Privacy Policy

Overview

PSC Partners Seeking a Cure ("PSC Partners") is committed to protecting the privacy of our families. Your privacy and the security of the data you provide are of the utmost importance to us. To ensure transparency, this Privacy Policy (this "Policy") describes how the registry collects, uses, secures and shares your personal information why you access or use our patient registry website, and when you transmit information to us electronically. Because the registry is gathering medical information, it is important that you fully understand the terms and conditions surrounding the use of that information. We understand your medical information is personal, and we want to make sure you are as comfortable as possible if you choose to share that information.

We provide this notice to explain the registry's information practices. To make this notice easy to locate, the registry makes this privacy policy available as a link on the registry home page. We define personal information to include: name(s), email address, mailing address, phone number, survey responses, registry information, and content of your correspondence with the PSC Partners Patient Registry.

When you contact the PSC Partners Seeking a Cure Patient Registry at registrycoordinator@pscpartners.org or use the contact form, your email address and other information included in your email may be forwarded to the appropriate person(s) within PSC Partners Seeking a Cure or our professional advisors for a response. A copy of your correspondence may be retained at the PSC Partners Seeking a Cure office and also by the responding individual.

PSC Partners Seeking a Cure has established and maintains a mailing list that may include registry participants, families of affected individuals, friends, relatives, physicians, scientists, contributors and others interested in primary sclerosing cholangitis (PSC). The PSC Partners Patient Registry will never release its mailing list or the names of registry participants to any outside organization or third party. However, if an outside organization sends us information for distribution to the registry participants, we may mail it to you after the mailing is approved.

Information determined to be confidential can only be released by the written or verbal permission of the subject of the information or organization that owns the information. Verbal permission may be valid in limited circumstances. Any general release must be in writing. Information may be released if required by law, such as in response to an investigation or subpoena. The PSC Partners Seeking a Cure Patient Registry website provides links to other sites that may be of interest. PSC Partners Seeking a Cure is not responsible for the privacy practices or content of other such websites.

The PSC Partners Patient Registry is firmly committed to maintaining the confidentiality of your personal information in all of our activities and programs. Every reasonable effort will be made to maintain the privacy and security of all personal information in our possession. Access to personal information will be limited to the registry staff. All individuals working for the PSC Partners Patient Registry will have Glossary Link HIPAA training and will be instructed in the confidentiality requirements of the organization. No identifiable information will be shared with other users without your express permission. Your participation in this research will be kept private to the extent permitted by law. However, it is possible that other people may become aware of your participation in the PSC Partners Patient Registry. We might have to release your private information in a few specific situations – if it is required by the following:

  • Food and Drug Administration (FDA) or representatives from regulatory agencies in other countries
  • The Registry Institutional Review Board (IRB)
  • Law enforcement officials

You must read the PSC Partners Seeking a Cure Registry Privacy Policy (the "Privacy Policy") and the Registry Website terms and conditions (the "Terms and Conditions") prior to using any portion of the PSC Partners Seeking a Cure Patient Registry Website located at www.pscpartnersregistry.org (the "Registry Website"). By using the Registry Website, you agree to all the terms of the Privacy Policy. If you do not agree with the terms of this Privacy Policy, you may not use any portion of the Registry Website.

The Registry Website is owned and operated by PSC Partners. PSC Partners respects your privacy and has written the Privacy Policy so that you are aware of the information PSC Partners collects from you, how that information is protected, and how it is used. By using the Registry Website, you agree to all the terms of the Privacy Policy and Terms and Conditions. If you do not agree with the terms of this Privacy Policy, you may not use any portion of the Registry Website.

If you have any questions or comments regarding the Privacy Policy, or you feel that PSC Partners is not abiding by its posted Privacy Policy, please contact us via registered mail at:

Ricky Safer, CEO
PSC Partners Seeking a Cure
6900 E. Belleview Ave., Suite 202
Greenwood Village, CO 80111
By phone: (303) 771-5227
By fax: (303) 221-0757
By email: registrycoordinator@pscpartners.org

1. GENERAL

1.1 This Privacy Policy outlines the type of information PSC Partners collects from the users of the Registry Website and how it is shared with other parties. We reserve the right to modify the Privacy Policy at any time and without prior notice by posting amended terms and conditions on the Registry Website. We encourage you to review the Privacy Policy periodically for any updates or changes.

2. COLLECTION, USE, AND DISCLOSURE AND RETENTION OF INFORMATION

2.1 De-identified and Identifiable Information. Information collected on the Patient Registry can be categorized as either de-identified or identifiable. De-identified information is information that can’t be traced to a specific individual. Identifiable information tells us exactly who you are. This identifiable information allows you to access your registry and allows the Patient Registry to communicate with you.

