1.         INTRODUCTION

This Privacy Policy (“Policy”) of DCI Donor Services, Inc., a Tennessee nonprofit corporation (“our,” “us,” “we,” or “DCIDS”), applies to each individual from whom we receive personal information through our Environment (defined below) (“you” or “your”).

This is an important document that describes how we collect, use, and disclose your personal information. We do not guarantee or warrant the security or protection of your personal information, and you assume the risk that an unauthorized party (e.g., a hacker or cyber attacker) might access, misuse, or destroy your personal information. Therefore, please carefully review this Policy, and ensure that you find it acceptable before using our Environment or providing your personal information to us.

We are comprised of several organ procurement organizations (“OPOs”). In pursuit of our mission to save and improve lives, we provide services that facilitate the donation and transplantation of organs and tissue, which includes the processing of certain tissues for transplanting. We also perform certain autotransplantation services. In accordance with applicable law (including 45 C.F.R. § 164.512(h) of the Health Insurance Portability and Accountability Act (“HIPAA”)) our OPOs may receive protected health information from health care providers who are covered entities under HIPAA without individual authorization or consent. Our OPOs may do so for purposes of facilitating organ, eye, or tissue donation and transplantation. In accordance with HIPAA, neither DCIDS nor our OPOs are deemed business associates or vendors of any covered entities under HIPAA.

In this Policy, we use certain terms that have specific meanings, such as “automated profiling,” “biometric information,” “deidentified,” “personal information,” “sell,” “sensitive personal information,” and “targeted advertising.” For the full set of definitions, please see the end of this Policy at Section 6.5.

We may update this Policy from time to time. The date provided at the top of this Policy is the latest revision date of this Policy. To request a prior version of this Policy, please contact us.

2.         OUR ENVIRONMENT

2.1       Description of Our Environment. The following is a list of the resources and property that we and our affiliates may use to collect your personal information, which may vary depending on the nature of your interactions with us and may not include all of the examples listed below (collectively, our “Environment”):

• the website that displays this Policy (“Site”) as well as any and all additional websites, mini sites, ecommerce stores, online portals, web portals, mobile applications and electronic user interfaces owned or controlled by us that are incorporated into or connected to the Site.
• any of our social media channels and messaging platforms that enable you to communicate with us via emails, texts, or direct messages.
• any of our phone systems and video conferencing systems that enable you to communicate with us via teleconference, video conference, or video session messaging.
• any of our surveillance cameras located at any of our brick-and-mortar facilities.
• any of our surveys, forms, computer tablets, and other materials used to document or record any answers, feedback, or information that you provide when you are located at any brick-and-mortar facilities of us or our affiliates, including donor recruitment fairs. 

2.2       Outside of Our Environment. Our Site may provide buttons or hyperlinks that enable you to leave our Site and connect with platforms controlled by third parties, such as third party websites, social network venues, and mobile applications. Notably, our Site displays a “Register” button. When you click this button, our Site displays an interface that helps you find and visit a governmental donor registry website where you may register to become an organ or tissue donor. By clicking and using these buttons, hyperlinks, and interfaces, you may leave our Site, which may enable the applicable third party to collect or disclose your personal information. We do not control these third party platforms, and they are not part of our Environment. We encourage you to review the privacy policies of these third party platforms and exercise caution before providing your personal information to them. 

3.         OUR NOTICES TO YOU

3.1       No Sale. We do not sell your personal information, nor do we sell any of your sensitive personal information that we may collect. At least for this reason, our Site does not display a “Do Not Sell” opt-out link.

3.2       No Sharing for Targeted Advertising. We do not distribute or provide your personal information (sensitive or otherwise) to any advertising network or other third party for purposes of targeted advertising. At least for this reason, our Site does not display a “Do Not Share” opt-out link.  

3.3       Minors Under 16 Years of Age. As indicated above, we do not sell the personal information of any consumer under 16 years of age, nor do we share the sensitive personal information of any consumer under 16 years of age for targeted advertising.

3.4       Sensitive Personal Information. We may collect your sensitive personal information depending upon the intended use of our Environment, the nature of our transactions and communications with you, and our Business Purposes (defined in Section 3.6). To the extent required by applicable law, we will obtain your consent before collecting your sensitive personal information. If we collect your sensitive personal information, we may use or disclose it only: (a) as authorized by applicable law; or (b) as necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services, including the services that we perform for the Service Purposes (defined in Section 3.6). For the reasons described above, our Site does not display a “Limit the Use of My Sensitive Personal Information” opt-out link.

