety of us and others; or
- as otherwise required by applicable law.
- With Your Consent: We may disclose personal information about an individual to certain other third parties or publicly with their consent or direction. For example, with an individual’s consent or direction we may post their testimonial on our Sites or service-related publications.
UCLA Health will not distribute or share “electronically collected personal information” (as defined in subdivision (d) of California Government Code Section 11015.5) about users to any third party without the permission of the user, except in narrow circumstances as set forth in this Privacy Notice, such as instances when authorized under law (including but not limited to the Information Practices Act), or to assist another state agency or public law enforcement organization in any case where the security of a network operated by a state agency has been, or is suspected of having been, breached. UCLA Health will not sell any electronically collected personal information to any third party. Such electronically collected personal information is exempt from requests made pursuant to the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1).
- CONTROL OVER YOUR INFORMATION
You may control your information in the following ways:
- Email Communications Preferences. You can stop receiving promotional email communications from us by clicking on the “unsubscribe” link provided in such communications. You may not opt-out of service-related communications (e.g., account verification, transactional communications, changes/updates to features of the Services, technical and security notices).
- Modifying or Deleting Your Information. If you have any questions about reviewing, modifying, deleting, or exercising your option of having your personal information discarded without reuse or distribution (pursuant to California Government Code section 11015.5), you can contact us directly by sending a written request to the postal or email address set out in the Contact Us section, below. We may not be able to modify or delete your information in all circumstances.
- CHILDREN'S PERSONAL INFORMATION
Our Services are not directed to, and we do not intend to, or knowingly, collect or solicit personal information from children under the age of 13. If an individual is under the age of 13, they should not use our Services or otherwise provide us with any personal information either directly or by other means. If a child under the age of 13 has provided personal information to us, we encourage the child’s parent or guardian to contact us to request that we remove the personal information from our systems. If we learn that any personal information we collect has been provided by a child under the age of 16, we will promptly delete that personal information.
- Links to Third-Party Websites or Services
Our Services may include links to third-party websites, plug-ins and applications. Except where we post, link to or expressly adopt or refer to this Privacy Notice, this Privacy Notice does not apply to, and we are not responsible for, any personal information practices of third-party websites and online services or the practices of other third parties. To learn about the personal information practices of third parties, please visit their respective privacy notices.
- Updates to This Privacy Notice
We may update this Privacy Notice from time to time. When we make changes to this Privacy Notice, we will change the date at the beginning of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify individuals by email to their registered email address, by prominent posting on our Services, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided. We encourage you to review this Privacy Notice frequently to be informed of how we are processing your information.
- Contact Us
If you have any questions or requests in connection with this Privacy Notice or other privacy-related matters, please contact us by using one of the following methods:
Compliance Office
800-403-4744
[email protected]
COOKIE NOTICE
Last Modified: Jan 06, 2023
Unless otherwise expressly stated, terms in this notice have the same meaning as defined in the Privacy Notice.
- SCOPE OF NOTICE
This Cookie Notice supplements the information contained in the Privacy Notice and explains how we and our third-party partners and service providers use cookies and related technologies in the course of managing and providing our online services and our electronic communication to you. It explains what these technologies are and why we use them, as well as your rights to control our use of them. As noted in our Privacy Notice, this Cookie Notice does not apply to protected health information under HIPAA.
In some cases, we may use cookies and related technologies described in this Cookie Notice to collect personal information, or to collect information that becomes personal information if we combine it with other information. For more details about how we process your personal information, please review the Privacy Notice.
- WHAT ARE COOKIES AND RELATED TECHNOLOGIES
As is common practice among websites, our Services use cookies, which are tiny files downloaded to your device that allow us and our third-party partners to collect certain information about your interactions with our email communications, websites and other online services, and that improve your experience. We and our third-party partners and providers may also use other, related technologies to collect this information, such as web beacons, pixels, embedded scripts, location-identifying technologies and logging technologies (collectively, “cookies”).
We use the following types of cookies:
- Strictly necessary cookies. These cookies enable core functionality such as security, network management and accessibility. You may disable these by changing your browser settings, but this may affect how the Services function. The legal basis for our use of strictly necessary cookies is our legitimate interests, namely being able to provide and maintain our Services.
- Functional cookies. These enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. The legal basis for our use of functionality cookies is our legitimate interests, namely being able to provide and maintain our Services.
