PRIVACY POLICY

Privacy Policy

Effective as of 11/21/2024.
  
State Privacy Rights: See the State Privacy Rights Notice below for important information about your rights under applicable state privacy laws.

The Leukemia and Lymphoma Society, Inc. and our subsidiaries and affiliates (“LLS,” “we”, “us” or “our”) is a 501(c)(3) organization dedicated to to curing blood cancers, and improving the quality of life of patients and their families.

This Privacy Policy describes how LLS processes personal information that we collect through our digital or online properties or services that link to this Privacy Policy (including as applicable, our website and social media pages) as well as our marketing activities, live events and other activities described in this Privacy Policy (collectively, the “Service”). LLS may provide additional or supplemental privacy policies to individuals for specific products or services that we offer at the time we collect personal information, such as our Consumer Health Data Privacy Policy. This Privacy Policy does not apply to information that we collect in the context of our clinical trials, or from our employees, contractors and job candidates or from our business contacts in a B2B context.

Index

• Personal information we collect
• Tracking Technologies
• How we use your personal information
• How we share your personal information
• Your choices
• Other sites and services 
• Security
• International data transfers
• Children’s privacy
• Changes to this Privacy Policy
• How to contact us
• State privacy rights notice

Personal information we collect

Information you provide to us. Personal information you may provide to us through the Service or otherwise includes:

• Contact data, such as your first and last name, salutation, email address, mailing address, phone number, and fax number.
• Demographic data, such as your city, state, country of residence, postal code, education information, employer and employment history, date of birth, and age.
• Protected class data, such as sexual orientation, veteran status, race, ethnicity, and gender. 
• Profile data, such as the username and password that you may set to establish an account on the Service, biographical details, photograph or picture, links to your profiles on social networks, interests, preferences, information about your participation in our surveys, and any other information that you add to your account profile.
• Health data, such as disease type, diagnosis, treatment, patient identification number, height, weight, medications, medication tracker and schedule, side effects, hydration tracker, and questions for doctor.
• Communications data based on our exchanges with you, including when you contact us through the Service, or communicate with us via email, social media, or otherwise. 
• Transactional and donation-related data, such as information relating to or needed to complete your donations to or orders through the Service, including transaction number and history, fundraising goals, matching gifts, and position on donation leaderboard. 
• Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
• User-provided content data, such as photos, images, videos, comments, questions, messages, grocery lists, meal planner, saved recipes, and other content or information that you generate, transmit, or otherwise make available on the Service, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes information that users can add or can have added to their content, such as keywords, geographical or location information, and other similar data. 
• Relationship data, such as familial or other relationship to third parties whose personal information you may provide to us.
• Financial data, such as your stated income.
• Payment data needed to complete transactions, including payment card information or bank account number. Any payment data you provide to make a purchase on the Service is collected and processed directly by our payment processors, as described in the “Payment processors” subsection below.
• Survey and registration data, including information you share when you complete a survey or register for an event, volunteering opportunity, or other mission, and your event, volunteering, or other mission history.
• Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Third-party sources. We may combine personal information we receive from you with personal information falling within one of the categories identified above that we obtain from other sources, such as:

• Public sources, such as government agencies, public records, social media platforms, and other publicly available sources.
• Data providers, such as information services and data licensors. 
• Partners, such marketing partners and event co-sponsors. 

Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications and other online services, such as:

• Device data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
• Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
• Communication interaction data such as your interactions with our email, text or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails. 

For more information concerning our automatic collection of data, please see the Tracking technologies section below.

Data about others. We may offer features that help users invite their friends or contacts to use the Service, or otherwise provide information about other individuals. For example, we may collect information about a patient’s referring provider or parent/guardian information if the patient is a minor. Please do not refer someone to us or share their personal information with us unless you have their permission to do so. 