3.5       Categories of Personal Information That We Collect. The following is a list of the categories of your personal information that we may collect for our Business Purposes, which may vary depending on the nature of your interactions with us and may not include all of the examples listed below:

• Identifiers – such as your real name, alias, postal address, telephone number, unique personal identifier, online identifier, username, email address, account name, social security number, driver’s license number, state identification card number, passport number, signature, social security number, or other similar identifiers.

• Network Activity and Device Information – such as your Internet Protocol (IP) address, device, browser, internet or other electronic network activity information, including browsing history, search history, information regarding your interaction with an internet website, application, or advertisement, network routing information (where you came from), date/time stamps, clickstream information (when a webpage was visited and how much time was spent on the webpage), device information or identifier, browser type, referring/exit webpages, and number of visitors, views, and interactions. 

• Geolocation Data – such as your general geographic location, which may be determined using your Internet Protocol (IP) address or cellular signals generated by your mobile device. 

• Audio, Visual and Other Information – such as your physical characteristics or description, and your audio, electronic, visual, thermal, olfactory, or similar information, including voices, sounds, photos and videos of you.

• Financial Information – such as your bank account number, credit card number, debit card number, or other financial information.

• Background Information – such as your education, professional background, biographical information, employment history, employment information, job application information, and work history.

• Characteristics of Protected Classes – such as your race, color, religion, sex (including pregnancy, sexual orientation, gender, gender identity or expression), age, disability, genetic information, national origin, and citizenship status.

• Consumption Records – such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

• Biometric Information – such as your biometric information that specifies your face, eyes, fingerprints, or voice.

• Health Information – such as your health insurance policy number, health insurance information, medical information, and health information, including any protected health information or personally-identifiable health information that we may receive from health care providers, donors, recipients of organs or tissue, or families of the donors or recipients.

• Inferred Profile Information – such as inferences drawn from any of the information described above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.

3.6       Our Purposes for Collecting Your Personal Information

• Service Purposes. We may collect, use or disclose your personal information for the following purposes (“Service Purposes”):

• Quality & Safety – undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, or to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.

• Security – helping to ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate for these purposes.

• Services – performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf.

• Short-Term Use – short-term, transient use, including nonpersonalized advertising shown as part of your current interaction with us, provided that your personal information is not disclosed to another third party and is not used to build a profile about you or otherwise alter your experience outside the current interaction with us.

• Business Purposes. We may collect, use or disclose your personal information for our Service Purposes, our operational purposes, and the following additional purposes, provided that our use of your personal information is necessary and proportionate to achieve the purpose for which your personal information was collected or processed or for another purpose that is compatible with the context in which your personal information was collected (collectively, our “Business Purposes”):

• Auditing – auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.

• Debugging – debugging to identify and repair errors that impair existing intended functionality.

• Internal Research – undertaking internal research for technological development and demonstration.

• Marketing – providing to you, advertising and marketing services other than targeted advertising, provided that, for the purpose of advertising and marketing, we will not combine the personal information of opted out consumers that we receive with personal information that we receive from another person or that we collect from our own interaction with consumers.

• Non-Inference – collecting or processing sensitive personal information for a purpose other than inferring characteristics about you.

• Complying with Law. We may also use or disclose your personal information to the extent necessary for us to: (a) comply with federal, state or local laws; (b) comply with civil, criminal or regulatory inquiries, investigations, search warrants, subpoenas, summons, orders, injunctions and mandates issued by courts, judicial authorities, law enforcement authorities or governmental authorities, including federal, state or local authorities; and (c) cooperate with such authorities.

3.7       How We Collect Your Personal Information

• Methods. We may use our Environment to collect your personal information through a variety of methods, such as the following:

• automatically pulling data from your browser or device (such as your computer or smartphone) by embedding computer code or data files to track your activity or geolocation, by other tracking means, or by using cookies or other tracking technologies that may be transparent or hidden from view.

• receiving information you have provided to us via phone, text, email, electronic message, online form submission, or other communications.

• communicating with third parties, such as covered entity health care providers, donors, recipients of organs or tissue, and families of the donors or recipients.

• capturing and storing third party posts or publications that contain photos, videos, or other content you have posted on publicly-available social media platforms. 

• communicating with you in person.

• photographing or video recording you, in accordance with applicable law, when you visit our brick-and-mortar facilities. 

