Website Privacy Practices

Website Privacy Practices


Effective September 1, 2023

This Website Privacy Policy describes how Memorial Sloan Kettering Cancer Center (“MSK,” “we” or “us”) collect, use, share and disclose the personal data we collect on the MSK website, located at, the About Herbs mobile application and any other website or mobile application owned and operated by MSK that feature this Website Privacy Policy (collectively, the “Sites”).

This Website Privacy Policy does not cover the information we collect through MSK itself (including from the doctors at MSK), MSK’s patient portal, or any other MSK-owned websites or apps that do not link to this Website Privacy Policy. 

If personal data collected on or provided to us through the Sites is protected health information, MSK’s use and disclosure of that information is governed by MSK’s Notice of Privacy Practices. If you have any questions about MSK’s Notice of Privacy Practices, please contact us at [email protected].


Please use these shortcuts to jump to any portion of this Website Privacy Policy that interests you, or scroll down to read along. 


The Information We Collect and Use

When we use the term “Personal Data” we mean information that relates to a specific person, or that can be used to identify a specific person such as a name or email address.  We collect and use information through your use of the Sites in the following ways.

  1. Personal Data You Provide To Us

We collect and use Personal Data that you provide to us on the Sites in the following ways.

  • Visitors to our Sites
    • If you communicate with us through the Sites, we collect the content of the communications and the metadata associated with those communications. We use this information to respond to your inquiries and facilitate communication.
    • If you sign up for newsletters, we collect your contact information and communication preferences, which we use to manage how we communicate with you.
    • If you use the “email this page” function on our Sites, we collect your contact information and the recipient’s contact information, which we use to facilitate your request.
    • If you submit comments or other content on the Sites that contain personal information, we collect whatever information you supply and use this information to communicate with you if requested and to otherwise fulfill the purpose of the content submission. Please be aware that any stories, comments or other information that you submit on a public forum will be publicly accessible and managed in accordance with the MSK social media comment policy. If you connect your Facebook or Twitter account to log into any of these Sites, we collect your account information for those services, which we use to authenticate your access to these Sites.
    • If you register for any MSK event, such as a continuing medical or nursing education course, elective program, training, lecture, seminar, workshop or open house event, we collect your contact and demographic information, including education information and medical or other professional credentials, which we use to register you in the program and facilitate and administer the event. We also may use this information to contact you about your experience and to inform you about future events that may be of interest to you.
    • If you make purchases through our Sites, we collect payment information and related shipping and contact information, which we use to complete your transaction and deliver products to you.
    • If you create a pressroom account, we collect your contact information, username and password, employment information and areas of interest, which we use to facilitate press coverage opportunities and communicate with you.
    • If you send us a message that contains information about your or a loved one’s health status, our response to you will be sent through an email system with added security controls. The initial email we send you in response will have “MSKSECURE” in the subject line. To retrieve the full message, you will need to click on the link in that initial email and follow the instructions.


Additional Information for Specific Groups of Visitors to our Sites

  • Donors and Fundraisers
    • If you make a donation through the Sites, we collect your contact information, billing and payment information, and donation frequency and preferences.  If you make the donation in someone else’s honor or memory, we will collect that individual’s name, contact information and in some circumstances, a message to the honoree.  We use this information to complete your donation, notify honorees of your gift and to communicate our thanks to you, and support our fundraising initiatives. Please be aware that information about your donations may become publicly accessible unless you request to make the donation anonymously.
    • If you register for one of our fundraiser events, we collect your and your team’s contact and demographic information, username, password, the name of any honoree, fundraising goals, and any other information that you choose to submit, which we use to facilitate your participation in the fundraiser event, to inform you about other fundraising events that benefit MSK, and to support our fundraising initiatives.
    • If you create a personalized fundraising page, such as a Giving Page, or a Community Event, we collect your contact information, username, password, the name of any honoree, fundraising goals, and any other information that you choose to submit. We use this information to establish and administer your page and to communicate with you with updates and event or donation announcements. Please be aware that any fundraising page you create will become publicly accessible.
  • Potential Patients or Research Participants
    • If you request an appointment through the Sites, we collect information including your contact details, diagnosis history, demographic information, family history and insurance information, which we use to facilitate your appointment request and send you appointment reminders. Please note that appointment data is protected health information, which is also governed by MSK’s Notice of Privacy Practices.
    • If you provide information through the Sites related to your potential participation in research studies, we collect information that may include your contact details, diagnosis history, family history, and any other information that you choose to submit, which we use to determine your potential eligibility for research studies and to contact you for further information, as appropriate. Please note that any protected health information we collect for this purpose is also governed by MSK’s Notice of Privacy Practices.
  • Job or Program Applicants
    • If you submit an application for a job, fellowship, postdoctoral position, observership or other MSK program using the Sites, we collect your contact and demographic information, education, work and research history, demographic information, employment needs and interests, health history, and any other information relevant to your application. We use this information to evaluate your eligibility and candidacy, communicate with you during, before and after the relevant application process or program, and to facilitate your application, employment, or participation in the program.
  1. Information We Collect Automatically

We and our service providers may use certain technologies on the Sites to collect information about how you use and engage with the Sites, some of which may be Personal Data (“Other Information”). 

