This EEA Privacy Policy (“Policy”) describes how Multiple Myeloma Research Foundation, Inc. and its subsidiaries and affiliates (“we” or “MMRF”) collect, use and share the Personal Data that we gather from users in the European Economic Area and the United Kingdom through MMRF websites, mobile apps, and other digital properties (collectively, our “Services”). It also describes the Personal Data that we gather about our financial donors in the European Economic Area, and the United Kingdom through the Services, at an event, over the phone, or by receiving a check.
If you have any questions about the Privacy Policy or our data practices, please contact us using the options in the Contact Us section below.
When we use the term “Personal Data,” we mean any information relating to an identified or identifiable individual.
Where applicable, we indicate whether and why you must provide us with your Personal Data, as well as the consequences of failing to do so. If you do not provide Personal Data when requested, you may not be able to benefit from MMRF’s Services if that information is necessary to provide you access to Services or if we are legally required to collect it. We obtain Personal Data relating to you from various sources described below.
We collect the following categories of Personal Data that you provide and process it for the following purposes based on the following legal bases, for example when you enter the data into form fields on our Services.
| Category of Personal Data | Purposes of Processing (see also Additional Uses of Personal Data below) | Legal Bases for Processing |
|---|---|---|
| Contact Information
name (individual and/or organization/company), physical address, telephone number, email address, social media (such as Twitter, Facebook, and Instagram accounts) and other electronic contact information |
To create, administer your account and the Services, authenticate you as a user, and communicate with you
To help you find a research study as a research subject To notify you of events that may be of interest to you and to provide you with event resources |
To process transactions requested by you and meet our contractual obligations
Legitimate interests Your consent, when applicable |
| Demographic Information
including your age, occupation/employer information, donation information/history, educational history and participation at MMRF events, your connection to myeloma |
To notify you of events that may be of interest to you, to target and deliver relevant offers and ads, to support our operations, and to improve our Services
To register you for professional education |
Legitimate interests
Your consent, when applicable |
| Payment Information
including credit card number (and expiration date), billing information (such as individual/company name, physical address, telephone number) |
To process donations and investments that you make online. To improve our donations and investment operations, to personalize your customer experience and to contribute to our marketing efforts, for example, by analyzing information about what products are viewed, when you browse items but do not make an investment | To process transactions requested by you and meet our contractual obligations
Legitimate interests Compliance with legal obligations Your consent, when applicable |
| Your Health Status
including your interest in participation in studies related to multiple myeloma, your multiple myeloma medical concerns, and any health information you choose to provide us |
To help you identify research studies that may be of interest to you
To help identify treatments and resources that may be able to assist you To connect you with advice from nurses To help you identify treatment centers |
Your explicit consent, when applicable |
| Investment Interests
including your interest in investing in potential treatments |
To identify your interests in investing in research carried out by MMRF | Legitimate interests |
| Financial Donor-Related Information
including contact information, payment information and other information such as: occupation/employer information, donation information/history, participation at MMRF events, and any other information provided by the donor to MMRF, such as public comments or posts made through the Services |
To establish a relationship and communicate with you, process contributions that you make; comply with all laws and regulations, including reporting requirements; conduct fundraising solicitations | To process transactions requested by you
Compliance with legal obligations Legitimate interests Your consent, when applicable |
As is true of most digital Services, we gather certain data automatically when you use our Services. This data may include browser, device, cookie and similar data that we collect as indicated below. For more information about our use of cookies please see our separate Cookie Policy.
| Information We Collect When You Use Our Services | Purposes of Processing (see also Additional Uses of Personal Data below) | Legal Bases for Processing |
| Log Files
including IP addresses, information about your mobile device, number of clicks and how you interact with links on our Services, domain names, landing pages, pages viewed, browser type, internet service provider, referring/exit pages and URLs, operating system, date/time stamp and/or clickstream data, and other such information. |
To maintain the security of our Services, for fraud detection, and to protect our rights
To administer webinars and events |
Legitimate interests |
| Analytics | We use analytics services, such as Google Tag Manager, to collect and process certain analytics data. These services may also collect information about your use of other websites, apps, and online resources. You can learn more about Google’s practices by visiting https://www.google.com/policies/privacy/partners/. To help us understand how you use our Services and to help us improve it, we automatically receive information about your interactions with our Services, like the pages or other content you view, the searches you conduct, transactions you make, any content you post, and the dates and times of your visits. | Legitimate interests
Your consent, when applicable |
| Location Information
including latitude, longitude, date and time (the precision of this data varies greatly and is determined by factors controlled by your device or mobile service provider) |
To offer you certain location-based services, such as delivering advertisements that are relevant to your particular location, and to conduct analytics to improve the Services | Legitimate interests
Your consent, when applicable |
In addition to the uses described above, we may use your Personal Data for the following purposes, which may under certain circumstances be based on your consent or on legal obligation, may be necessary to fulfill our contractual commitments to you, and are necessary to serve our legitimate interest in the following business operations:
When we rely on legitimate interests in using and sharing your Personal Data, these interests include:
Information From Third Party Services. If you choose to link our services to a third-party account, such as Facebook, Twitter, or Google, we may receive information about you, including your profile information and your photo, and your use of the third-party account. If you wish to limit the information available to us, you should visit the privacy settings of your third-party accounts to learn about your options.