Tracking Technologies

Cookies and other technologies. Some of the automatic collection described above is facilitated by the following technologies:

• Cookies, which are small text files that websites store on user devices and that allow web servers to record users’ web browsing activities and remember their submissions, preferences, and login status as they navigate a site. Cookies used on our sites include both “session cookies” that are deleted when a session ends, “persistent cookies” that remain longer, “first party” cookies that we place and “third party” cookies that our third-party business partners and service providers place. 
• Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked. 
• Chat technologies, such as those provided by Five9, that employ cookies and software code to operate the chat features that you can use to communicate with us through the Service. Five9 and other third parties may access and use information about webpages visited on our website, your IP address, your general geographic information (e.g., city, state), and other personal information you share through online chats for the purposes described in this Privacy Policy.

For information concerning your choices with respect to the use of tracking technologies, see the Your choices section, below.

How we use your personal information

We may use your personal information for the following purposes or as otherwise described at the time of collection:

Service delivery and operations. We may use your personal information to:

• provide the Service;
• enable security features of the Service;
• enable you to make donations and to process your donations;
• enable you to participate in activities, events, and offerings available through the Service;
• provide you with additional resources;
• facilitate your invitations to friends who you want to invite to join the Service;
• communicate with you about the Service, including by sending Service-related announcements, updates, security alerts, and support and administrative messages;
• communicate with you about events in which you participate; and
• provide support for the Service, and respond to your requests, questions and feedback.

Service personalization, which may include using your personal information to:

• understand your needs and interests;
• personalize your experience with the Service and our Service-related communications; and
• remember your selections and preferences as you navigate webpages.

Service improvement and analytics. We may use your personal information to analyze your usage of the Service, improve the Service, improve the rest of our business, help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails, and to develop new products and services. For example, we use Google Analytics for this purpose. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout?hl=en. 

Marketing and advertising. We, our service providers and our third-party advertising partners may collect and use your personal information for marketing and advertising purposes:

• Direct marketing. We may send you direct marketing communications and may personalize these messages based on your needs and interests. You may opt-out of our marketing communications as described in the Opt-out of marketing section below.  

• Interest-based advertising. We and our third-party advertising partners may use cookies and other technologies to collect information about your interaction (including the data described in the automatic data collection section above) with the Service, our communications and other online services over time, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. We may also share information about our users with these companies to facilitate interest-based advertising to those or similar users on other online platforms. 

Events. We may use your personal information to contact or market to you after collecting your personal information at or in connection with an event.

Compliance and protection. We may use your personal information to:

• comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities;
• protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); 
• audit our internal processes for compliance with legal and contractual requirements or our internal policies; 
• enforce the terms and conditions that govern the Service; and 
• prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.  

Data sharing in the context of corporate events. We may share certain personal information in the context of actual or prospective corporate events – for more information, see How we share your personal information, below.

To create aggregated, de-identified and/or anonymized data. We may create aggregated, de-identified and/or anonymized data from your personal information and other individuals whose personal information we collect. We make personal information into de-identified and/or anonymized data by removing information that makes the data identifiable to you and we will not attempt to reidentify any such data. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.  

Further uses. In some cases, we may use your personal information for further uses, in which case we will ask for your consent to use of your personal information for those further purposes if they are not compatible with the initial purpose for which information was collected.

How we share your personal information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy, in other applicable notices, or at the time of collection.  

Affiliates. Our corporate parent, subsidiaries, and affiliates.

Service providers. Third parties that provide services on our behalf or help us operate the Service or our business (such as information technology, customer support, online chat functionality providers, email delivery, marketing, consumer research and website analytics). 

Payment processors. Any payment card information you use to make a purchase on the Service is collected and processed directly by our payment processors, such as Stripe and Braintree. These parties may use your payment data in accordance with their privacy policies, https://stripe.com/privacy and https://www.braintreepayments.com/legal/braintree-privacy-policy. 

Advertising partners. Third-party advertising companies for the interest-based advertising purposes described above. 

Third parties designated by you. We may share your personal information with third parties where you have instructed us or provided your consent to do so. 

Partners. Third parties with whom we partner, including parties with whom we co-sponsor events, with whom we jointly offer products or services, or whose products or services may be of interest to you.

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the Compliance and protection purposes described above. 