The technologies we use include the following:

  • Web Log File Data. Like most other websites or mobile applications, we collect some basic information automatically about you and store it in log files.  This information may include IP address, browser type, internet service provider, pages you visit from and pages to go to after leaving the Sites, date and time stamp, clickstream data, website traffic patterns and server usage statistics.  We use this information for site management and administration, to improve the content, overall performance and user experience on the Sites, to display advertising and personalized content on our sites, manage and improve our fundraising campaigns, manage our advertising on other sites, and for fraud protection and for protecting our rights.
  • Data from Cookies and Other Data Collection Technologies. We and our service providers use cookies, web beacons and similar technologies to manage the Sites and to collect information about you when you use the Sites.  These technologies help us to recognize you, analyze your use of the Sites and identify solutions for how to make the Sites more useful.  These technologies also allow us to display advertising and personalized content on our sites, manage and improve our fundraising campaigns and manage our advertising on other sites, as well as enhance the usability of the Sites by aggregating demographic and statistical data and providing this information to our service providers.
  • Information for Analytics. We use analytics providers to help us evaluate and measure the use and performance of the Sites. 

Please see more information on analytics and data collection technologies and the choices you can make in the “Your Online Choices” section of this Website Privacy Policy.

  1. Additional Uses of Personal Data

In addition to the uses described above, we may use your Personal Data for the following purposes:

  • Maintaining and delivering the Sites and its services;
  • Contacting you to respond to your requests or inquiries and provide support;
  • Contacting you about programs, products, or services that we believe may be of interest to you, new service announcements, or event invitations;
  • Improving our Sites and services;
  • Developing new resources and services;
  • Conducting, managing and growing our business;
  • Analyzing patient experience as well as provider and hospital performance;
  • Preventing, investigating and providing notice of fraud, unlawful or criminal activity or unauthorized access to or use of Personal Data, the Sites or our data systems, or to meet legal obligations;
  • Investigating and resolving disputes and security issues and enforcing our Terms and Conditions; and
  • For any other lawful, legitimate business purposes.


How We Share and Disclose Personal Data

We do not sell your Personal Data, however, we may share or disclose Personal Data collected through the Sites in the following ways:

Our third-party service providers include:

  • Third-Party Service Providers. We may share Personal Data with third parties who perform services on our behalf, including helping us manage the Sites, managing our communication and donation channels and conducting analysis of your use of the Sites.    
    • IT service and support providers, including those providers involved in hosting and monitoring the Sites;
    • Analytics providers;
    • Marketing and advertising providers, including those providers involved in our newsletter emails, fundraising campaigns, and digital advertising campaigns;
    • Payment and e-commerce providers, including those providers facilitating the fundraising, donation, and event pages;
    • Recruitment and applicant support providers, including those providers involved in the management of our hiring and student management platforms;
    • Providers of tools, widgets or buttons on the Sites, including those providers facilitating blog comments, sharing tools, forums and questionnaires; and
    • Learning management platform providers, including those providers involved in the provision of virtual education and continuing learning programming.
  • Affiliates. We also may share Personal Data with legal entities that are affiliated with us for purposes and uses that are consistent with this Website Privacy Policy and applicable law.
  • Donor Information. MSK may disclose its donor names and postal mailing addresses to other non-profit organizations.  You may use our <<online form>> to opt-out of sharing your donor information with third parties and request that MSK not contact you in the future.
  • Legal Process, Safety and Terms Enforcement. We may disclose your Personal Data to legal or government regulatory authorities in response to a search warrant, subpoena, court order or other request for such information or to assist in investigations. We may also disclose your Personal Data to third parties in connection with claims, disputes or litigation, when otherwise required by law, if we determine such disclosure is necessary to protect the health and safety of us or our users or to enforce our legal rights or contractual commitments that users have made.
  • Business Transfers. Personal Data may be disclosed as a part of a corporate business transaction, such as a merger, acquisition, reorganization, joint venture or financing or sale of our assets, and could be sold or transferred to a third party as part of such a transaction. Personal Data also may be disclosed to a successor hospital, provider or other legal entity in the event of insolvency, bankruptcy or receivership.