- Analytical/performance cookies. These cookies allow us to recognize and count the number of visitors to our Services, and to see how visitors move around our Services when they are using them. This helps us to improve the way our Services work, for example, by ensuring that users are finding what they are looking for easily. If you are accessing our Services with a European IP address, you have been asked to consent to the use of these cookies. You are free to deny your consent.
- Targeting Cookies: These cookies record your visit to our Services, the pages you have visited and the links you have followed. They are used to track visitors across our Services. If you are accessing our Services with a European IP address, you have been asked to consent to the use of these cookies. You are free to deny your consent.
- WHAT WE COLLECT WHEN USING COOKIES
We and our third-party partners and providers may use cookies to automatically collect certain types of usage information when you visit or interact with our email communications and Services. For example, we may collect log data about your device and its software, such as your IP address, operating system, browser type, date/time of your visit, and other similar information. Our emails may also contain tracking pixels that identify if and when you have opened an email that we have sent you, how many times you have read it and whether you have clicked on any links in that email. We may also collect analytics data or use third-party analytics tools to help us measure usage and activity trends for our online services and better understand the individuals using our services. We also may collect location data, including general geographic location based on IP address.
We may include or engage in the following as part of our Services:
- Social Media Widgets. Our Services may include social media features, such as the Facebook “Like” button, Pinterest, Instagram, Twitter or other widgets. These social media companies may recognize you and collect information about your visit to our Services, and they may set a cookie or employ other tracking technologies. Your interactions with those features are governed by the privacy policies of those companies.
- Social Media Platforms. We may display targeted advertising to you through social media platforms, such as Facebook, Twitter, Instagram, LinkedIn, and other social media forums. These companies have interest-based advertising programs that allow us to direct advertisements to users who have shown interest in our services while those users are on the social media platform, or to groups of other users who share similar traits, such as likely commercial interests and demographics. We may share a unique identifier, such as a user ID, with these platform providers or they may collect information from our website visitors through a first-party pixel, in order to direct targeted advertising to you or to a custom audience on the social media platform. These advertisements are governed by the privacy policies of those social media companies that provide them. If you do not want to receive targeted ads on your social networks, you may be able to adjust your advertising preferences through your settings on those networks.
- Third Party Partners. We work with a variety of third-party partners to provide analytics and advertising services. For example, we use Google Analytics to recognize you and link the devices you use when you visit our Services on your browser or mobile device, log in to your account on our Services, or otherwise engage with us. We share a unique identifier, like a user ID, with Google to facilitate the service. Google Analytics allows us to better understand how our users interact with our Services and to tailor our advertisements and content to you. For information on how Google Analytics collects and processes data, as well as how you can control information sent to Google, review Google's website, “How Google uses data when you use our partners’ sites or apps” located at www.google.com/policies/privacy/partners/. You can learn about Google Analytics’ currently available opt-outs, including the Google Analytics Browser Ad-On here: https://tools.google.com/dlpage/gaoptout/.
We may also utilize certain forms of display advertising and other advanced features through Google Analytics. These features enable us to use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick advertising cookie) or other third-party cookies together to inform, optimize, and display ads based on your past visits to the Services. You may control your advertising preferences or opt-out of certain Google advertising products by visiting the Google Ads Preferences Manager, currently available at https://google.com/ads/preferences, or by visiting NAI’s online resources at https://www.networkadvertising.org/choices.
- HOW WE USE INFORMATION COLLECTED VIA COOKIES
We use cookies for a variety of reasons outlined below:
- If you create an account with us, we will use cookies for the management of the signup process and general administration. These cookies will usually be deleted when you log out; however, in some cases, they may remain in order to remember your site preferences when logged out.
- The Services may offer payment capabilities and some cookies are essential to ensure that your order is remembered between pages so that we can process it properly.
- When you submit data through a form, such as those found on the contact pages, cookies may be set to remember your user details for future correspondence.
- In order to provide you with a great experience on the Services, we provide the functionality to set your preferences for how the Services run when you use it. In order to remember your preferences, we need to set cookies so that this information can be called whenever you interact with a website page.
- We use cookies to provide and monitor the effectiveness of our Services, monitor online usage and activities of our Services, and facilitate the purposes identified in the How We Use Your Personal Information section of our Privacy Notice.
- We may also use the information we collect through cookies to understand your browsing activities, including across unaffiliated third-party sites, so that we can deliver information about products and services that may be of interest to you.
- Tracking technology used in emails helps us measure the effectiveness of our marketing email campaigns, make the emails we send to you more relevant to your interests and help us understand if you have opened and how you interacted with our email.