Transferees. We may disclose personal information in the context of actual or prospective corporate transactions (e.g., investments in LLS, financing of LLS, or the sale, transfer or merger of all or part of our organization or assets), for example, we may need to share certain personal information with prospective counterparties and their advisers. We may also disclose your personal information to an acquirer, successor, or assignee of LLS as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which personal information is transferred to one or more third parties as one of our assets.

Other users and the public. Your user-generated content data (except for messages) may be visible to other users of the Service and the public. For example, other users of the Service or the public may have access to your information if you chose to make personal information available to them through the Service, such as when you provide comments, reviews, survey responses, or share other content. This information can be seen, collected and used by others, including being cached, copied, screen captured or stored elsewhere by others (e.g., search engines), and we are not responsible for any such use of this information.

Your choices 

In this section, we describe the rights and choices available to all users. Users who are located in certain states in the U.S. can find additional information about their rights below, in the “State privacy rights notice”.

Access or update your information. If you have registered for an account with us through the Service, you may review and update certain account information by logging into the account that you have created when signing up for the service. Additionally, requests to update information outside of the available portals can be submitted by contacting our standard support channels. 

Opt-out of communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails.  

Cookies and other technologies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. You can also configure your device to prevent images from loading to prevent web beacons from functioning.

Blocking images/clear gifs: Most browsers and devices allow you to configure your device to prevent images from loading. To do this, follow the instructions in your particular browser or device settings.

Advertising choices. You may be able to limit use of your information for interest-based advertising through the following settings/options/tools:

• Browser settings. Changing your internet web browser settings to block third-party cookies.

• Privacy browsers/plug-ins. Using privacy browsers and/or ad-blocking browser plug-ins that let you block tracking technologies. 

• Platform settings. Certain platforms offer opt-out features that let you opt-out of use of your information for interest-based advertising. For example, you may be able to exercise that option for Google and Facebook, respectively, at the following websites:
  • Google: https://adssettings.google.com/ 
  • Facebook: https://www.facebook.com/about/ads 

• Ad industry tools. Opting out of interest-based ads from companies that participate in the following industry opt-out programs: 
  • Network Advertising Initiative: http://www.networkadvertising.org/managing/opt_out.asp 
  • Digital Advertising Alliance: optout.aboutads.info.   

• Mobile settings. Using your mobile device settings to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.

You will need to apply these opt-out settings on each device and browser from which you wish to limit the use of your information for interest-based advertising purposes.  

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.

Other sites and services

The Service may contain links to websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

Security 

We employ technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your personal information. 

International data transfer

We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.  

Children’s privacy  

In certain limited instances, we may collect personal information about users who are under the age of 13 (each a “Child User”). We only collect personal information about Child Users from Child Users’ parent(s) or guardian(s). If you are a parent or guardian of a Child User and you believe we have collected a Child User’s personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Service from a Child User without the consent of the Child User’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

Changes to this Privacy Policy 

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acknowledging that the modified Privacy Policy applies to your interactions with the Service and our business.

How to contact us

• Email: supportservices@lls.org
• Mail: The Leukemia & Lymphoma Society, 3 International Drive, Suite 200, Rye Brook, NY 10573
• Phone: 888-557-7177

 
State privacy rights notice

Except as otherwise provided, this section applies to residents of Colorado and other states to the extent they have privacy laws in effect that are applicable to us that grant their residents the rights described below (such states, the “States”, and such laws, the “State Privacy Laws”). Depending on your state of residency and the types of Personal Information we have collected about you, you may have other rights under our Consumer Health Data Privacy Policy.

This section describes how we collect, use, and share Personal Information of residents of these States and the rights these users may have under such State Privacy Laws with respect to their Personal Information. Please note that not all rights listed below may be afforded to all users and that if you are not a resident of one of these States listed above, you may not be able to exercise these rights. In addition, we may not be able to process your request if you do not provide us with sufficient detail to allow us to either confirm your identity or understand and respond to your request.

