EEA Privacy Policy

This EEA Privacy Policy (“Policy”) describes how Multiple Myeloma Research Foundation, Inc. and its subsidiaries and affiliates (“we” or “MMRF”) collect, use and share the Personal Data that we gather from users in the European Economic Area and the United Kingdom through MMRF websites, mobile apps, and other digital properties (collectively, our “Services”). It also describes the Personal Data that we gather about our financial donors in the European Economic Area, and the United Kingdom through the Services, at an event, over the phone, or by receiving a check.

If you have any questions about the Privacy Policy or our data practices, please contact us using the options in the Contact Us section below.

Data We Collect

When we use the term “Personal Data,” we mean any information relating to an identified or identifiable individual.

Where applicable, we indicate whether and why you must provide us with your Personal Data, as well as the consequences of failing to do so. If you do not provide Personal Data when requested, you may not be able to benefit from MMRF’s Services if that information is necessary to provide you access to Services or if we are legally required to collect it. We obtain Personal Data relating to you from various sources described below.

Information You Provide

We collect the following categories of Personal Data that you provide and process it for the following purposes based on the following legal bases, for example when you enter the data into form fields on our Services.

Category of Personal Data Purposes of Processing (see also Additional Uses of Personal Data below) Legal Bases for Processing
Contact Information

name (individual and/or organization/company), physical address, telephone number, email address, social media (such as Twitter, Facebook, and Instagram accounts) and other electronic contact information

To create, administer your account and the Services, authenticate you as a user, and communicate with you

To help you find a research study as a research subject

To notify you of events that may be of interest to you and to provide you with event resources

To process transactions requested by you and meet our contractual obligations

Legitimate interests

Your consent, when applicable

Demographic Information

including your age, occupation/employer information, donation information/history, educational history and participation at MMRF events, your connection to myeloma

To notify you of events that may be of interest to you, to target and deliver relevant offers and ads, to support our operations, and to improve our Services

To register you for professional education

Legitimate interests

Your consent, when applicable

Payment Information

including credit card number (and expiration date), billing information (such as individual/company name, physical address, telephone number)

To process donations and investments that you make online. To improve our donations and investment operations, to personalize your customer experience and to contribute to our marketing efforts, for example, by analyzing information about what products are viewed, when you browse items but do not make an investment To process transactions requested by you and meet our contractual obligations

Legitimate interests

Compliance with legal obligations

Your consent, when applicable

Your Health Status

including your interest in participation in studies related to multiple myeloma, your multiple myeloma medical concerns, and any health information you choose to provide us

To help you identify research studies that may be of interest to you

To help identify treatments and resources that may be able to assist you

To connect you with advice from nurses

To help you identify treatment centers

Your explicit consent, when applicable
Investment Interests

including your interest in investing in potential treatments

To identify your interests in investing in research carried out by MMRF Legitimate interests
Financial Donor-Related Information

including contact information, payment information and other information such as: occupation/employer information, donation information/history, participation at MMRF events, and any other information provided by the donor to MMRF, such as public comments or posts made through the Services

To establish a relationship and communicate with you, process contributions that you make; comply with all laws and regulations, including reporting requirements; conduct fundraising solicitations To process transactions requested by you

Compliance with legal obligations

Legitimate interests

Your consent, when applicable


As is true of most digital Services, we gather certain data automatically when you use our Services. This data may include browser, device, cookie and similar data that we collect as indicated below. For more information about our use of cookies please see our separate Cookie Policy.


Information We Collect When You Use Our Services Purposes of Processing (see also Additional Uses of Personal Data below) Legal Bases for Processing
Log Files

including IP addresses, information about your mobile device, number of clicks and how you interact with links on our Services, domain names, landing pages, pages viewed, browser type, internet service provider, referring/exit pages and URLs, operating system, date/time stamp and/or clickstream data, and other such information.