Please note that we link some of the personal information we collect through cookies with the other personal information that we collect about you and for the purposes described in our Privacy Notice.
Note UCLA Health will not distribute or share “electronically collected personal information” (as defined in subdivision (d) of California Government Code Section 11015.5) about users to any third party without the permission of the user, except in narrow circumstances as set forth in our Privacy Notice. UCLA Health will not sell any electronically collected personal information to any third party.
- YOUR CHOICES ABOUT COOKIES
If you are located in the European Economic Area, United Kingdom, or Switzerland, other than strictly necessary cookies, which are required for the operation of our Service, we will only place cookies on your device if you give us your consent to do so. We will ask you to tell us which cookies you agree to receive when you first access our Service.
If you would prefer not to accept cookies, you can use our cookie consent management tool (where available). Moreover, most browsers will allow you to change the setting of cookies by adjusting the settings on your browser to: (i) notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Be aware that disabling cookies may negatively affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionalities and features of the Services.
Depending on your device and operating system, you may not be able to delete or block all cookies. In addition, if you want to reject cookies across all your browsers and devices, you will need to do so on each browser on each device you actively use. These settings will typically be found in the "options" or "preferences" menu of your browser. In order to understand these settings, the following links may be helpful, otherwise you should use the "Help" option in your browser for more details.
Cookie settings in Internet Explorer
Cookie settings in Firefox
Cookie settings in Chrome
Cookies settings in Safari web and iOS
You may also set your email options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our email and performed certain functions with it.
If you would like to find out more about cookies and other similar technologies, please visit www.allaboutcookies.org. or the Network Advertising Initiative's online sources at www.networkadvertising.org.
Please note that deleting or blocking cookies may not be effective for all types of tracking technologies, such as Local Storage Objects (LSOs) like HTML5.
PRIVACY DISCLOSURES FOR THE EUROPEAN ECONOMIC AREA, UNITED KINGDOM, AND SWITZERLAND
Last Modified: Jan 06, 2023
These Privacy Disclosures set out information about how we use your personal data when you access our Service from the European Economic Area (“EEA”), United Kingdom ("UK"), or Switzerland. Please ensure that you have read and understood these Privacy Disclosures before you access or use the Service.
Personal Data: When we use the term “personal data” in these Privacy Disclosures, we mean information relating to an identified or identifiable natural person.
Controller: The UCLA Health System, a company duly incorporated and organised under the laws of United States of America, having its registered address at 757 Westwood Plaza, Los Angeles, CA 90095, is the “controller” responsible for the processing of personal data in connection with our Service. This means that we determine and are responsible for how your personal data is used.
- LEGAL BASES FOR THE PROCESSING
Regularly, we use your personal data based on the following legal grounds according to the Regulation (EU) 2016/679 (the “EU GDPR”) or, where applicable, the “UK GDPR” as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the UK European Union (Withdrawal) Act 2018 GDPR:
- Perform our contractual services, including prior to entering into a contract with you. If you order services from us or if you contact us to request our services, we use your personal data to provide you with these services, including for account and contract management, to facilitate user benefits and services, including customer support, and evaluate your candidacy for employment and to facilitate the onboarding process.
- Justified by our legitimate interests. The usage of your personal data may also be necessary for our own business interests. For example, we may use some of your personal data to send gifts to you; market our Services to individuals; administer, improve and personalize our services, including by recognizing an individual and remembering their information when they return to our services and analyzing our client-base; process payment for our services; conduct market research; opportunity tracking, conversion and lead generation; test, enhance, update and monitor the services, or diagnose or fix technology problems; help maintain the safety, security and integrity of our property and services, technology assets and business; enforce our agreements, resolve disputes, carry out our obligations and enforce our rights, and protect our business interests and the interests and rights of third parties; and prevent, investigate or provide notice of fraud or unlawful or criminal activity.
- Consent. In some cases, we may ask you to grant us separate consent to use your personal data.
- Compliance with legal obligations. We are obligated to retain certain personal data because of legal requirements, for example, tax or commercial laws, or we may be required by law enforcement to provide personal data on request.
The table at Annex 1 and Annex 2 set out further detail about the categories of personal data we collect about you, how we use that information when you use the Service, as well as the legal basis which we rely on to process the personal data and recipients of that personal data.
We may link or combine the personal data we collect about you and the information we collect automatically.