• Surveillance Cameras. Some of our brick-and-mortar facilities are equipped with surveillance cameras. These cameras capture video recordings of the environment within their field of vision, including any individuals in their field of vision. These cameras do not record or capture conversations, voices, or other sounds. The video recordings do not contain biometric information. We do not use facial recognition technology or other methods to identify individuals based on the video recordings. We use the video recordings for our Business Purposes, including our purposes of: (a) monitoring and improving the quality of our services; (b) training and managing employees; and (c) responding to any criminal investigations conducted by law enforcement authorities.

3.8       Sources of Your Personal Information. We may obtain your personal information from the following categories of sources:

• You – You may send us your personal information when you use our products, services or Environment. 

• Your Devices – We may pull your personal information from your devices and browsers through tracking methods and by placing cookies, as described below.   

• Third Parties – We may, in accordance with applicable law (including HIPAA), receive your personal information from covered entity health care providers in accordance with an exception to patient consent under HIPAA, donors, recipients of organs or tissue, and families of the donors or recipients.

• Our Affiliates – Our affiliates may collect your personal information for our Business Purposes.

3.9       Receivers of Your Personal Information. We may disclose your personal information to the following third party receivers:

• Technology Suppliers – third parties that: (a) supply and operate software-based tools and programs that we connect to our Site, such as plugins, widgets, and extensions; (b) supply and operate servers, databases, and online platforms that we connect to our Site, such as cloud-based applications and web portals; (c) provide software-as-a-service that we connect to our Site; and (d) provide other software-based services that we order, including the following:  
  • web hosting
  • web content management
  • web analytics
  • online ecommerce processing
  • credit card and payment processing
  • hosting communication systems, such as any text message and email marketing systems

• Contractors – third parties that provide, lease, or license products, services, data centers, or other facilities to us, such as customer support providers, payment processing consultants, order fulfillment contractors, product developers, event managers, information technology consultants, cyber security advisors, computer programmers, business advisors, auditors, accountants and attorneys. 

• Corporate Affiliates – third parties that control us, that we control, or that are under common control with us, such as our parents, subsidiaries and sister entities.

• Legal Authorities – legal authorities, such as courts, judicial authorities, law enforcement authorities or governmental authorities (including federal, state, or local authorities) in connection with any civil, criminal or regulatory inquiry, investigation, search warrant, subpoena, summons, order, injunction or mandate issued by any such legal authority.

3.10     How Long We Keep Your Personal Information. For each of the categories of personal information provided above, we may keep your personal information for a period lasting as long as is reasonably necessary for our purpose of collecting it or as otherwise required by applicable law. At the end of the period or when you delete your user account, whichever comes first, we may permanently destroy, erase, delete, encrypt or disable access to your personal information in a manner designed to ensure that it cannot be reconstructed or read. You will not be able to recover such personal information later. 

3.11     Your Personal Information Rights

• Right to Know. As described above, this Policy informs you of the categories of your personal information that we collect, our purposes for collecting or using it, whether we sell it or share it for targeted advertising, and the length of time that we retain it.

• Right to Request Deletion. You have the right to request that we delete your personal information that we have collected.

• Right to Request Correction. You have the right to request that we correct any inaccurate personal information about you that we maintain.

• Right to Request Usage Details. You have the right to request that we disclose the following to you: (a) confirmation as to whether or not we are collecting, using, storing, disclosing, analyzing deleting or modifying your personal information; (b) the categories of personal information that we have collected about you; (c) the categories of sources from which we have collected your personal information; (d) the business or commercial purpose for collecting your personal information and for any selling of it or sharing of it for targeted advertising; (e) the categories of third parties to whom we have disclosed your personal information; and (f) the specific pieces of personal information that we have collected about you, which may be requested in a portable, and to the extent technically feasible, readily usable format that enables you to transmit the personal information to another entity without hindrance.

• Right to Request Details About Sales, Sharing or Disclosure. You have the right to request that we disclose the following to you: (a) the categories of any of your personal information that we have sold or shared to third parties for targeted advertising; (b) the categories of any such third parties, itemized by category of your personal information; and (c) the categories of your personal information that we have disclosed to persons for a Business Purpose, and the categories of those persons.

• Right to Opt Out. You have the right, at any time, to: (a) direct any business that sells your personal information or shares it for targeted advertising, not to do so; (b) opt out of profile-based advertising; and (c) opt out of automated profiling, including automated profiling conducted in furtherance of decisions that produce legal or similarly significant effects concerning you.