To maintain the security of our Services, for fraud detection, and to protect our rights

To administer webinars and events

Legitimate interests
Analytics We use analytics services, such as Google Tag Manager, to collect and process certain analytics data. These services may also collect information about your use of other websites, apps, and online resources. You can learn more about Google’s practices by visiting To help us understand how you use our Services and to help us improve it, we automatically receive information about your interactions with our Services, like the pages or other content you view, the searches you conduct, transactions you make, any content you post, and the dates and times of your visits. Legitimate interests

Your consent, when applicable

Location Information

including latitude, longitude, date and time (the precision of this data varies greatly and is determined by factors controlled by your device or mobile service provider)

To offer you certain location-based services, such as delivering advertisements that are relevant to your particular location, and to conduct analytics to improve the Services Legitimate interests

Your consent, when applicable


Additional Purposes of Processing Personal Data

In addition to the uses described above, we may use your Personal Data for the following purposes, which may under certain circumstances be based on your consent or on legal obligation, may be necessary to fulfill our contractual commitments to you, and are necessary to serve our legitimate interest in the following business operations:

  • Operating our business, administering the Services and managing your accounts;
  • Contacting you to respond to your requests or inquiries;
  • Processing and completing your transactions;
  • Inviting you to participate in surveys and analyzing your contribution;
  • Providing you with newsletters, articles, product or service alerts or announcements, event invitations, and other information that we believe may be of interest to you;
  • Preventing, investigating, or providing notice of fraud, unlawful or criminal activity, or unauthorized access to or use of Personal Data, our website or data systems, or to meet legal obligations;
  • Enforcing our Terms of Use and other agreements; and,
  • Sending you text messages or push notifications when you sign up for one of our messaging programs, such as through a research study. These messages may be sent by automated means. You may opt out of a text message program by contacting us as indicated in the “Contact Us” section below.
  • As may be required by applicable laws and regulations, and to establish, exercise and defend legal rights.

When we rely on legitimate interests in using and sharing your Personal Data, these interests include:

  • improving and customizing the Services for you;
  • understanding how the Services are being used;
  • obtaining insights into usage patterns of the Services;
  • exploring ways to develop and grow research and education at the MMRF;
  • ensuring the safety and security of the Services; and
  • enhancing protection against fraud, spam, harassment, intellectual property infringement, crime and security risks.

Information We Obtain From Third Parties

Information From Third Party Services. If you choose to link our services to a third-party account, such as Facebook, Twitter, or Google, we may receive information about you, including your profile information and your photo, and your use of the third-party account. If you wish to limit the information available to us, you should visit the privacy settings of your third-party accounts to learn about your options.

Background Checks. We work with third-party partners to perform background checks on job applicants when permitted under local laws and receive publicly available information.

Research Studies.  We receive Personal Data from investigative sites, CROs and other parties that participate in research studies. When you enroll in a research study that we sponsor or conduct, you will typically be provided with a consent form that contains notice provisions regarding the uses of your personal data. Please refer to the consent form that you sign when enrolling in one of our research studies to understand how your personal data collected in the study are processed.

Business Partners and Service Providers.  We use business partners and service providers, such as payment processors and analytics providers, to perform services on our behalf.  Some of these partners have access to Personal Data about you that we may not otherwise have (for example, when you sign up directly with that provider) and may share some or all this data with us. We use this data to administer the Services and conduct marketing and advertising campaigns as well as to process transactions that you request.

Supplemental Information.  We may receive additional Personal Data from third-party sources, such as credit reference agencies and public databases, which we may append to existing consumer data, such as email address verification. We may use this supplemental information to process transactions that you request and to prevent fraud, deliver relevant offers and advertising to you and to improve our operations, Services and our advertising and marketing campaigns.