We may anonymise and aggregate any of the personal data we collect (so that it is no longer linked to you and does not identify you). We may use anonymised information for purposes that include testing our IT systems, research, data analysis, improving the Service. We may also share such anonymised and aggregated information with others.
We will also indicate to you, at the point that we collect personal data from you, if the provision of certain personal data is mandatory or optional. Some information, such as your name, address, payment transaction information, and information on your requested services, may be necessary for your use of certain features and functionalities of the Service. If you choose not to provide personal data marked as mandatory, we may not be able to provide those aspects of the Service to you, or to respond to your queries and other requests.
- HOW LONG WE STORE YOUR PERSONAL DATA
We do not generally store the personal data we collect about you after you use the Service, unless we are required to do so to comply with applicable law or if we believe your personal data may be necessary to deal with a complaint or legal claim.
- MARKETING AND ADVERTISING
From time to time we may contact you with information about our services, including sending you marketing messages and asking for your feedback on our services. Most marketing messages we send will be by email. For some marketing messages, we may use personal data we collect about you to help us determine the most relevant marketing information to share with you.
We will only send you such messages if you have given us your consent to do so. You can withdraw your consent at a later date by clicking on the unsubscribe link at the bottom of our marketing emails.
- STORING AND TRANSFERRING YOUR PERSONAL INFORMATION
Security. We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, change or damage. All personal data we collect will be stored by our cloud hosting provider on secure servers. We will never send you unsolicited emails or contact you by phone requesting credit or debit card information or national identification numbers.
International Transfers of your Personal Information. The personal data we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations. If you are located in the EEA, United Kingdom, or Switzerland your personal data may be processed outside of those regions, including in the United States.
In the event of such a transfer, we ensure that: (i) the personal data is transferred to countries recognised as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards that require the recipient to treat the personal data in a manner that is essentially equivalent to that guaranteed in the country you are in. If you are located in the EEA, United Kingdom or Switzerland, these safeguards include entering into agreements that incorporate the standard contractual clauses adopted by the European Commission and approved by the UK Information Commissioner.
If you wish to enquire further about the safeguards used, please contact us using the details set out at the beginning of these Privacy Disclosures.
- PROFILING AND AUTOMATED DECISION-MAKING
We may analyse personal data we have collected about you to create a profile of your interests and preferences so that we can contact you with information that is relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use personal data about you to detect and reduce fraud and credit risk.
We do not use your personal data for automated individual decision-making.
- YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA
In accordance with applicable privacy law, you have the following rights in respect of your personal data that we hold:
- Right of access. You have the right to obtain:
- confirmation of whether, and where, we are processing your personal data;
- information about the categories of personal data we are processing, the purposes for which we process your personal data and information as to how we determine applicable retention periods;
- information about the categories of recipients with whom we may share your personal data; and
- a copy of the personal data we hold about you.
- Right of portability. You have the right, in certain circumstances, to receive a copy of the personal data you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
- Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal data we hold about you without undue delay.
- Right to erasure. You have the right, in some circumstances, to require us to erase your personal data without undue delay if the continued processing of that personal data is not justified.
- Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal data if the continued processing of the personal data in this way is not justified, such as where the accuracy of the personal data is contested by you.
- Right to withdraw consent. There are certain circumstances where we require your consent to process your personal data. In these instances, and if you have provided consent, you have the right to withdraw your consent. If you withdraw your consent, this will not affect the lawfulness of our use of your personal data before your withdrawal.
You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal data, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
If you wish to exercise one of these rights, please email us at [email protected].
Due to the confidential nature of data processing we may ask you to confirm your identity when exercising the above rights.
You also have the right to lodge a complaint to your local data protection authority. If you are based in the European Union, infomation about how to contact your local data protection authority is available here. If you are based in the UK or Switzerland, your local data protection authorities are the UK Information Commissioner's Office (https://ico.org.uk/global/contact-us/) and the Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html).
- COOKIES AND SIMILAR TECHNOLOGIES USED ON OUR SERVICES
For more information about how we use cookies and similar technologies and your choices regarding cookies, please see the Cookie Notice.
