Privacy Policy

oneAMYLOIDOSISvoice.com is committed to safeguarding your privacy. This statement explains our online information practices and the choices you can make about the way the information you provide us is collected and used. For easy and direct access, we provide a link to this statement from our home page and all other pages of the site.

The Foundation is the sole owner of and the only organization that uses the information collected on this site. We will not sell, share, or rent this information to others under any circumstances.

“Cookies”

This site uses cookies. By using this site, you agree that the Foundation may place cookies on your device and access them when you visit our site. A cookie is a small file of letters and numbers that we put on your computer. The cookies we use aid us in improving our site and your experience by tracking which areas and features of our site are popular, making the site easier to navigate, count visits, and allow a registered user to remain signed in to his/her user profile throughout a visit. We may also use cookies placed on our site by third parties acting on our behalf. If you want to opt out of our cookies, you can delete them and any other cookies that are already on your computer. Please refer to the help and support areas on your Internet browser for instructions on how to locate the file or directory that stores cookies. Some functionalities on our site may be affected if you delete our cookies.

Online Donations

The Foundation collects the following information through our secure online financial-transaction pages: name, address, e-mail address, phone number, and credit card information. This personally identifiable information is used to acknowledge receipt of your donation for tax purposes and to include you on the Foundation’s mailing list if you choose to join it.

When you send a donation in honor or in memory of someone and request that an acknowledgement be sent to another individual or a family, we will use the name and address of that individual or family for acknowledgement purposes only.

Security

We care about the security of your transactions and apply industry-standard practices and technologies to safeguard your credit card information. We use high-grade encryption and the secure https protocol to communicate with your browser software, which guards against interception of the credit card information you give us. We also employ several different security techniques to protect your personally identifiable information from unauthorized access by users inside and outside the organization. The web servers for the Foundation are located in a locked, secure environment, and computer systems are maintained in accordance with industry standards to secure information. You should be aware, however, that “perfect security” does not exist on the Internet, and third parties may unlawfully intercept or access transmissions or private communications.

Mailing List

The Foundation provides a separate online form to join our mailing list. The information we collect includes: name, address, e-mail address, and phone number. This information is securely stored internally and accessed only when we correspond with our mailing list periodically during the year, either via e-mail or regular mail.

Please contact us directly by regular mail, email or telephone if at any time you wish to be removed from the mailing list or if you would like to correct or change the personal information you have previously provided.

eNewsletters

You will be added to oneAMYLOIDOSISvoice.com’s email newsletter list only if you register to receive newsletters via a form or checkbox on oneAMYLOIDOSISvoice.com website. You may opt out of receiving our eNewsletters by clicking on the opt-out link included in every email newsletter we send.

Links to Other Websites

Foundation’s site includes links, some temporary and some permanent, to other websites. We are not responsible for the privacy and security practices of any other website or the nature of the content contained therein.

Children’s Privacy

None of the content and information in the Foundation’s website is targeted toward children under 13 years of age. We make every effort possible to ensure that we do not collect or maintain information on our website from those we know to be younger than 16 unless parental consent has been obtained in writing.

Changes to This Policy

In the event that the Foundation decides to alter its privacy policy, the changes will be added directly to this statement. We will, however, always use information in accordance with the version of the privacy policy under which it was originally collected.

Contact Us

If you have specific questions or concerns about the Foundation’s privacy policy, please contact us at the following address:

61 Hillandale Road

Westport CT 06880

Privacy Policy

oneAMYLOIDOSISvoice.com is committed to safeguarding your privacy. This statement explains our online information practices and the choices you can make about the way the information you provide us is collected and used. For easy and direct access, we provide a link to this statement from our home page and all other pages of the site.

The Foundation is the sole owner of and the only organization that uses the information collected on this site. We will not sell, share, or rent this information to others under any circumstances.