• Right to Limit Use and Disclosure of Sensitive Personal Information. You have the right, at any time, to direct any business that collects your sensitive personal information to limit its use of your sensitive personal information to the extent authorized by regulations adopted pursuant to applicable law or only as necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services, including the services that we perform for the Service Purposes.

• Right of Non-Discrimination. You have the right to be free of any discrimination related to your exercise of any of your rights provided in this Policy or otherwise under applicable law. You understand that, as permitted by applicable law, we may provide you with a price, rate, level, or quality of goods or services that differs from what we offer to other consumers if that price or difference is reasonably related to the value that we receive, if any, based on your data.

• Right and Method to Contact Us. To submit a request or notice to us under this Section, you may send your request or notice through our contact page or by writing or emailing us at the following address or by calling the toll-free number shown below: 

DCI Donor Services, Inc.

566 Mainstream Drive

Suite 300

Nashville, Tennessee 37228  

Email Address: info@dcids.org

Phone: 1-877-401-2517

• Right to Authorize an Agent. You may authorize another person to provide us with your request or notice under this Section, and we will comply with such request or notice if we can verify that you have given such authority as described in Section 3.12.

3.12     Our Response Procedures

• Verification. For security purposes, before processing your request or notice under Section 3.11, we will take steps to determine whether the request is a verifiable request or whether the notice is verifiable. We are not obligated to provide information that you may request under this Section if we cannot verify, pursuant to applicable law, that the person making the request is the individual about whom we have collected information or is a person authorized by the individual to act on the individual’s behalf.

• Our Response. We will respond to your requests and notices within a reasonable timeframe and in accordance within the requirements, frequency, and timing specified by applicable law. We may decline part or all of your requests or notices as permitted by applicable law, and we will inform you of the reason for the decline.

• Decline of Requests. We may decline to delete your personal information if it is reasonably necessary for us to maintain your personal information in order to: (a) complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated by you within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us; (b) help to ensure security and integrity to the extent the use of the your personal information is reasonably necessary and proportionate for those purposes; (c) debug to identify and repair errors that impair existing intended functionality; (d) exercise free speech, ensure the right of another consumer to exercise that your right of free speech, or exercise another right provided for by law; (e) engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the ability to complete such research, if you have provided informed consent; (f) enable solely internal uses that are reasonably aligned with the expectations of you based on your relationship with us and compatible with the context in which you provided the information; or (g) comply with a legal obligation or applicable law.

• Frequency and Historical Period. Pursuant to applicable law, we may not be required to provide you with the same type of information under this Section more than twice in a twelve (12) month period, and we may not be required to provide more than twelve (12) months of historical information. 

4.         COOKIES

4.1       Cookies. A cookie is a small data file that our websites store on the browser of your device, such as your computer or smartphone. Your browser, such as Chrome, Firefox, Edge or Safari, stores cookies in the memory of your device. Our webservers or the webservers of our affiliates may receive and use these cookies when you return to our websites. You can learn more information about cookies at www.allaboutcookies.org. 

4.1.2    Essential Cookies. In accordance with applicable law, we may use certain types of cookies (sometimes referred to as essential cookies or necessary cookies) without your prior consent to enable our websites to work properly, securely and efficiently for Service Purposes, including enabling our Site to perform the functions described in this Section below. We use these types of cookies: (a) for the performance of a contract to which you are a party; (b) to take steps at your request before entering into a contract; or (c) as necessary for us to process your personal information for purposes of our legitimate interests. For example, we may use these types of cookies for the following purposes:

• To save pieces of information you have entered during online transactions at our website, such as items you have added to a shopping cart, as well as names, addresses, usernames, passwords and other text you have entered in forms on our websites. 
• To verify whether you are logged-in to an account on our websites for authentication and security purposes.
• To operate with adequate security, speed and electronic performance.

4.1.3    Nonessential Cookies. We may use other types of cookies (sometimes referred to as nonessential cookies or marketing cookies) for our Business Purposes, including studying how you interact with our Site and spend time viewing particular content on our Site. For example, we may use these cookies to record your browsing history, such as the particular buttons you have clicked and the particular webpages you have visited. This helps us personalize your experience, improve our websites, enhance our products and services, and identify new products or services that may be in demand. 