For purposes of this section, the term “Personal Information” has the meaning given to “personal data”, “personal information” or other similar terms in State Privacy Laws, and “Sensitive Personal Information” has the meaning given to “sensitive personal information,” “sensitive data”, or other similar terms in the State Privacy Laws, except that in neither case does such term include information exempted from the scope of the State Privacy Laws. In some cases, we may provide a different privacy notice to certain categories of residents of these States, in which case that notice will apply instead of this section.

Your privacy rights. The State Privacy Laws may provide State residents with some or all of the rights listed below. However, these rights are not absolute and some State Privacy Laws do not provide these rights to their residents. Therefore, we may decline your request in certain cases as permitted by law. 

• Information. You may have the right to request the following information about how we have collected and used your Personal Information during the past 12 months:
  • The categories of Personal Information that we have collected.
  • The categories of Personal Information that we share with third parties.
  • The categories of third parties with which we share Personal Information.
• Access. You may have the right to request a copy of the Personal Information that we have collected about you. 
• Appeal. You may have the right to appeal our denial of any request validly submitted. 
• Correction. You may have the right to ask us to correct inaccurate Personal Information that we have collected about you.
• Deletion. You may have the right to ask us to delete certain Personal Information that we have collected from you, subject to certain exceptions.
• Opt-out.
  • Opt-out of certain processing for targeted advertising purposes. You may have the right to opt-out of certain processing of Personal Information for targeted advertising purposes. 
  • Opt-out of profiling. You may have the right to opt-out of profiling performed on Personal Information to evaluate, analyze, or predict personal aspects related to your economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. However, we do not engage in profiling in furtherance of decisions that produce legal or similarly significant effects concerning individuals.
  • Opt-out of other sales of personal data. You may have the right to opt-out of other sales of your Personal Information.

• Nondiscrimination. You may have the right to exercise the rights described above free from discrimination as prohibited by the State Privacy Laws.  

Exercising your right to information, access, appeal, correction, and deletion. You may submit requests to exercise your right to information, access, appeal, correction, or deletion at LLS Privacy Request form, calling us toll free at 1-888-557-7177, or via email to supportservices@lls.org.  

Exercising your right to opt-out of certain processing for targeted advertising purposes. While we do not sell personal information for money, like many companies, we use services that help deliver interest-based ads to you as described above. You can submit requests to opt-out of tracking for targeted advertising purposes or other sales of Personal Information: here, via email to supportservices@lls.org, or via phone by calling 1-888-557-7177.

Verification of Identity; Authorized agents. We may need to verify your identity in order to process your request to exercise your right to information, access, appeal, correction, or deletion and reserve the right to confirm your residency. To verify your identity, we may require government identification, a declaration under penalty of perjury, or other information, where permitted by law.  
Under some State Privacy Laws, you may enable an authorized agent to make a request on your behalf. However, we may need to verify your authorized agent’s identity and authority to act on your behalf. We may require a copy of a valid power of attorney given to your authorized agent pursuant to applicable law. If you have not provided your agent with such a power of attorney, we may ask you to take additional steps permitted by law to verify that your request is authorized, such as by providing your agent with written and signed permission to exercise your State Privacy Laws rights on your behalf, the information we request to verify your identity, and confirmation that you have given the authorized agent permission to submit the request. 

Personal information that we collect, use and disclose. We may disclose each of the categories of personal information to the following categories of third parties for a business/commercial purpose:  service providers, payment processors (except protected class data, health data, relationship data, and survey and registration data), advertising partners (except protected class data, health data, and survey and registration data), third parties designated by you, partners, professional advisors, authorities and others, transferees, and other users and the public (only certain user-generated content data).
We disclose the following categories of Personal Information with advertising partners: contact data, demographic data, marketing data, user-generated content data, relationship data, device data, online activity data, and communication interaction data.