2.2 Collection of Information. All of the information you provide to the PSC Partners Patient Registry will be maintained in a secure database, and any information that could identify you will not be shared without your express written consent, unless otherwise required by law. This Policy covers all personal information that you voluntarily submit to us. This Policy does not apply to anonymized data, such as aggregated data, as it cannot be used to identify you.

2.3 Use and Disclosure of Information.The goal of this registry is to collect personal information for research purposes, and to make the information you provide searchable, while protecting your identity.

De-identified data (information where all personal identification has been removed) gathered from this profile will be made available to participants of the Registry and other PSC and PSC-related registries in the hope that analyses of a substantially larger database will support breakthroughs and clinical trials that could lead to better treatments and care management. The registry staff will perform searches for specific questions within the PSC Partners Registry and provide reports back to you or the requesting party. We may share anonymized or aggregated information with any third parties. Such information no longer reasonably identifies you. As a participant, you can take health surveys and upload medical records. Your information may be used to inform you about relevant research opportunities and clinical trials. De-identified information may be disclosed by the registry to third parties and otherwise used in accordance with legal requirements. You can also perform searches of this de-identified data.

The Registry may employ independent contractors ("Outside Contractors") to provide specific services and products related to the Registry Website or to the services provided on the Registry Website, including but not limited to, performing general statistical analysis, maintaining an email suppression list as may be required by state and/or federal law, fraud screening, testing and implementation of special services to users, and developing applications for the Registry Website and the services provided on the Registry Website. These Outside Contractors may have limited access to information collected on the Registry Website, including protected health information and personally identifiable information. In the course of providing such products or services, Outside Contractors will be contractually obligated to protect the privacy and security of all protected health information and personally identifiable information.

2.4 Retention. The PSC Partners Patient Registry securely stores your personal information for as long as we need it to provide you our Services, to serve the purpose(s) for which your personal information was processed. We store information used for research purposes indefinitely until you unsubscribe.

3. WITHDRAWAL OF INFORMATION

3.1 At any time, you reserve the right to withdraw your information from the registry database by contacting the PSC Partners Registry Coordinator, and your profile will be removed. However, de-identified data cannot be retrieved from researchers that have already accessed it prior to your request for removal.

4. PROTECTION OF USER INFORMATION

4.1 All users are required to review and abide by the PSC Partners Patient Registry Website Terms and Conditions and the Privacy Policy. The Registry takes steps to ensure that your information is treated securely and in accordance with this Privacy Policy. We use commercially reasonable methods to protect the security of information and data submitted to the registry website. We employ best practices from our networking to our secure servers to protect your data from intrusion. Users should keep in mind, however, that no internet transmission is ever 100% secure or error-free. Where you use passwords, ID numbers, or other special access features on the registry website, you should take special care to safeguard them. It is also important for you to help protect against unauthorized access to your information. You are solely responsible for signing off of our registry website each time you finish using it and for securing your log-in information and security responses. Any transactions using your log-in and security responses will be deemed to be authorized by you.

4.2 Security Measures. We have partnered with experts in the field of online protection and privacy to protect your information and keep it secure. Invitae is an authorized contractor for the National Institute of Health (NIH) in the development of global disease registries. Their programs are designed in accordance with applicable US privacy protection provisions of HIPAA (Health Insurance Portability and Accountability Act of 1996) as well as the Federal Information Security Management Act of 2002 ( Glossary Link FISMA). FISMA-compliant hosting is much more extensive than HIPAA and requires specific documented operational controls and security procedures, which are audited by an independent IT security firm annually to ensure compliance. Employees handling data must have a background check and pass high-level security testing. Your information is stored off-site in a secured environment on secure servers located in the US. All storage and transmittal are done in encrypted form.

Any personal information that could be used to identify you or your family is labeled with a special code. The code is securely stored with a password. Only authorized staff will be able to access the code and contact you if needed. Information that has had all of the personally identifying information changed to a code is called "de-identified."

We use reasonable technical, administrative and physical measures to protect information contained in our system against misuse, loss, or alteration. Information that you provide through our Websites is encrypted using industry standard Secure Sockets Layer (SSL) technology, with the exception of information you send via email. Your information is processed and stored on controlled servers with restricted access. Unfortunately, no method of electronic transmission is 100% secure, so we cannot ensure or warrant the security of any information you transmit to our Websites, and you do so at your own risk. Please recognize that protecting your personal information is also your responsibility. You should keep your username, password, ID numbers, or other access credentials secure, as PSC Partners Patient Registry cannot secure personal information that you release on your own or that you request us to release. If we receive instructions using your log-in information, we will consider that you have authorized the instructions.