Your Online Choices

  • Cookies & Analytics Tools. Most browsers allow you to turn off cookies if you do not want your preferences tracked. You can still use the Sites if cookies are turned off, but disabling cookies may result in a diminished ability to take advantage of the features of the Sites. The “help” menu on most internet browsers contains information on how to disable cookies, or you can visit can opt out of aggregation and analysis of the data collected about you while using the Sites by Google Analytics by visiting and downloading and installing the Google Analytics Opt-out Browser Add-on. To opt out of aggregation and analysis of the data collected about you while using the Sites by Acquia Lift, you should disable cookies through the “help” menu on your internet browser or by visiting for further information.
  • Advertising Partners. We support the self-regulatory principles of the Digital Advertising Alliance (“DAA”). We work with advertisers, advertising networks, advertising servers, and analytics companies (“Ad Partners”) that use different technologies to collect data about your use of the Sites (such as pages visited or articles viewed or clicked on) in order to deliver relevant advertising.These technologies may include cookies, web beacons and other data collection technologies on our Sites placed by these Ad Partners to understand how our Sites are being used, to analyze where users go and what they do after their leave our Sites, to link various devices they may use, and to serve ads that are more relevant to the user. These advertisements may appear on other websites or services that you visit.or more information about how Ad Partners use the information collected by the technologies on our Sites and about your options not to accept cookies placed by some of these companies on our Sites, please visit the DAA’s opt-out page.The opt-outs described above are device- and browser-specific and may not work on all devices. If you choose to opt-out through any of these opt-out tools, this does not mean you will cease to see advertising. Rather, the ads you see will just not be based on your interests. In addition, when you opt out using one of these methods, our Ad Partners will continue to collect Other Information for any other purpose permitted by the DAA’s rules. Since these opt-outs are cookie-based, if you clear your cookies at any time, you will need to opt out again through the links above.Please note that this Website Privacy Policy does not cover the practices of our Ad Partners. MSK does not have control over these third-party technologies or the information contained in them.

Children and Teens

We are committed to protecting privacy of young people using our Sites. We do not knowingly collect Personal Data on the Sites from children under age 13. We believe children should get their parents’ or guardians’ consent before giving out any Personal Data. If you become aware that we have collected Personal Data from a child without parental consent, please notify us promptly. If we become aware that a child under age 13 has provided us with Personal Data without parental consent, we will take steps to remove it.

If you are a California resident under age 18 and are a registered user of the Sites, then you may request that we remove any submissions you publicly posted on the Sites. To request removal of a submission, please send a detailed description of the specific submission to [email protected]. We reserve the right to request that you provide information to enable us to confirm that you created and posted the submission you want removed. We will make a good faith effort to delete or remove your submission from public view as soon as reasonably practicable. But the submission may remain on backup media, cached or otherwise retained by us for administrative or legal purposes. Your submission also may remain publicly available if you or someone else has forwarded or re-posted your submission on another website or service prior to its deletion. And the law also may require that we not remove or allow removal of your submission.


Links to Other Websites or Mobile Applications

The Sites may contain links to websites or mobile applications owned and operated by third parties. A link to another website or mobile application does not imply an endorsement of that website’s or mobile application’s content or services. This Website Privacy Policy does not apply to, and we are not responsible for, the privacy practices of third-party websites or mobile applications that are not owned by us. We encourage you to read privacy statements of any third-party websites or mobile applications to learn about their information practices.


Managing Your Communication Preferences

If you wish to opt out of receiving our email newsletters, click “unsubscribe” in any email newsletter and follow the instructions on the screen. In addition, you can manage your email preferences by visiting the MSK communication preferences page.

If you are a donor and wish to request that MSK or any third parties acting on behalf of MSK not contact you in the future, you may use our online form to opt-out of receiving fundraising or marketing materials.

If you have consented through the Sites to receive text messages and those messages are of the type that require us to provide an opt out option, you may opt out of receiving the messages by using the method provided in the text message, or by contacting us at the address below.


Notice to Individuals Located in the UK, EEA, or Switzerland

Personal Data about individuals located in the United Kingdom, Switzerland, or the European Economic Area (together generally referred to here as the “EU”) are subject to special protections under EU law when the processing of those data are within the scope of the European Union’s General Data Protection Regulation (EU Regulation 2016/679) (“EU GDPR”), its incorporation into the laws of England and Wales, Scotland, and Northern Ireland by virtue of the UK European Union (Withdrawal) Act 2018 and/or the Swiss Federal Act on Data Protection, as applicable (together, the “GDPR”). This portion of our Website Privacy Policy (the “GDPR Website Notice”) applies only to our processing of Personal Data that is within the scope of the GDPR and where we are a controller of your data, i.e., where the purpose and means of processing your data is determined by us (“GDPR Processing Activities”).

Please be aware that if you provide your Personal Data concerning your health to MSK through the Sites in order to seek care at an MSK facility or a second opinion at MSK, you will be provided a copy of our EU Patient Notice and our Notice of Privacy Practices, which will govern our use of your Personal Data concerning your health. This GDPR Website Notice will not apply to MSK’s use of such information.