Shine the Light law. Under California’s Shine the Light law (California Civil Code Section 1798.83), California residents may ask companies with whom they have formed a business relationship primarily for personal, family or household purposes to provide the names of third parties to which they have disclosed certain personal information (as defined under the Shine the Light law) during the preceding calendar year for their own direct marketing purposes, and the categories of personal information disclosed. You may send us requests for this information to supportservices@lls.org. In your request, you must include the statement “Shine the Light Request,” and provide your first and last name and mailing address and certify that you are a California resident. We reserve the right to require additional information to confirm your identity and California residency. Please note that we will not accept requests via telephone, mail, or facsimile, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information.

Consumer Health Data Privacy Policy 

Effective as of 11/21/2024.

The Leukemia and Lymphoma Society, Inc. and our subsidiaries and affiliates (“LLS,” “we”, “us” or “our”) is a 501(c)(3) organization dedicated to curing blood cancers, and improving the quality of life of patients and their families.

This Consumer Health Data Privacy Policy (“Consumer Health Data Privacy Policy”) applies to the extent US state consumer health data-specific privacy laws to which we are subject (e.g., the Washington My Health My Data Act) (“Consumer Health Data Privacy Laws”) apply to our processing of certain health status-related data, such as “consumer health data” as defined by such laws (“Consumer Health Data”). Consumer Health Data does not include “publicly available information” or “deidentified data”, as such terms or similar terms are defined by Consumer Health Data Privacy Laws. This Consumer Health Data Privacy Policy describes how LLS processes Consumer Health Data that we collect through our website, mobile applications, social media pages, marketing activities, live events, other activities, and other digital or online properties or services that link to this Consumer Health Data Privacy Policy (collectively, the “Service”). 

This Consumer Health Data Privacy Policy supplements our general Privacy Policy. In the event of a conflict between our Privacy Policy and this Consumer Health Data Privacy Policy, this Consumer Health Data Privacy Policy shall control only with respect Consumer Health Data and to the extent required by applicable Consumer Health Data Privacy Laws.

Consumer Health Data we collect

Consumer Health Data you may provide to us through the Service or otherwise includes the following, to the extent such data is linked or reasonably linkable to you and identifies your past, present or future physical or mental health status, such as the following. We will obtain your consent where required by applicable Consumer Health Data Privacy Laws.

• Contact data, such as your first and last name, salutation, email address, mailing address, phone number, and fax number.
• Demographic data, such as your city, state, country of residence, postal code, education information, employer and employment history, date of birth, and age.
• Protected class data, such as sexual orientation, veteran status, race, ethnicity, and gender. 
• Profile data, such as the username and password that you may set to establish an account on the Service, biographical details, photograph or picture, links to your profiles on social networks, interests, preferences, information about your participation in our surveys, and any other information that you add to your account profile.
• Health data, such as disease type, diagnosis, treatment, patient identification number, height, weight, medications, medication tracker and schedule, side effects, hydration tracker, and questions for doctor.
• Communications data based on our exchanges with you, including when you contact us through the Service, or communicate with us via email, social media, or otherwise. 
• Transactional and donation-related data, such as information relating to or needed to complete your donations to or orders through the Service, including transaction number and history, fundraising goals, matching gifts, and position on donation leaderboard. 
• Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
• User-provided content data, such as photos, images, videos, comments, questions, messages, grocery lists, meal planner, saved recipes, and other content or information that you generate, transmit, or otherwise make available on the Service, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes information that users can add or can have added to their content, such as keywords, geographical or location information, and other similar data. 
• Relationship data, such as familial or other relationship to third parties whose personal information you may provide to us.
• Financial data, such as your stated income.
• Payment data needed to complete transactions, including payment card information or bank account number. Any payment data you provide to make a purchase on the Service is collected and processed directly by our payment processors, as described in the “Payment processors” subsection below.
• Survey and registration data, including information you share when you complete a survey or register for an event, volunteering opportunity, or other mission, and your event, volunteering, or other mission history.
• Other data not specifically listed here that may be used to infer or derive health status-related data, which we will use as described in this Consumer Health Data Privacy Policy or as otherwise disclosed at the time of collection.