4.1.4    Disabling and Deleting Cookies. There are several ways for you to stop or limit our use of certain types of cookies. If there is a cookie settings hyperlink on our Site, you may use the hyperlink to disable certain types of cookies. Also, you may use your browser’s settings to disable, limit or delete certain cookies. Please keep in mind, however, that our Site may no longer work properly if you disable, limit or delete cookies.

5.         NOTICES REGARDING PARTICULAR JURISDICTIONS

5.1       State Laws of the United States

5.1.1    States with Comprehensive Data Privacy Laws. Presently, several states of the United States have enacted comprehensive data privacy laws. This Policy has been prepared to provide you with the notices and rights set forth in these laws. If you reside in any of these states and have a question or concern related to this Policy, please contact us using one of the methods described in Section 3.11.

5.1.2    California – Information-Sharing Disclosure, Shine the Light. Under California Civil Code Section 1798.83 (also known as Information-Sharing Disclosure, Shine the Light), if you are a California resident and your business relationship with us is primarily for personal, family, or household purposes, you may request certain data regarding our disclosure, if any, of personal information to third parties for the third-parties’ direct marketing purposes. To make such a request, please use one of the methods described in Section 3.11. You may make such a request up to once per calendar year. In accordance with California Civil Code Section 1798.83, we will provide to you, by email, a list of the categories of personal information disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year, along with the third parties’ names and addresses and any other information required by California Civil Code Section 1798.83. 

5.2       Federal Laws of the United States.We may enter into a contract with you (or engage in a transaction with you) that involves our receipt of information from you that is governed or regulated by federal laws of the United States. These federal laws may provide certain requirements that we must satisfy that are not set forth in this Policy, and we will comply with the requirements. Nothing in this Policy will eliminate or decrease any of our obligations under these federal laws. In the event of a conflict between any part of this Policy and any requirements of these federal laws, the requirements of the federal laws will control. 

5.3       Europe. We are headquartered in the United States with no physical presence in Europe or in any other country outside of the United States. In the event that our business activities bring us within the scope of the General Data Protection Regulation ((EU) 2016/679)) (the details of which may be found at https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en) (“GDPR”), we will comply with the applicable requirements of the GDPR, and we may process your personal information if: (a) you have given us your consent to process your personal information for one or more specific purposes; (b) it is necessary for us to process your personal information: (i) for the performance of a contract to which you are a party; or (ii) in order to take steps at your request before entering into a contract; (c) it is necessary for us to process your personal information to comply with a legal obligation to which we are subject; (d) it is necessary for us to process your personal information for purposes of our legitimate interests pursued by us or a third party (which includes our Service Purposes), except where the interests are overridden by the interests or fundamental rights and freedoms of you that require protection of personal information, particularly if you are a child; or (e) another necessity arises for which such processing is permitted under the GDPR. If our business activities bring us within the scope of the GDPR and you have any concerns regarding our collection or processing of your personal information, you have the right to lodge a complaint with the supervisory authority established for your location in the European Economic Area, the United Kingdom, or Switzerland.

6.         MISCELLANEOUS

6.1       Deidentified Information. With respect to deidentified information derived from your personal information, we retain the right to collect, process, use, store, sell, share, disclose, and distribute the deidentified information in accordance with applicable laws. If we exercise this right, we will maintain and use the deidentified information and not to attempt to reidentify it, except that we may reidentify the information only to determine whether our deidentification processes satisfy the requirements of applicable laws.

6.2       Our Marketing Communications via Emails, Text Messages, and Phone Calls

6.2.1    Unsubscribing to Our Emails and Messages. Our Environment may enable you to subscribe to or signup for our marketing communications, such as emails or text messages that provide our newsletters, updates, or marketing messages. Our Environment or the communications will enable you to unsubscribe to our emails and messages by changing a setting, clicking an unsubscribe link, texting “Stop,” or making another input. Even if you opt out or unsubscribe to receiving our marketing communications, we may continue to send you non-marketing communications, such as communications related to services or products that you have ordered from us, or our performance of contractual obligations that we owe to you.

6.2.2    SMS Use and Consent. If you provide your mobile phone number for us to use for text message communications related to our Business Purposes, we will not distribute your mobile phone number to a third party without your prior consent. We will not transfer your consent to receive such communications to any third party.

6.3       Transfer/Storage Outside of the United States. Unless prohibited by applicable laws or contractual obligations that we owe to our affiliates, we may store your personal information in webservers located anywhere in the world, and we may transfer your personal information from one country (e.g., the United States) to any other country, where it may be stored and processed for the uses described in this Policy.