We rely on separate and overlapping bases to process your Personal Data lawfully.  MSK will use the Personal Data provided through or collected on the Sites only for the purposes described in this Website Privacy Policy. MSK’s legal bases for processing your Personal Data include providing you with the information or services that you have requested, protecting your vital interests, furthering our legitimate interests, and your consent, if applicable.  When we process special categories of Personal Data, including data concerning your health, our legal bases for processing such data include protecting your vital interests, furnishing a medical diagnosis, performing preventive or occupational medicine or assessment of the working capacity of our workforce, carrying out our legal obligations under employment or social protection laws, and your consent, if applicable.  Legitimate interests that we rely on in processing your Personal Data include (i) improving and customizing the Sites for you, (ii) understanding how the Sites are being used, (iii) exploring ways to develop and grow our operations, (iv) ensuring the safety and security of the Sites, and (v) enhancing protection against fraud, spam, harassment, intellectual property infringement, crime and security risks. Without the ability to collect and process your Personal Information, MSK would not be able to achieve those interests. We may also use your Personal Data for purposes, including scientific research, that are compatible with the purposes for which such data were initially collected.

If our processing is based solely on consent, you have the right to withdraw your consent.  You may withdraw your consent by contacting us as set forth in the “Contact Us” section below.  Please note that, in certain cases, we may continue to process your Personal Data after you have withdrawn consent, if we have a legal basis to do so.  For example, we may retain certain information if we need to do so to comply with an independent legal obligation, or if it is necessary to do so to pursue our legitimate interest in keeping the Sites safe and secure, or if deleting the information would undermine the integrity of a research study in which you are enrolled.

MSK is located in the United States. When you enter your Personal Data through one of the Sites, the data is being transferred to, stored, and processed in the United States, and could be transferred to, stored and processed in another country outside of the EU.  Please be aware that the United States, and possibly other countries to which your Personal Data may be transferred, have not been determined by the appropriate EU government authorities to provide adequate safeguards for the protection of Personal Data.  However, MSK will take steps to maintain the privacy of your Personal Data as described in this Website Privacy Policy.  If MSK transfers your Personal Data outside the EU, we will do so in reliance on mechanisms recognized under the GDPR.  This includes (i) transferring your Personal Information to countries that the appropriate EU government authority has determined to provide adequate data protection, (ii) obtaining your consent to transfer your Personal Data outside the EU after first informing you about the possible risks of such a transfer, (iii) transferring your information outside the EU if the transfer is necessary to the performance of a contract between you and MSK, including to provide treatment to you, or if the transfer is necessary to the performance of a contract between your physician or other health care provider located in the EU, and the contract was entered into in your interest, (iv) transferring your information outside the EU if necessary to establish, exercise or defend legal claims, or (v) transferring your Personal Data outside the EU to protect your vital interests.

We will retain your Personal Data for as long as is necessary for the purposes set out in this Website Privacy Policy (for example, if you have an account, for as long as your account is active), subject to your right, under certain circumstances, to have certain of your Personal Data erased, as discussed in the next paragraph, unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights.

If your Personal Data is processed for GDPR Processing Activities, you have the right to (1) see Personal Data that MSK holds about you and receive any details required to be provided to you under applicable law, (2) correct or update your Personal Data, if inaccurate, (3) limit collection and use of your Personal Data under certain circumstances (for example, if you think it is inaccurate), (4) receive your Personal Data in an electronic format as required by law, except Personal Data that has been used for public interest purposes or for MSK’s required legal obligations, (5) request deletion of your Personal Data, subject to MSK’s need to keep such data to comply with legal requirements, for purposes of public health or to preserve the integrity of a research study, or to allow itself to defend itself from legal claims, and (6) file a complaint with a data protection authority (see If you want to exercise your rights over your Personal Data, please contact us at [email protected]. If you have questions about the processing of your Personal Data or rights associated with your Personal Data, please contact our Data Protection Officer at [email protected]


Policy Changes

This Website Privacy Policy is subject to occasional revisions. We will notify you of changes by posting the new policy on the Sites and updating the effective date of the policy.

Any changes to this Website Privacy Policy will be effective upon thirty calendar days following our posting of notice of the changes on the Sites. If you do not wish to permit changes in our use of your Personal Data, you must notify us that you wish for us to delete your Personal Data prior to the effective date of the changes. Continued use of the Sites following such changes will indicate your acknowledgement of and agreement to be bound by the changes. 


Contact Us

To ask questions about the Sites or this Website Privacy Policy, you may contact us in the following ways:

Memorial Sloan Kettering Cancer Center
633 Third Avenue
New York, NY 10017

TELEPHONE: 646-227-2056

EMAIL: [email protected]