Consumer Health Data we collect automatically. When you use the Service, in order to provide the requested Service to you, we collect some data through certain technical tracking technologies that may be considered Consumer Health Data, to the extent such data is linked or reasonably linkable to you and identifies your past, present or future physical or mental health status. For example:

• Device data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
• Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
• Communication interaction data such as your interactions with our email, text or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails. 

Consumer Health Data we obtain from third-party sources. We also obtain the types of Consumer Health Data described above from third-party sources. These third-party sources may include, for example:

• Public sources. Public sources of Consumer Health Data, such as social media platforms and other publicly available sources.
• Private sources. Private sources of Consumer Health Data such as Consumer Health Data providers.
• Marketing partners. Partners with which we engage in joint marketing activities or co-sponsor events.

Sources of Consumer Health Data

As described in more detail above, we collect Consumer Health Data directly from you, from your interactions with the Service, and from third-party sources. 

How we use your Consumer Health Data

We use Consumer Health Data for purposes described in this Consumer Health Data Privacy Policy or as otherwise disclosed to you. We will obtain your consent where required by applicable Consumer Health Data Privacy Laws. For example, we use Consumer Health Data for the following purposes: 

Purpose of Use / How Data Is Used	Applicable Categories of Consumer Health Data
Service delivery and operations: providing the Service, enabling security features of the Service, establishing and maintaining your user profile on the Service, communicating with you about the Service, providing support for the Service and responding to your requests/questions/feedback.	Contact data, demographic data, protected class data, profile data, health data, communications data, transactional and donation-related data, marketing data, user-provided content data, relationship data, financial data, government-issued identification number data, payment data, survey and registration data, device data, online activity data, communication interaction data
Service personalization: understanding your needs and interests, personalizing your experience with the Service and our Service-related communications, remembering your selections and preferences as you navigate webpages.	Contact data, demographic data, protected class data, profile data, health data, communications data, transactional and donation-related data, marketing data, user-provided content data, relationship data, financial data, survey and registration data, device data, online activity data, communication interaction data
Research and development:  for research and development purposes, including to analyze and improve the Service and our business and to develop new products and services.	Contact data, demographic data, protected class data, profile data, health data, communications data, transactional and donation-related data, marketing data, user-provided content data, relationship data, financial data, survey and registration data, device data, online activity data, communication interaction data
Service improvement and analytics: analyzing your usage of the Service, improving the Service, improving the rest of our business, helping us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails, and developing new products and services.	Contact data, demographic data, protected class data, profile data, health data, communications data, transactional and donation-related data, marketing data, user-provided content data, relationship data, financial data, survey and registration data, device data, online activity data, communication interaction data
Direct marketing: communicating with you about new services, upcoming events, and other information.	Contact data, demographic data, protected class data, profile data, health data, communications data, transactional and donation-related data, marketing data, user-provided content data, relationship data, survey and registration data, device data, online activity data, communication interaction data
Events:  to contact or market to you after collecting your personal information at an event.	Contact data, demographic data, protected class data, profile data, health data, communications data, transactional and donation-related data, marketing data, user-provided content data, relationship data, financial data, survey and registration data, device data, online activity data, communication interaction data
Compliance and protection: complying with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities; protecting our, your or others’ rights, privacy, safety or property; auditing our internal processes for compliance with legal and contractual requirements or our internal policies; enforcing the terms and conditions that govern the Service; preventing, identifying, investigating and deterring fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft	Contact data, demographic data, protected class data, profile data, health data, communications data, transactional and donation-related data, marketing data, user-provided content data, relationship data, financial data, government-issued identification number data, payment data, survey and registration data, device data, online activity data, communication interaction data
To create aggregated, de-identified and/or anonymized data. We may create aggregated, de-identified and/or anonymized data from your personal information and other individuals whose personal information we collect. We make personal information into de-identified and/or anonymized data by removing information that makes the data identifiable to you. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.	Contact data, demographic data, protected class data, profile data, health data, communications data, transactional and donation-related data, marketing data, user-provided content data, relationship data, financial data, government-issued identification number data, payment data, survey and registration data, device data, online activity data, communication interaction data

