Effective May 24, 2018
If personal data collected on the Sites is protected health information, MSK’s use and disclosure of that information is governed by MSK’s Notice of Privacy Practices. If you have any questions about MSK’s Notice of Privacy Practices, please contact us at firstname.lastname@example.org.
When we use the term “Personal Data” we mean information that we directly associate with a specific person, or that we can reasonably use to identify a specific person such as a name or email address. We collect and use information through your use of the Sites in the following ways.
- Personal Data You Provide To Us
We collect and use Personal Data that you provide to us on the Sites in the following ways.
- All Website Visitors
- If you communicate with us through the Sites, we collect the content of the communications and the metadata associated with those communications. We use this information to respond to your inquiries and facilitate communication.
- If you sign up for newsletters, we collect your contact information and communication preferences, which we use to manage how we communicate with you.
- If you use the “email this page” function on our Sites, we collect your contact information and the recipient’s contact information, which we use to facilitate your request.
- If you submit identifiable comments or other content on the Sites, we collect whatever information you supply and use this information to communicate with you if requested and to otherwise fulfill the purpose of the content submission. Please be aware that any stories, comments or other information that you submit on a public forum will be publicly accessible and managed in accordance with the MSK social media comment policy. If you connect your Facebook or Twitter account to log into any of these Sites, we collect your account information for those services, which we use to authenticate your access to these Sites.
- If you register for any MSK event, such as a continuing medical or nursing education course, elective program, training, lecture, seminar, workshop or open house event, we collect your contact and demographic information, including education information and medical or other professional credentials, which we use to register you in the program and facilitate and administer the event. We also may use this information to contact you about your experience and to inform you about future events that may be of interest to you.
- If you make purchases through our Sites, we collect payment information and related shipping and contact information, which we use to complete your transaction and deliver products to you.
- If you create a pressroom account, we collect your contact information, username and password, employment information and areas of interest, which we use to facilitate press coverage opportunities and communicate with you.
- If you send us a message that contains information about your or a loved one’s health status, our response to you will be sent through an email system with added security controls. The initial email we send you in response will have “MSKSECURE” in the subject line. To retrieve the full message, you will need to click on the link in that initial email and follow the instructions.
- Donors and Fundraisers
- If you make a donation through the Sites, we collect your contact information, billing and payment information, and donation frequency and preferences. If you make the donation in someone else’s honor or memory, we will collect that individual’s name, contact information and in some circumstances, a message to the honoree. We use this information to complete your donation, notify honorees of your gift and to communicate our thanks to you. Please be aware that information about your donations may become publicly accessible unless you request to make the donation anonymously.
- If you register for one of our fundraiser events, we collect your and your team’s contact and demographic information, username, password, the name of any honoree, fundraising goals, and any other information that you choose to submit, which we use to facilitate your participation in the fundraiser event.
- If you create a personalized fundraising page, such as a Giving Page, or a Community Event, we collect your contact information, username, password, the name of any honoree, fundraising goals, and any other information that you choose to submit. We use this information to establish and administer your page and to communicate with you with updates and event or donation announcements. Please be aware that any fundraising page you create will become publicly accessible.
- Potential Patients or Research Participants
- If you request an appointment through the Sites, we collect information including your contact details, diagnosis history, family history and insurance information, which we use to facilitate your appointment request and send you appointment reminders. Please note that appointment data is protected health information, which is also governed by MSK’s Notice of Privacy Practices.
- If you provide information through the Sites related to your potential participation in research studies, we collect information that may include your contact details, diagnosis history, family history, and any other information that you choose to submit, which we use to determine your potential eligibility for research studies and to contact you for further information, as appropriate. Please note that any protected health information we collect for this purpose is also governed by MSK’s Notice of Privacy Practices.
- Job or Program Applicants
- If you submit an application for a job, fellowship, postdoctoral position, observership or other MSK program using the Sites, we collect your contact and demographic information, education, work and research history, employment needs and interests, health history, and any other information relevant to your application. We use this information to evaluate your eligibility and candidacy, communicate with you during, before and after the relevant application process or program, and to facilitate your application, employment, or participation in the program.