“Cookies”

This site uses cookies. By using this site, you agree that the Foundation may place cookies on your device and access them when you visit our site. A cookie is a small file of letters and numbers that we put on your computer. The cookies we use aid us in improving our site and your experience by tracking which areas and features of our site are popular, making the site easier to navigate, count visits, and allow a registered user to remain signed in to his/her user profile throughout a visit. We may also use cookies placed on our site by third parties acting on our behalf. If you want to opt out of our cookies, you can delete them and any other cookies that are already on your computer. Please refer to the help and support areas on your Internet browser for instructions on how to locate the file or directory that stores cookies. Some functionalities on our site may be affected if you delete our cookies.

Online Donations

The Foundation collects the following information through our secure online financial-transaction pages: name, address, e-mail address, phone number, and credit card information. This personally identifiable information is used to acknowledge receipt of your donation for tax purposes and to include you on the Foundation’s mailing list if you choose to join it.

When you send a donation in honor or in memory of someone and request that an acknowledgement be sent to another individual or a family, we will use the name and address of that individual or family for acknowledgement purposes only.

Security

We care about the security of your transactions and apply industry-standard practices and technologies to safeguard your credit card information. We use high-grade encryption and the secure https protocol to communicate with your browser software, which guards against interception of the credit card information you give us. We also employ several different security techniques to protect your personally identifiable information from unauthorized access by users inside and outside the organization. The web servers for the Foundation are located in a locked, secure environment, and computer systems are maintained in accordance with industry standards to secure information. You should be aware, however, that “perfect security” does not exist on the Internet, and third parties may unlawfully intercept or access transmissions or private communications.

Mailing List

The Foundation provides a separate online form to join our mailing list. The information we collect includes: name, address, e-mail address, and phone number. This information is securely stored internally and accessed only when we correspond with our mailing list periodically during the year, either via e-mail or regular mail.

Please contact us directly by regular mail, email or telephone if at any time you wish to be removed from the mailing list or if you would like to correct or change the personal information you have previously provided.

eNewsletters

You will be added to oneAMYLOIDOSISvoice.com’s email newsletter list only if you register to receive newsletters via a form or checkbox on oneAMYLOIDOSISvoice.com website. You may opt out of receiving our eNewsletters by clicking on the opt-out link included in every email newsletter we send.

Links to Other Websites

Foundation’s site includes links, some temporary and some permanent, to other websites. We are not responsible for the privacy and security practices of any other website or the nature of the content contained therein.

Children’s Privacy

None of the content and information in the Foundation’s website is targeted toward children under 13 years of age. We make every effort possible to ensure that we do not collect or maintain information on our website from those we know to be younger than 16 unless parental consent has been obtained in writing.

Changes to This Policy

In the event that the Foundation decides to alter its privacy policy, the changes will be added directly to this statement. We will, however, always use information in accordance with the version of the privacy policy under which it was originally collected.

Contact Us

If you have specific questions or concerns about the Foundation’s privacy policy, please contact us at the following address:

61 Hillandale Road

Westport CT 06880

onevoice is a “positively-charged” community…and we want to provide a safe and powerful space for encouragement. We hope taking on the mantle of being a ‘community member’ means you’re part of the solution. Bring your PMA (positive mental attitude), your realities and strength to onevoice – we need as much “good stuff” as you can muster…

We get it, though. Everyone’s life has struggles and rough patches, and you’re welcome and invited to share those as well.

So we are providing onevoice features and access to other community members with your agreement (and everyone else’s) to “play nice”…which means stuff like the following actions could be considered by rareLife solutions as a material breach of the Terms of Use and get you a stern but polite message by our ever-present Community Managers, who will do their best to explain how to make your post compliant with our positively charged community…(please consider what they recommend because even though we consider it an action of last resort, we may have to ask you to leave or eject you from the Site if you’re not willing to adjust your posting or behavior):

