Effective Date: August 1, 2020
MyCancerDB empowers cancer patients to identify personalized treatment options created from their genomic data. Our cloud-based platform provides a clear way to manage your entire cancer journey from diagnosis and disease progression through treatment response and regression.
The Website allows you to easily access and use content, including features, resources and other information intended to help you learn about the services MyCancerDB may offer, whether directly or through our partners, including genomic sequencing, storage of genomic data, data analytics, and treatment planning.
Information Collection and Use
We collect several different types of information for various purposes to provide and improve our Website.
Types of Data Collected
While visiting our Website, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”), including, without limitation, when you complete an interest form. Personal Data information may include, but is not limited to, your email address, first and last name, and telephone number. For purposes of this policy, please note that Personal Data includes information you provide about yourself or other family members on whose behalf you are using the Website or completing and submitting our “Contact Us” form. “You” and “your” includes you and these family members. You may, however, visit portions of the Website without providing any Personal Data.
We may also collect information that your browser sends whenever you visit the Website (“Usage Data”).
This Usage Data may include information such as your computer’s Internet Protocol address (i.e., IP address), browser type, browser version, the pages of our Website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.
When you access the Website with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
Tracking and Cookies Data
Use of Data
MyCancerDB uses the collected data for various purposes, including to provide and maintain the Website, to notify you about changes to our Website, to allow you to participate in any interactive aspects of our Website when you choose to do so, and to respond to your requests, questions, and feedback. We also use the collected data to monitor usage of the Website, to provide analysis or information so that we can improve the Website, and to detect, prevent and address technical issues.
We may also de-identify and aggregate your Personal Data for our own purposes. Aggregated Data is information that has been combined with that of other users and analyzed or evaluated as a whole, such that no specific individual may be reasonably identified. “De-identified Information” is information that has been stripped of your identifiers, such as your name, contact information, and other identifying data, such that you cannot reasonably be identified as an individual.
We will handle your Personal Data in strict accordance with applicable law. We only collect Personal Data for specified, explicit and legitimate purposes and limit collection of Personal Data to the extent necessary for such purposes. We will store Personal Data for no longer than necessary for the purpose for which Personal Data are processed. Personal Data will be stored and processed in a manner that ensures appropriate security of the information.
Transfer of Data
Your information, including Personal Data, may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
How we Communicate with You
When you send email or other communications to MyCancerDB, we may retain those communications in order to process your inquiries, respond to your requests, and improve our Website and related products and services. When you send and receive messages we may collect and maintain information associated with those messages.
If you provide us with Personal Data through our Get In Touch form, we may send you a welcome email to verify your information. We will communicate with you in response to your inquiries. We will communicate with you by email or telephone, in accordance with your preference.
You acknowledge that by providing us with your telephone number, cell phone number, and email address, we may use that information to send you updates about upcoming clinical trials in your area that you may be interested in or could qualify for. If we do, out of respect for your privacy, we will provide an option not to receive these types of communications.
Disclosure of Data
You understand and agree that we can disclose your Personal Data and other data to third parties, as follows:
To Comply with Legal Requirements
We may disclose your Personal Data in the good faith belief that such action is necessary to: (1) comply with legal obligation; (2) to prevent or investigate possible wrongdoing in connection with the Website; (3) to act to protect the safety of visitors to the Website; (4) to protect and defend the rights or property of; or, (5) protect MyCancerDB against legal liability.
To Our Subsidiaries , Affiliates and Service Providers
We may disclose your Personal Data to our subsidiaries or affiliates, strategic partners and to third-party services providers (“Service Providers”) we engage to provide services on our behalf, such as web site hosting, customer service, etc. We may use Service Providers to perform related services or to assist us in analyzing how our Website is used. These third parties have access to your Personal Data only to perform these tasks on our behalf, and are obligated not to disclose or use it for any other purpose.
Security of Data
The security of your data is important to us. While we strive to use generally accepted industry security standard means to protect your Personal Data from loss, misuse, alteration or destruction by an unauthorized party, we cannot guarantee its absolute security. However, no method of transmission over the Internet, or method of electronic storage is 100% secure. In particular, e-mail sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Website or e-mail. Accordingly, you understand and agree that you transmit all data, including Personal Data, to us at your own risk. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Website or third-party websites.