6.4       Law Enforcement and Legal Claims. Nothing in this Policy will prevent or restrict us from:

• complying with federal, state, or local laws or complying with a court order or subpoena to provide information.
• complying with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities. 
• cooperating with law enforcement agencies concerning conduct or activity that we, our affiliates or associates reasonably and in good faith believe may violate federal, state, or local law.
• cooperating with a government agency request for emergency access to your personal information if a natural person is at risk or in danger of death or serious physical injury provided that: (a) the request is approved by a high-ranking agency officer for emergency access to your personal information; (b) the request is based on the agency’s good faith determination that it has a lawful basis to access the information on a nonemergency basis; and (c) the agency agrees to petition a court for an appropriate order within three days and to destroy the information if that order is not granted.
• exercising or defending legal claims.

6.5       Definitions. In this Policy, we use the words and phrases “including,” “includes,” “such as” and “e.g.” in a non-limiting fashion, and the following terms (whether used in capitalized or lowercase form) will have the following meanings given to them: 

“affiliates” means our third party technology suppliers, contractors, corporate affiliates, service providers, processors, vendors, licensors, lessors, and other third parties with whom we have a business relationship. If our Site simply provides a hyperlink to a platform controlled by a third party (such as a third party website, mobile application, or social network venue) the third party is not considered our affiliate.

“automated profiling” (referred to in some jurisdictions as “profiling”) means any form of automated processing of personal information to evaluate, analyze, or predict personal aspects concerning any identified or identifiable individual’s economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

“biometric information” means an individual’s physiological, biological, or behavioral characteristics, including information pertaining to an individual’s deoxyribonucleic acid (DNA), that is used or is intended to be used singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes: (a) imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted; (b) keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information; and (c) information based on an individual’s retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry, which is used to identify the individual, excluding any item of such information that is not deemed biometric information according to specific exclusions set forth in applicable law.

“business” means a sole proprietorship, partnership, limited liability company, corporation, association, person other than a consumer, or other legal entity.

“consumer” (referred to in some jurisdictions as “data subject”) means a natural person.

“deidentified” (referred to in some jurisdictions as “pseudonymized”) means information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular consumer, provided that the business that possesses the information satisfies the requirements of applicable law related to the use of deidentified information.

“personal information” (referred to in some jurisdictions as “personal data”) means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, but personal information does not include: (a) publicly available information as defined or characterized by applicable law; (b) lawfully obtained, truthful information that is a matter of public concern; or (c) consumer information that is deidentified.

“security and integrity” means the ability of: (a) networks or information systems to detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information; (b) businesses to detect security incidents, resist malicious, deceptive, fraudulent, or illegal actions and to help prosecute those responsible for those actions; and (c) businesses to ensure the physical safety of natural persons.

“sell,” “selling,” “sale,” or “sold’’ means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for monetary or other valuable consideration, excluding any of the foregoing activities that are not deemed to be a sale according to specific exclusions set forth in applicable law.

“sensitive personal information” means: (1) personal information that reveals: (a) a consumer’s social security, driver’s license, state identification card, or passport number; (b) a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (c) a consumer’s precise geolocation, including any data that is derived from a device and that is used or intended to be used to locate the consumer within a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet, except as prescribed by applicable law; (d) a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership; (e) the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication; or (f) a consumer’s genetic data; (2) the processing of biometric information for the purpose of uniquely identifying a consumer; (3) personal information collected and analyzed concerning a consumer’s health; and (4) personal information collected and analyzed concerning a consumer’s sex life or sexual orientation. Sensitive personal information that is “publicly available” (as described above) will not be considered sensitive personal information or personal information.

“targeted advertising” (referred to in some jurisdictions as “cross-context behavioral advertising”) means the targeting of advertising to a consumer based on data that is derived from the consumer’s behavior across distinctly-branded platforms (e.g., websites, applications, and other venues) beyond the business or distinctly-branded platform with which the consumer intentionally interacts. The definition of targeted advertising does not include advertising based on your activities within our Environment, nor does it include other advertising activities that are not deemed to be targeted advertising according to specific exclusions set forth in applicable law.

“verifiable request” means a request that is made by you, by you on behalf of your minor child, by a natural person or a person authorized by you to act on your behalf, or by a person who has power of attorney or is acting as a conservator for you, and that we can verify, using commercially reasonable methods, pursuant to applicable law.

End of Privacy Policy

© 2024 DCI Donor Services, Inc.