1. Posting or linking to material that is unlawful, obscene, derogatory, defamatory, threatening, harassing, abusive, slanderous, hateful, or embarrassing to any other person or entity as determined by us in our sole discretion.
2. Holding yourself out on our Sites as a healthcare professional or otherwise misrepresenting your licensure, specialty, certification, or other credential or information.
3. If you are a healthcare professional: attempting to treat or diagnose a patient or provide any other service or product to a patient on the Site.
4. Disclosing in any part of the Site any personally identifiable information (e.g., name, address, etc.), alone or in combination, about a former or current patient or client.
5. Under certain circumstances, mostly dealing with Federal Laws about approved drug marketing and advertising, posting or linking to information about certain pharmaceutical products or medical devices.
6. Participation or use of the site for any purpose in violation of applicable local, state, federal, or international laws.
7. Posting or linking to content that infringes, misappropriates or violates the intellectual property or other proprietary rights of third parties or their privacy or publicity rights.
8. Sending or posting viruses or other harmful computer code.
9. Unconsented collecting or harvesting of information about others, including email addresses.
10. Creating or using an account to impersonate another person.
11. Creating or registering more than one name and/or e-mail address.
12. Granting another person access to use your account to post or view comments.
13. Posting excessively or “spamming,” including repeatedly posting the same comment or content, including advertisements, business solicitations, chain letters, or pyramid schemes.
14. Participating on our Sites by persons under 16 years of age.
15. Disrupting conversations and communications repeatedly or posting unrelated comments to a particular topic.
16. Using our Sites in a manner that prevents another person from participating in the Site or exposes us or any community members 

With respect to enforcing our Code of Conduct, we reserve the right to:

1. Record the conversations or content on our Site.
2. Investigate and take appropriate legal action against anyone who, in our sole discretion, is alleged to or violates the Terms or this Code of Conduct.
3. Remove offending content from our Sites, including any content that we determine, in our sole discretion, to be unlawful, obscene, derogatory, defamatory, threatening, harassing, abusive, slanderous, hateful, or that otherwise fails to conform to the Terms or this Code of Conduct.
4. Suspend or terminate the access of such violators to our Sites.
5. Report violations to law enforcement authorities.
6. Terminate a user’s access to the Site if the user’s registration information and/or e-mail address is no longer valid.
7. Monitor, edit, or disclose any communication on the Site.
8. Edit or permanently remove any communication posted on the Site, even if not violative.
9. Take any other action that we deem necessary to protect the personal safety of community members or the public.

The General Data Protection Regulation (GDPR) is the European data protection regulation adopted by the EU Commission to replace the EU Data Protection Directive, also known as Directive 95/46/EC. GDPR took effect on May 25th, 2018. The regulation expands upon and replaces the EU Data Protection and Privacy rules with a more comprehensive framework that dictates how the personal information of EU data subjects is used, stored, transmitted, protected, and codified. The GDPR applies to both individuals and businesses and regulates the way in which personal data of citizens in the European Union should be handled. The GDPR also requires that businesses share with the EU data subject how personal data is being handled; respond to certain data subject requests about that data; and handle such with proper security controls. The regulation also sets a standard for how that data is shared with other controllers and processors and sets guidelines for use or transfer of that information in countries with different laws and regulations regarding data use and transfer. A copy of the text of GDPR can be found here.

Our policies regarding data ownership and protection are focused on providing you with confidence that your data remains secure, and under your control. We have established a number of measures to ensure that customers and their data are treated in a manner consistent with privacy principles.

Our Commitment

At rareLife, we are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognize our obligations in updating and expanding this program to meet the demands of the GDPR and the Data Protection Bill.

We are dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the GDPR. Our preparation and objectives for GDPR compliance have been summarized in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.

How is rareLife Preparing for the GDPR?

rareLife already has a consistent level of data protection and security across our organization, however it is our aim to be fully compliant with the GDPR.

Our preparation includes:

• Information Audit – We are carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed. This will be an iterative process reviewed on an annual basis.
• Policies & Procedures – At rareLife, we are revising/implementing new data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including: –
  • Data Protection – Our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals. (Site Privacy Policy)
  • Data Retention & Erasure – We are working on having erasure procedures to meet the new ‘Right to Erasure’ obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes and notification responsibilities.
  • Data Breaches – Our data breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time. Our procedures are robust and have been disseminated to all employees, making them aware of the reporting lines and steps to follow.
  • Data Transference – When rareLife collects a data subject’s personal information it avoids sharing that information with any vendor, third party, contractor or other type of outside service, unless either required by law or as part of our internal processes which sometimes include external providers. The information is stored in our systems and is not transferred outside of our network to any controllers or sub processors without explicit permission from our clients. rareLife never sells personal data to other companies, and to the extent it is ever shared, it is only to complete the purpose for which the data was acquired. All of our vendors must have procedures in place that protect any data that is shared with them.
  • International Data Transfers & Third-Party Disclosures – Where rareLife stores or transfers personal information outside the EU, we have robust procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of the data. Our procedures include a continual review of the countries with sufficient adequacy decisions, as well as provisions for binding corporate rules; standard data protection clauses or approved codes of conduct for those countries without. We carry out strict due diligence checks with all recipients of personal data to assess and verify that they have appropriate safeguards in place to protect the information, ensure enforceable data subject rights and have effective legal remedies for data subjects where applicable.
  • Subject Access Request (SAR) – We are diligently working on our SAR procedures to accommodate the revised 30-day timeframe for providing the requested information and making this provision free of charge. Our new procedures detail how to verify the data subject, what steps to take for processing an access request, what exemptions apply and a suite of response templates to ensure that communications with data subjects are compliant, consistent and adequate.

• Legal Basis for Processing – We are reviewing all processing activities to identify the legal basis for processing and ensure that each basis is appropriate for the activity it relates to. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of the GDPR and Schedule 1 of the Data Protection Bill are met.
• Privacy Notice/Policy – We have revised our Privacy Notice(s) to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
• Obtaining Consent – We have incorporated consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information. We have developed stringent processes for recording consent, making sure that we can evidence an affirmative opt-in, along with time and date records; and an easy to see and access way to withdraw consent at any time.
• Data Protection Impact Assessments (DPIA) –We are in the process of developing stringent procedures and assessment templates for carrying out impact assessments that comply fully with the GDPR’s Article 35 requirements. Our goal is to document processes that record each assessment, allow us to rate the risk posed by the processing activity and implement mitigating measures to reduce the risk posed to the data subject(s).
• Processor Agreements – where we use any third-party to process personal information on our behalf (i.e. Payroll, Recruitment, Hosting etc.), we have drafted compliant Processor Agreements and due diligence procedures to ensure that they (as well as we), meet and understand their/our GDPR obligations. These measures include initial and ongoing reviews of the service provided, the necessity of the processing activity, the technical and organizational measures in place and compliance with the GDPR.
• Special Categories Data – where we obtain and process any special category information, we do so in complete compliance with the Article 9 requirements and have high-level encryptions and protections on all such data. Special category data is only processed where necessary and is only processed where we have first identified the appropriate Article 9(2) basis or the Data Protection Bill Schedule 1 condition. Where we rely on consent for processing, this is explicit with the right to modify or remove consent being clearly signposted.

Data Subject Rights

In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy to access information via (our website, in the office, during induction etc.) of an individual’s right to access any personal information that rareLife processes about them and to request information about: –

• What personal data we hold about them
• The purposes of the processing
• The categories of personal data concerned
• The recipients to whom the personal data has/will be disclosed
• How long we intend to store their personal data for
• If we did not collect the data directly from them, information about the source
• The right to have incomplete or inaccurate data about them corrected or completed and the process for making this request
• The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
• The right to lodge a complaint or seek judicial remedy and who to contact in such instances

Information Security & Technical and Organizational Measures

rareLife solutions takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information such as SSL, access controls, password policy, encryptions and IT.

If you have any privacy-related questions/concerns, feel free to reach out to us. This same contact information can be used for questions related to data subject access requests, portability, erasure, etc. The contact information is as follows:

rareLife solutions
Attention: Privacy
606 Post Road East, #397
Westport, CT 06880
Telephone (844) 663- 8642
E-mail: [email protected]

We are constantly improving our policies and procedures to adhere to the standard and to go a step further to ensure all data we collect is properly protected.

We strive to be transparent with how we are collecting data regarding our customers and providing information to them on the data that we currently have. All our teams work to ensure that the data collected is only what is needed to provide the best service and utilizes data subjects’ information for the purpose of fulfilling those services only.

Last Updated: March 23, 2020
rareLife solutions, Inc.
606 Post Road East, #397
Westport, CT 06880
[email protected]
© 2022 rareLife solutions, Inc. All rights reserved.