Background Checks. We work with third-party partners to perform background checks on job applicants when permitted under local laws and receive publicly available information.
Research Studies. We receive Personal Data from investigative sites, CROs and other parties that participate in research studies. When you enroll in a research study that we sponsor or conduct, you will typically be provided with a consent form that contains notice provisions regarding the uses of your personal data. Please refer to the consent form that you sign when enrolling in one of our research studies to understand how your personal data collected in the study are processed.
Business Partners and Service Providers. We use business partners and service providers, such as payment processors and analytics providers, to perform services on our behalf. Some of these partners have access to Personal Data about you that we may not otherwise have (for example, when you sign up directly with that provider) and may share some or all this data with us. We use this data to administer the Services and conduct marketing and advertising campaigns as well as to process transactions that you request.
Supplemental Information. We may receive additional Personal Data from third-party sources, such as credit reference agencies and public databases, which we may append to existing consumer data, such as email address verification. We may use this supplemental information to process transactions that you request and to prevent fraud, deliver relevant offers and advertising to you and to improve our operations, Services and our advertising and marketing campaigns.
We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy (for example, if you have an account, for as long as your account is active; we retain financial donor-related information for 10 years), unless a longer period is required under applicable law. When determining the retention period, we take into account various criteria, such as the type of services provided to you, the nature and length of our relationship with you, possible re-enrolment with our services, the impact on the services we provide to you if we delete some information from or about you, and mandatory retention periods provided by law and the statute of limitations
We share your Personal Data with third parties only in the ways described in the Privacy Policy, when permitted by the applicable law:
MMRF may transfer your Personal Data within our family of companies and/or to the third parties discussed above. Your Personal Data may be transferred to, stored, and processed in a country other than the one in which it was collected. We may transfer your Personal Data outside the European Economic Area and the UK and when we do so, we rely on appropriate or suitable safeguards recognized under data protection laws. We may also transfer your Personal Data to countries for which adequacy decisions have been issued. You may contact us as specified below to obtain a copy of the safeguards we use to transfer Personal Data outside of the European Economic Area and the UK.
Certain websites, mobile applications or other digital properties included in the Services may contain additional disclosures related to your privacy. For example, if you choose to submit a testimonial through one of our websites, the content of your submission will be used according to the terms set out on the submission webpage as well as in the ways described in the Privacy Policy.
We are committed to protecting the privacy of children. Our Services are not directed to, and we do not intend to or knowingly collect or solicit Personal Data online from children under the age of 18. If you are under the age of 18, do not provide us with any Personal Data.
You have the following rights with regard to your Personal Data:
You may exercise these rights by contacting us as indicated at the bottom of this Privacy Policy.
The Services may include links to websites and digital services operated by third parties. This Privacy Policy does not apply to, and we are not responsible for the content, privacy policies or data practices of third parties that collect your data. We encourage you to review the privacy policies for those third parties to learn about their data practices.
This Privacy Policy is subject to occasional revision, and if we make any material changes in the way we use your Personal Data, we will notify you by sending you an email to the last email address you provided to us and/or by prominently posting notice of the changes on the Services and updating the effective date above.
If you have opted-in to our marketing communications (or when permitted by law, if you have provided us with your contact information), we may send you email messages, direct mail offers, push notifications or other communications regarding products or services depending on the method of communication selected. You may ask us not to do so when you access our websites or mobile applications, or change your preferences by updating any accounts you have with us. At any time, you may elect to discontinue receiving commercial messages from us by submitting an opt-out request to the contact information below, by following the unsubscribe instructions in the form of the communication you received, and/or clicking “unsubscribe from all emails” in the preference center that can be accessed here.
If you have any questions, comments, requests or concerns about Privacy Policy or other privacy-related matters, or to exercise your rights you may contact us in the following ways:
Multiple Myeloma Research Foundation (MMRF)
383 Main Avenue, 5th Floor, Norwalk, CT 06851
Phone: 203-229-0464
Fax: 203-972-1259
Email: Please use the Contact Us form found below
Web: https://themmrf.org/