ANNEX 1 – PERSONAL INFORMATION YOU PROVIDE TO US
Category of Personal Data | How we use the Personal Data | Legal Bases for Processing |
---|---|---|
Contact Information,including first and last name, email address, your country or region and communication preferences. We use this information to fulfill your request, to communicate with you directly, and to send you marketing communications in accordance with your preferences. | We use this information to communicate with you regarding your use of the Service, including sending service-related communications. | The processing is necessary for the performance of a contract with you. |
We use this information to deal with enquiries and complaints made by or about you relating to the Service. | The processing is necessary for our legitimate interests, namely administering the Service, and for communicating with you effectively to respond to your queries or complaints. | |
We use this information in connection with providing you with marketing communications in accordance with your preferences. | We will only use your personal data in this way to the extent you have given us consent to do so. | |
Payment information, including first and last name, email address, your country or region and communication preferences. | If you make a purchase at one of our gift shops or register for one of our Events or Conferences, we may collect payment information in order to complete your transaction. | The processing is necessary for the performance of a contract. |
We use this information to verify your identity in connection with the detection and prevention of fraud or financial crime. | The processing is necessary for our and third parties' legitimate interests, namely the detection and prevention of fraud and financial crime. | |
Inquiry and Communications Information, including information provided in custom messages sent through the forms, in chat messages, to one of our email addresses, or via phone. | We use this information to deal with enquiries and complaints made by or about you relating to the Service. | The processing is necessary for our legitimate interests, namely administering the Service, and for communicating with you effectively to respond to your queries or complaints. |
Newsletter and Marketing Emails, includingemail address and applicable interests and communication preferences. healthy active living. | We use this information to manage our communications with you and send publications highlighting the latest findings in medicine, research and wellness to support | We will only use your personal data in this way to the extent you have given us consent to do so. |
Survey Information, including information provided when you provide information included in any questions submitted through surveys or content of any testimonials. | We use this information to administer and facilitate the Services, to respond to your submission, to communicate with you, to conduct market research, inform our marketing and advertising activities and improve and grow our business. | We will only use your personal data in this way to the extent you have given us consent to do so. |
Events and Conferences Registration Information, including, for example, event registration information. | We use this information to administer the relevant event or conference. | The processing is necessary for the performance of a contract with you, namely the event or conference. |
Feedback Information. We may collect feedback you provide relating to our Services. | We use this information to address your questions, issues and concerns. | The processing is necessary for our legitimate interests, namely communicating with you and responding to queries, complaints and concerns. |
We use this information to improve the Service. | The processing is necessary for our legitimate interests (to develop and improve our service). | |
Employment Application Information, including your contact and demographic information, educational and work history, employment interests, information obtained during interviews and any other information you choose to provide, if you apply for employment. | We use this information to evaluate your job application. | This processing is necessary for our legitimate interests, namely evaluating your job application. |
ANNEX 2 – PERSONAL INFORMATION COLLECTED AUTOMATICALLY
Category of Personal Data | How We May Use It | Legal Basis for the Processing |
---|---|---|
Approximate location information. Other than information you choose to provide to us, we do not collect information about your precise location. Your device’s IP address may however help us determine an approximate location. | We use information you provide to us about your location to monitor and detect fraud or suspicious activity in relation to your account. | The processing is necessary for our legitimate interests, namely to protect our business and your account from fraud and other illegal activities. |
We use this information to tailor how the Service is displayed to you (such as the language in which it is provided to you). | We will only process your personal data in this way to the extent you have given us your consent to do so. | |
Information about how you access and use the Service. For example, how frequently you access the Service, the time you access the Service and how long you use it for, the approximate location that you access the Service from, the site from which you came and the site to which you are going when you leave our website, the website pages you visit, the links you click, whether you open emails or click the links contained in emails, whether you access the Service from multiple devices, and other actions you take on the Service. | We may use information about how you use and connect to the Service to present the Service to you on your device. | The processing is necessary for the performance of a contract with you, namely our TOS. |
We may use this information to determine products and services that may be of interest to you for marketing purposes. | We will only process your personal data in this way to the extent you have given us your consent to do so. | |
We may use this information to monitor and improve the Service and business, resolve issues and to inform the development of new products and services. | We will only process your personal data in this way to the extent you have given us your consent to do so. | |
Log files and information about your device. We also collect information about the tablet, smartphone or other electronic device you use to connect to the Service. This information can include details about the type of device, unique device identifying numbers, operating systems, browsers and applications connected to the Service through the device, your mobile network, your IP address and your device’s telephone number (if it has one). | We may use information about how you use and connect to the Service to present the Service to you on your device. | The processing is necessary for the performance of a contract with you, namely our TOS. |
We may use this information to monitor and improve the Service and business, resolve issues and to inform the development of new products and services. | We will only process your personal data in this way to the extent you have given us your consent to do so. |