5. PROTECTION OF USER INFORMATION

5.1 All of the information you provide to the PSC Partners Patient Registry in connection with the Registry Website is owned by the Registry. Your information may contribute to the development of inventions or commercial products from which others may derive economic benefit. You will have no rights to any inventions, commercial products, or other such discoveries, and you will receive no economic benefit.

7.COOKIES

7.1 When you visit the PSC Partners Patient Registry Website, we may send one or more cookies to your computer that will uniquely identify your browser. A cookie is a piece of data stored on the user's hard drive containing information about the user. Cookies may be used by the Registry to enable it to track and target the interests of users to enhance their experience on the Website. Usage of a cookie is in no way linked to any personally identifiable information while on the website. If a user rejects the cookie, he or she may still use the Website, but the functionality of the Website, including the user’s access to secured areas of the Website, may be impaired. You can enable, disable, or delete cookies via your browser settings. To do this, follow the instructions provided by your browser, usually located in the "Help," "Tools," or "Edit" settings of your browser.

8. LOG FILES; WEB BEACONS

8.1 The PSC Partners Patient Registry may use log file information sent by your web browser (which may include information such as your web request, Internet Protocol ("IP") address, browser type, browser language, referring/exit pages and URLs, platform type, and other information) to analyze trends, administer the registry site, track the movement of users, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information. The PSC Partners Patient Registry may also employ "web beacons" (also known as clear gifs) to track online usage patterns of users. This information is not linked to personally identifiable information.

Web beacons may also be employed for tracking and receipt purposes in connection with web-based emails we send to users.

9. WEBSITE LINKS

9.1 The PSC Partners Patient Registry website may contain links to other websites. The Privacy Policy applies solely to information collected on or submitted to the PSC Partners Patient Registry Website. The registry is not responsible for the privacy practices of other sites linked to the Registry Website. The Registry encourages users to read the privacy policies of websites when they connect to them through the PSC Partners Patient Registry Website.

10. COMMUNICATIONS FROM PSC PARTNERS

10.1 From time to time, the PSC Partners Patient Registry will notify users of updates and other valuable information about the Registry, the Registry Website, and related clinical and research information. By using the Registry Website or registering or subscribing for services provided on or through the Registry Website, users consent to being contacted by the PSC Partners Patient Registry, and to receiving such updates and information. In the case of emails coming directly from the PSC Partners Patient Registry, such emails will clearly be from the Registry and will include instructions on how to unsubscribe from future emails.

11. REQUIRED DISCLOSURES

11.1 You understand and agree that the PSC Partners Patient Registry may disclose information provided if in its good faith belief such disclosure is required by applicable law.

12. CONTACT US; MEMBER ACCOUNTS

12.1 If you elect to contact the Registry through contact information provided on the PSC Partners Patient Registry Website, or register for an account, you may be asked for any of the following: name, e-mail address, e-mail subject and a message containing their inquiry (in the case of a "contact us" inquiry), and certain profile and account information (in the case of a member account registration). The Registry stores this data in order to reply to the submitted inquiry or to establish and service the member account. The submitted information is then subject to the terms detailed in the Registry Privacy Policy.

13. CHILDREN UNDER THE AGE OF EIGHTEEN (18)

13.1 The Registry is unable to prevent children under the age of eighteen (18) from visiting the PSC Partners Patient Registry Website; however, no part of our Registry Website is directed at or intended for persons under the age of eighteen (18). If you are under the age of eighteen (18), please do not access the Registry Website at any time or in any manner. In order to comply with the Children's Online Privacy Protection Act (children under the age of thirteen) and the Global Data Protection Regulations (GDPR) (children under the age of 16), the Registry will not knowingly collect personally identifiable information from children under the age of eighteen (18). By providing personal identifiable information through the Registry Website including, but not limited to, your name and e-mail address, you represent and warrant that you are at least eighteen (18) years of age and that you agree to comply with the Privacy Policy. If, at any time, the registry learns that personally identifiable information has been collected from persons under the age of eighteen (18) without verified consent from a parent, guardian, or legally authorized representative, the Registry will take the appropriate steps to delete such information.

14. NOTICE TO INDIVIDUALS LOCATED IN THE ECONOMIC EUROPEAN UNION OR SWITZERLAND

a. Our relationship to you. A "data controller" is an entity that determines the purposes for which and the manner in which any personal information is processed. We are a controller in relation to the information that you enter into the Registry Website about yourself. Any third parties that act as our service providers are "data processors" that handle your personal information in accordance with our instructions. In relation to the PSC Partners Patient Registry, Invitae is the host of the registry platform at the direction of the PSC Partners Patient Registry, and as such is a processor.