How we share your Consumer Health Data

We may “share” (as the applicable Consumer Health Data Privacy Law may define that term) Consumer Health Data with your consent or as we determine necessary to complete your transactions, provide the Service to you, or as otherwise permitted or required by law. We will obtain your consent where required by applicable Consumer Health Data Privacy Laws. For example, we may share your Consumer Health Data with: 
 

Category of Third Party	Applicable Categories of Consumer Health Data
Payment processors. Our payment processors, such as Stripe and Braintree. These parties may use your payment data in accordance with their privacy policies, https://stripe.com/privacy and https://www.braintreepayments.com/legal/braintree-privacy-policy.	Contact data, transactional and donation-related data, payment data, device data, online activity data
Third parties designated by you. We may share your Consumer Health Data with third parties where you have instructed us or provided your consent to do so.	Contact data, demographic data, protected class data, profile data, health data, communications data, transactional and donation-related data, marketing data, user-provided content data, relationship data, financial data, survey and registration data, device data, online activity data, communication interaction data
Partners. Third parties with whom we partner, including parties with whom we co-sponsor events, with whom we jointly offer products or services, or whose products or services may be of interest to you.	Contact data, demographic data, protected class data, profile data, health data, communications data, transactional and donation-related data, marketing data, user-generated content data, relationship data, financial data, survey and registration data, device data, online activity data, communication interaction data
Legal and law enforcement. We will access, share, and preserve Consumer Health Data when we believe that doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies. We will also share Consumer Health Data if we believe it is necessary to protect our customers and/or the rights or property of ourselves or others.	Contact data, demographic data, protected class data, profile data, health data, communications data, transactional and donation-related data, marketing data, user-generated content data, relationship data, financial data, survey and registration data, device data, online activity data, communication interaction data
Other users and the public. Certain of your Consumer Health Data may be visible to other users of the Service and the public.	User-generated content data (except for messages), constituent stories or journeys

Your Consumer Health Data choices 

You may have certain rights to your Consumer Health Data under applicable Consumer Health Data Privacy Laws. Any of the rights discussed below may be subject to certain limitations (for example, a monetary charge).  

Withdraw consent. To the extent we rely upon your consent for either our collection or sharing of your Consumer Health Data, you have the right to withdraw such consent from any future collection or sharing. 

Access and confirm. You have the right to ask us to confirm whether we have collected, shared or sold your Consumer Health Data. Further, you have the right to access (in other words, request a copy of) the Consumer Health Data that we have collected, shared or sold. You also have a right to access a list of all “third parties” (as applicable law may define that term) and affiliates with whom we have shared or sold your Consumer Health Data and receive certain corresponding information.

Correction. You have the right to ask us to correct inaccuracies in your Consumer Health Data.

Deletion. You have the right to ask us to delete your Consumer Health Data. 

Appeal. You have the right to appeal our denying a right you have attempted to exercise. We will provide details on how to appeal our denial in connection with such action. 
If a Consumer Health Data Privacy Law applies to you and your Consumer Health Data and you wish to exercise your rights above, please email us at supportservices@lls.org. We may need to verify your identity in order to process your request. To confirm your identity, we may ask you to verify personal information we already have on file for you. If we cannot verify your identity based on the information we have on file, we may request additional information from you (such as government identification), which we will only use to verify your identity, and for security or fraud-prevention purposes. 

Declining to provide information. We need to collect or process Consumer Health Data to provide certain services, including the Service, to you. If you do not provide the information we identify as required or mandatory or if you request that any required Consumer Health Data be deleted or withdraw your consent for future collection or sharing of any required Consumer Health Data, we may not be able to provide those services to you.

Changes to this Consumer Health Data Privacy Policy 

We reserve the right to modify this Consumer Health Data Privacy Policy at any time. If we make material changes to this Consumer Health Data Privacy Policy, we will notify you by updating the date of this Consumer Health Data Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Consumer Health Data Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Consumer Health Data Privacy Policy indicates your acknowledging that the modified Consumer Health Data Privacy Policy applies to your interactions with the Service and our business.

How to contact us

• Email: supportservices@lls.org