Data Retention

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy (for example, if you have an account, for as long as your account is active; we retain financial donor-related information for 10 years), unless a longer period is required under applicable law. When determining the retention period, we take into account various criteria, such as the type of services provided to you, the nature and length of our relationship with you, possible re-enrolment with our services, the impact on the services we provide to you if we delete some information from or about you, and mandatory retention periods provided by law and the statute of limitations

How We Share and Disclose Personal Data

We share your Personal Data with third parties only in the ways described in the Privacy Policy, when permitted by the applicable law:

  • Affiliates. We may share any information we receive with our subsidiaries and affiliates for any of the purposes described in this Privacy Policy.
  • Vendors and Service Providers. We may share any information we receive with contractors, vendors, service providers and other third parties we use to support our Services.
  • Ad Partners. We work with our third-party Ad Partners in order to deliver relevant advertising.
  • Analytics Partners. We work with third party analytics services, such as Google Tag Manager.
  • Merger, Sale, or Other Asset Transfer. We may share your Personal Data to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another organization, or we sell, liquidate, or transfer all or a portion of our assets.
  • As Required By Law and Similar Disclosures. We may also access, preserve, and disclose your Personal Data if we believe doing so is required or appropriate to: (a) comply with any court order, law or legal process, including to respond to any government or regulatory request; (b) respond to your requests; or (c) protect your, our or others’ rights, property, or safety. For the avoidance of doubt, the disclosure of your information may occur if you post any objectionable content on or through our Services.
  • We may also disclose your information with your permission.

International Data Transfers

MMRF may transfer your Personal Data within our family of companies and/or to the third parties discussed above. Your Personal Data may be transferred to, stored, and processed in a country other than the one in which it was collected. We may transfer your Personal Data outside the European Economic Area and the UK and when we do so, we rely on appropriate or suitable safeguards recognized under data protection laws. We may also transfer your Personal Data to countries for which adequacy decisions have been issued. You may contact us as specified below to obtain a copy of the safeguards we use to transfer Personal Data outside of the European Economic Area and the UK.

Additional Policies

Certain websites, mobile applications or other digital properties included in the Services may contain additional disclosures related to your privacy. For example, if you choose to submit a testimonial through one of our websites, the content of your submission will be used according to the terms set out on the submission webpage as well as in the ways described in the Privacy Policy.

Children’s Privacy

We are committed to protecting the privacy of children. Our Services are not directed to, and we do not intend to or knowingly collect or solicit Personal Data online from children under the age of 18. If you are under the age of 18, do not provide us with any Personal Data.

Your Rights

You have the following rights with regard to your Personal Data:

  • Request access to and receive information about the Personal Data we maintain about you, update and correct inaccuracies in your Personal Data, restrict or object to the processing of your Personal Data, have the information anonymized or deleted, as appropriate, or exercise your right to data portability to easily transfer your Personal Data to another organization.
  • Withdraw any consent you previously provided to us regarding the processing of your Personal Data, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.
  • In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.

You may exercise these rights by contacting us as indicated at the bottom of this Privacy Policy.

Links to Third Party Sites

The Services may include links to websites and digital services operated by third parties. This Privacy Policy does not apply to, and we are not responsible for the content, privacy policies or data practices of third parties that collect your data. We encourage you to review the privacy policies for those third parties to learn about their data practices.

Updates to the Privacy Policy

This Privacy Policy is subject to occasional revision, and if we make any material changes in the way we use your Personal Data, we will notify you by sending you an email to the last email address you provided to us and/or by prominently posting notice of the changes on the Services and updating the effective date above.

Managing Communication Preferences

If you have opted-in to our marketing communications (or when permitted by law, if you have provided us with your contact information), we may send you email messages, direct mail offers, push notifications or other communications regarding products or services depending on the method of communication selected.  You may ask us not to do so when you access our websites or mobile applications, or change your preferences by updating any accounts you have with us. At any time, you may elect to discontinue receiving commercial messages from us by submitting an opt-out request to the contact information below, by following the unsubscribe instructions in the form of the communication you received, and/or clicking “unsubscribe from all emails” in the preference center that can be accessed here.

Contact Us

If you have any questions, comments, requests or concerns about Privacy Policy or other privacy-related matters, or to exercise your rights you may contact us in the following ways:

Multiple Myeloma Research Foundation (MMRF)
383 Main Avenue, 5th Floor, Norwalk, CT 06851
Phone: 203-229-0464
Fax: 203-972-1259
Email: Please use the Contact Us form found below