b. Lawful basis for controlling your personal information. We describe our controlling activities in Section 2 ("Collection, Use & Disclosure of Information & Retention"). The legal basis we rely on in controlling personal information is as follows 1) Controlling is based on our legitimate interest to better understand you, to maintain and improve the accuracy of the information we store about you, and to optimize the Registry for research purposes. Controlling is necessary for compliance with our legal obligations, the public interest, or in your vital interests. Controlling is based on your consent as required under the applicable law. In relation to quality control and validation and for research purposes, to the extent the de-identified data is anonymized, it is not considered personal data and falls outside the General Data Protection Regulations (GDPR).

c. Marketing Activities. Direct marketing includes any communications that are only based on advertising or promoting products and services. The Registry does not engage in advertising or promoting products and services. Transactional communications about your account are not considered "direct marketing" communications. We will only contact Users by electronic means (including email or SMS) based on our legitimate interest or their consent. When we rely on legitimate interest, we will only send you information about our PSC Partners Patient Registry and services. If you do not want us to use your personal information in this way, please click an unsubscribe link in your emails, or contact us at registrycoordinator@pscpartners.org.

d. Individual Rights. We provide you with the rights described below when you use our Services. When we receive an individual rights request from you, please make sure you are ready to verify your identity. Please be advised that there are limitations to your individual rights. We may limit your individual rights in the following ways: (i) where denial of access is required or authorized by law; (ii) when granting access would have a negative impact on others’ privacy; (iii) to protect our rights and properties; and (iv) where the request is frivolous or burdensome. If you have questions or if you would like to exercise your rights under the applicable law, please contact us at registrycoordinator@pscpartners.org.

i. Right to withdraw consent. If we rely on consent to collect, control, and/or process your personal information, you have the right to withdraw your consent at any time. A withdrawal of consent will not affect the lawfulness of our controlling or the processing of any third parties based on consent before your withdrawal.

ii. Right of access and rectification. If you request a copy of your personal information that we hold, we will provide you with a copy without undue delay and free of charge, except where we are permitted by law to charge a fee. We may limit your access if such access would adversely affect the rights and freedoms of other individuals. You may request to correct or update any of your personal information held by us, unless you can already do so directly via the Services.

iii. Right to erasure (the "Right to be Forgotten"). You may request us to erase any of your personal information held by us that: is no longer necessary in relation to the purposes for which it was collected or otherwise controlled and/or processed; was collected in relation to controlling and/or processing that you previously consented to, but later withdrew such consent; or was collected in relation to controlling and/or processing activities to which you object, and there are no overriding legitimate grounds for our controlling and/or processing.

iv. Right to object to controlling and/or processing. You may object to our controlling and/or processing at any time and as permitted by applicable law if we control and/or process your personal information on the legal basis of consent, contract, or legitimate interests. We can continue to control and/or process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.

v. Right to restriction. You have the right to restrict our controlling and/or processing your personal information where one of the following applies:

    • You contest the accuracy of your personal information that we controlled and/or processed. We will restrict the controlling and/or processing of your personal information, which may result in an interruption of some or all of the Services during the period necessary for us to verify the accuracy of your personal information.
    • The controlling and/or processing is unlawful, and you oppose the erasure of your personal information and request the restriction of its use instead.
    • We no longer need your personal information for the purposes of the controlling and/or processing, but it is required by you for the establishment, exercise, or defense of legal claims.
    • You have objected to controlling and/or processing, pending the verification whether the legitimate grounds of our processing override your rights.
    • We will only control and/or process your restricted personal information with your consent or for the establishment, exercise, or defense of legal claims; or for the protection of the rights of another natural or legal person; or for reasons of important public interest. We will inform you if or when the restriction is lifted.

vi. Right to data portability. If we control and/or process your personal information based on a contract with you or based on your consent, or the controlling and/or processing is carried out by automated means, you may request to receive your personal information in a structured, commonly used, and machine-readable format, and to have us transfer your personal information directly to another "controller" and/or "processor," where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others.

vii. Right to lodge a complaint. If you believe we have infringed or violated your privacy rights, please contact us at registrycoordinator@pscpartners.org so that we can work to resolve your concerns. You also have a right to lodge a complaint with a competent supervisory authority situated in a Member State of your habitual residence, place of work, or place of alleged infringement.

15. NOTIFICATIONS OF CHANGES

15.1 Please review the Privacy Policy whenever you use the Registry Website in order to be aware of the ways that your information is used. PSC Partners reserves the right to change the Patient Registry Privacy Policy at any time, without prior notice. Please check for updates.

16. SHARING PERSONAL INFORMATION ONLINE

Please keep in mind that whenever you voluntarily disclose personal information online - for example on message boards, through e-mail, or in chat areas - that information can be collected and used by others. In short, if you post personal information online that is accessible to the public, you may receive unsolicited messages from other parties in return.

Date effective: June 1, 2020