- Information We Collect Automatically
The technologies we use include the following:
- Web Log File Data. Like most other websites or mobile applications, we collect some basic information automatically about you and store it in log files. This information may include IP address, browser type, internet service provider, pages you visit from and pages to go to after leaving the Sites, date and time stamp, clickstream data, website traffic patterns and server usage statistics. We use this information for site management and administration, to improve the content, overall performance and user experience on the Sites, for fraud protection and for protecting our rights.
- Information for Analytics. We use analytics providers such as Google Analytics and Acquia Lift to help us evaluate and measure the use and performance of the Sites.
- Additional Uses of Personal Data
In addition to the uses described above, we may use your Personal Data for the following purposes:
- Maintaining and delivering the Sites and its services;
- Contacting you to respond to your requests or inquiries and provide support;
- Contacting you about programs, products, or services that we believe may be of interest to you, new service announcements, or event invitations;
- Improving our Sites and services;
- Developing new resources and services;
- Conducting, managing and growing our business;
- Analyzing patient experience as well as provider and hospital performance;
- Preventing, investigating and providing notice of fraud, unlawful or criminal activity or unauthorized access to or use of Personal Data, the Sites or our data systems, or to meet legal obligations;
- Investigating and resolving disputes and security issues and enforcing our Terms and Conditions; and
- For any other lawful, legitimate business purposes.
We only share or disclose Personal Data collected through the Sites in the following ways:
Our third-party service providers include:
- Third-Party Service Providers. We may engage vendors who perform services on our behalf, including helping us manage the Sites, manage our communication and donation channels and conduct analysis of your use of the Sites.
- IT service and support providers, including those providers involved in hosting and monitoring the Sites;
- Analytics providers;
- Marketing and advertising providers, including those providers involved in our newsletter emails and digital advertising campaigns;
- Payment and e-commerce providers, including those providers facilitating the fundraising, donation, and event pages;
- Recruitment and applicant support providers, including those providers involved in the management of our hiring and student management platforms;
- Providers of tools, widgets or buttons on the Sites, including those providers facilitating blog comments, sharing tools, forums and questionnaires; and
- Learning management platform providers, including those providers involved in the provision of virtual education and continuing learning programming.
- Donor Information. MSK may share its donor names and postal mailing addresses with other non-profit organizations. You may use our online form to opt-out of sharing your donor information with third parties and request that MSK not contact you in the future.
- Legal Process, Safety and Terms Enforcement. We may disclose your Personal Data to legal or government regulatory authorities in response to a search warrant, subpoena, court order or other request for such information or to assist in investigations. We may also disclose your Personal Data to third parties in connection with claims, disputes or litigation, when otherwise required by law, if we determine such disclosure is necessary to protect the health and safety of us or our users or to enforce our legal rights or contractual commitments that users have made.
- Business Transfers. Personal Data may be disclosed as a part of a corporate business transaction, such as a merger, acquisition, reorganization, joint venture or financing or sale of our assets, and could be sold or transferred to a third party as part of such a transaction. Personal Data also may be disclosed to a successor hospital, provider or other legal entity in the event of insolvency, bankruptcy or receivership.
- Cookies & Analytics Tools. Most browsers allow you to turn off cookies if you do not want your preferences tracked. You can still use the Sites if cookies are turned off, but disabling cookies may result in a diminished ability to take advantage of the features of the Sites. The “help” menu on most internet browsers contains information on how to disable cookies, or you can visit www.aboutcookies.org/how-to-control-cookies/.
You can opt out of aggregation and analysis of the data collected about you while using the Sites by Google Analytics by visiting https://tools.google.com/dlpage/gaoptout and downloading and installing the Google Analytics Opt-out Browser Add-on. To opt out of aggregation and analysis of the data collected about you while using the Sites by Acquia Lift, you should disable cookies through the “help” menu on your internet browser or by visiting www.aboutcookies.org/how-to-control-cookies/ for further information.
- Advertising Partners. We support the self-regulatory principles of the Digital Advertising Alliance (“DAA”). We work with advertisers, advertising networks, advertising servers, and analytics companies (“Ad Partners”) that use different technologies to collect data about your use of the Sites (such as pages visited or articles viewed or clicked on) in order to deliver relevant advertising.