Our current security measures include:
- Encrypted data transmission via SSL/HTTPS/TLS
- Encrypted data at rest via AES-256 encryption
Privacy and Third-Party Links
Our Website is intended only for use by adults, either for themselves or on behalf of family members, and is not intended for use by anyone under the age of 13 (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 13. If you have reason to believe that a child under the age of 13 has provided us with Personal Data, please contact us and we will endeavor to delete that information from our databases.
Retention of Your Personal Information
We will store the Personal Data you provide for as long as we believe is necessary or appropriate (i) to carry out the purpose(s) for which we collected it, or (ii) to comply with applicable laws, contracts, or other rules or regulations.
You may access and use the Website without providing any Personal Data. If you choose to provide any Personal Data, you may have the right to request to review, update, correct, suppress, restrict or delete Personal Data that you have provided to us through the Website. To make a request, please contact us as indicated below and we will respond to your request in a manner that is consistent with applicable law within a reasonable period of time. For your protection, we may need to verify your identity before taking action with your request.
Confidentiality of Unsolicited Information
Correcting and Updating Your Personal Information
You can correct or update your Personal Data by contacting us by e-mail at email@example.com. Please note it may take us up to 30 days to process your request.
Your California Privacy Rights
ONLINE PRIVACY PROTECTION ACT (CALOPPA)
Do Not Track.
As discussed above, we do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
Right to Request Data – California Civil Code 1798.83-1798.84 (“Shine the Light” law).
Under California law, California residents are entitled, on an annual basis, to request from MyCancerDB a notice describing what categories of personal customer information we share with third parties or corporate affiliates for those third parties or corporate affiliates’ direct marketing purposes. That notice will identify the categories of information shared and will include a list of the third parties and affiliates with which it was shared, along with their names and addresses. MyCancerDB will use commercially reasonable efforts to answer such inquiries as quickly as possible.
California Consumer Privacy Act of 2018 (“CCPA”).
California Civil Code Sec. 1798.100 et seq. – California Consumer Privacy Act of 2018.
When processing California Personal Information in accordance with your instructions, the parties acknowledge and agree that you are a consumer, and MyCancerDB is a Service Provider for the purposes of the CCPA.
The parties agree that MyCancerDB will process California Personal Information as a Service Provider strictly for the purpose of operating the Website (the “Business Purpose”). MyCancerDB uses data for its own legitimate Business Purpose as per this Policy. The parties agree that MyCancerDB shall not (a) Sell California Personal Information (as defined in the CCPA); (b) retain, use, or disclose California Personal Information for a commercial purpose other than for the Business Purpose or as otherwise permitted by the CCPA; or (c) retain, use, or disclose California Personal Information outside of the direct business relationship between you and MyCancerDB.
Your Data Protection Rights Under General Data Protection Regulation (GDPR)
Certain GDPR-Specific Definitions
Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed.
Data Processor means any natural or legal person who processes the data on behalf of the Data Controller.
We may use the services of various Service Providers (as defined below) in order to process your data more effectively. For such purposes, such Service Providers are Data Processors of your Personal Data.
Data Subject is any living individual who is using our Website, and is the subject of Personal Data. For purposes of this Policy, users are Data Subjects.
Your GDPR-Specific Rights
If you are a resident of the European Economic Area (EEA), you have certain data protection rights which may be different from or in addition to those provided for by other applicable law and/or the provisions contained in this Policy. In accordance with GDPR, MyCancerDB aims to take reasonable steps to allow you to correct, amend, delete, or otherwise limit the use of your Personal Data.
If you wish to be informed about what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
In certain circumstances, you have the following data protection rights:
The right to access, update or delete the information we have about you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
The right to object. You have the right to object to our processing of your Personal Data.
The right of restriction. You have the right to request that we restrict the processing of your Personal Data.
The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
The right to withdraw consent. You also have the right to withdraw your consent at any time where MyCancerDB relied on your consent to process your Personal Data.
Please note that we may ask you to verify your identity before responding to any such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA). Please also visit https://www.gdpreu.org/the-regulation/list-of-data-rights/ for additional information on your GDPR-specific rights.
To contact us with respect to either your California or GDPR rights, please e-mail us at firstname.lastname@example.org.
Contact Us with Questions and Comments
By email: email@example.com
77 Havemeyer Ln, Unit 67
Stamford, CT 06902