These technologies may include cookies, web beacons and other data collection technologies on our Sites placed by these Ad Partners to understand how our Sites are being used, to analyze where users go and what they do after their leave our Sites, to link various devices they may use, and to serve ads that are more relevant to the user. These advertisements may appear on other websites or services that you visit.
or more information about how Ad Partners use the information collected by the technologies on our Sites and about your options not to accept cookies placed by some of these companies on our Sites, please visit the DAA’s opt-out page.
The opt-outs described above are device- and browser-specific and may not work on all devices. If you choose to opt-out through any of these opt-out tools, this does not mean you will cease to see advertising. Rather, the ads you see will just not be based on your interests. In addition, when you opt out using one of these methods, our Ad Partners will continue to collect Other Information for any other purpose permitted by the DAA’s rules. Since these opt-outs are cookie-based, if you clear your cookies at any time, you will need to opt out again through the links above.
We are committed to protecting privacy of young people using our Sites. We do not knowingly collect Personal Data on the Sites from children under age 13. We believe children should get their parents’ or guardians’ consent before giving out any Personal Data. If you become aware that we have collected Personal Data from a child without parental consent, please notify us promptly. If we become aware that a child under age 13 has provided us with Personal Data without parental consent, we will take steps to remove it.
If you are a California resident under age 18 and are a registered user of the Sites, then you may request that we remove any submissions you publicly posted on the Sites. To request removal of a submission, please send a detailed description of the specific submission to email@example.com. We reserve the right to request that you provide information to enable us to confirm that you created and posted the submission you want removed. We will make a good faith effort to delete or remove your submission from public view as soon as reasonably practicable. But the submission may remain on backup media, cached or otherwise retained by us for administrative or legal purposes. Your submission also may remain publicly available if you or someone else has forwarded or re-posted your submission on another website or service prior to its deletion. And the law also may require that we not remove or allow removal of your submission.
To discontinue receiving messages from us, you can submit an opt-out request to the contact information below or by following these instructions:
If you wish to opt out of receiving our email newsletters, click “unsubscribe” in any email newsletter and follow the instructions on the screen. In addition, you can manage your email preferences by visiting the MSK communication preferences page.
If you are a donor and wish to request that MSK or any third parties acting on behalf of MSK not contact you in the future, you may use our online form to opt-out of receiving fundraising or marketing materials.
If you have consented through the Sites to receive text messages and those messages are of the type that require us to provide an opt out option, you may opt out of receiving the messages by using the method provided in the text message, or by contacting us at the address below.
Please be aware that if you use the Sites to transfer your Personal Data to MSK in order to seek care at an MSK facility or a second opinion at MSK, you will be provided a copy of our EU Patient Notice and our Notice of Privacy Practices, which will govern our use of protected health information. The EU Website Notice will not apply to MSK’s use of such information.
If our processing is based solely on consent, you have the right to withdraw your consent. You may withdraw your consent by contacting us as set forth in the “Contact Us” section below. Please note that, in certain cases, we may continue to process your Personal Data after you have withdrawn consent, if we have a legal basis to do so. For example, we may retain certain information if we need to do so to comply with an independent legal obligation, or if it is necessary to do so to pursue our legitimate interest in keeping the Sites safe and secure, or if deleting the information would undermine the integrity of a research study in which you are enrolled.
If your Personal Data is processed for EEA Processing Activities, you have the right to (1) see Personal Data that MSK holds about you and receive any details required to be provided to you under applicable law, (2) correct or update your Personal Data, if inaccurate, (3) limit collection and use of your Personal Data under certain circumstances (for example, if you think it is inaccurate), (4) receive your Personal Data in an electronic format as required by law, except Personal Data that has been used for public interest purposes or for MSK’s required legal obligations, (5) request deletion of your Personal Data, subject to MSK’s need to keep such data to comply with legal requirements, for purposes of public health or to preserve the integrity of a research study, or to allow itself to defend itself from legal claims, and (6) file a complaint with a data protection authority (see http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm). If you have questions about the processing of your Personal Data or rights associated with your Personal Data, see the section “Contact Us” below.
Memorial Sloan Kettering Cancer Center
633 Third Avenue
New York, NY 10017