CHDI
Privacy Policy
Introduction and scope
This Privacy Policy applies to your use of www.chdifoundation.org, all of its sub-domains and all associated services including, but not limited to, email received from chdifoundation.org (where you sign up to a mailing service), and use of any of our computer systems, databases or networks connected to chdifoundation.org and all of its sub-domains (collectively, the “Website“). The Website is being made available for your use by CHDI Foundation, Inc. (“CHDI”, “we”, “our” and “us”) for purposes related to conducting research on and developing therapeutics for Huntington’s disease.
If you do not agree with this Privacy Policy, please do not access, browse or otherwise use the Website. If you access, browse or otherwise use the Website, you acknowledge the information in this Privacy Policy. If you have questions about this Privacy Policy, please contact us as set out in the ‘Contact Us’ section below.
CHDI as controller
If you are a Website user in the European Economic Area (“EEA“), the United Kingdom or Switzerland, CHDI, of 350 Seventh Ave, Suite 200, New York, NY, USA 10001, is the controller of the information we collect about you (“Personal Data“). CHDI has appointed a Data Protection Officer who can be contacted as set out in the ‘Contact Us’ section below.
We are committed to protecting the privacy and security of your Personal Data collected through your use of the Website, and this Privacy Policy explains how we process your Personal Data. We are required to give you this information, including informing you about your data protection rights under the General Data Protection Regulation (EU) 2016/679 (“GDPR“).
How we collect Personal Data
Directly from you
We obtain Personal Data when you provide it to us directly, for example when you enquire about our activities, sign up to our mailing list, send or receive an email, ask us a question, sign up for an event (e.g. conference), or otherwise provide us with Personal Data.
When you use the Website
When you use the Website we automatically collect certain Personal Data, such as the browser type and version, access time, pages viewed and IP address, which is the location of computers or networks on the Internet. For detailed information about our use of cookies and other technologies that are used to collect Personal Data, please see the Website Cookie Policy.
When you use social media
When you follow and interact with us on social media platforms, such as LinkedIn, we may obtain Personal Data, for example when you tag us in photos, follow our pages or comment on our posts. The Personal Data we receive depends upon the privacy settings and preferences you have in place for the relevant social media platforms. If you follow us and interact with us on social media, we encourage you to read the privacy policy of the relevant platform.
What Personal Data do we collect?
| Category of Personal Data | Details |
|
Website data: If you sign up to one or more of our mailing lists, sign up for an event (e.g. conference), or contact us via the Website contact form or via email, we may collect some or all of the following Personal Data from you. |
Name; title; postal address; country you work/reside in; email address; telephone number; IP address; name and address of the company or research institution where you are employed or otherwise affiliated. |
We will maintain a record of any information and/or research-related resources you have requested as well as those we provide to you (transaction information). Additionally, we may aggregate Personal Data in a way that does not personally identify you or any other user of the Website in order to analyze traffic to improve user experience and website security.
We will never ask for, and we request that you do not provide, any health information through the Website.
If you have questions about what categories of Personal Data we collect, please address your questions to .
For what purpose and legal basis do we use your Personal Data
In general, we will process your Personal Data on the legal basis provided in the table.
| Legal basis for using your Personal Data | Nature of processing and purposes |
|
Legitimate interest |
To add you to one or more of our mailing lists; To communicate with you about Huntington’s disease, CHDI’s activities (including its research (e.g., Enroll-HD), ethos and mission) and upcoming events (e.g., conferences); To provide you with information about research-related resources such as study data and biosamples; To provide you with information on sources of research funding; To better understand how the Website is used in order to improve it, including monitoring traffic and learning more about who uses it; To tailor communications to you and, if you consent to direct marketing, to tailor it; To monitor for and prevent cyber-security issues (e.g., security breaches and attacks) and unauthorized use of our information, IT systems and/or equipment; and To carry out any other activities necessary to the running of CHDI, including system testing, network monitoring, staff training, and quality control. |
|
Compliance with a legal obligation |
To process your Personal Data where it is necessary to comply with legal obligations to which CHDI is subject under law (including European Union laws), such as an information security, employment, or consumer transaction law, if required under relevant tax law and/or if required pursuant to a court order, etc. |
If you have questions about the purposes for which we use your Personal Data, please address your questions to .
Sharing your personal data
Except where otherwise expressly noted or contemplated in this Privacy Policy, we do not make your Personal Data available to anyone other than our personnel, website administrators, service providers and agents who carry out certain functions on our behalf, such as managing scientific activities, providing the information and research-related resources that you have requested, website hosting, and data processing (each, a “Recipient“).
The table below sets out in greater detail the Recipients with whom we may share your Personal Data.
| Recipient | Description |
|
CHDI |
Affiliates and/or internal departments and services (such as the IT department or other related personnel). |
|
Third party service providers |
Service providers such as those: managing scientific activities on our behalf; providing the information and research-related resources that you have requested; providing IT and technical support services (e.g., Webspirit Systems, Google, Amazon Web Services, Mailchimp). |
|
Other Recipients |
Other Recipients such as: Educational institutions or research facilities; any administrative or tax authority, regulatory agency, body with enforcement powers, stock exchange regulator or any court where CHDI is required to do so by applicable law or regulations or at their request; any statutory or judicially authorized body; external advisors (e.g., law firms, accountants, consultants or auditors); and in the event of a sale, amalgamation, re-organization, transfer, or financing of some or all of our operations, Personal Data may be disclosed to an acquiring organization, either as part of due diligence or on completion of the transaction. If Personal Data is disclosed in this context, we will require the acquiring organization to comply with this Privacy Policy in its use and handling of such Personal Data. |
If you have questions about with whom your Personal Data is shared, please address your questions to .
International transfers of Personal Data
The disclosure of your Personal Data to some of our personnel, website administrators, service providers and agents, as set out in the ‘Sharing Your Personal Data’ section above, may involve the transfer of your Personal Data to the United States, Canada, the United Kingdom and other countries outside of the EEA which may not be subject to data protection laws and practices implemented to protect your Personal Data which are equivalent to the laws and practices in the EEA.
Any transfer of Personal Data collected in the EEA or Switzerland to any third country outside of the EEA shall be subject to: (a) appropriate safeguards of a contractual, technical and/or organizational nature and (b) an appropriate transfer mechanism, such as: (i) an adequacy decision of the European Commission (e.g., for transfers to Canada, Switzerland or the United Kingdom); (ii) Module 2 (controller-to-processor) and/or Module 3 (processor-to-processor) of the European Commission’s standard contractual clauses; or (iii) for ad hoc transfers, your explicit consent (or other derogation under Article 49 of the GDPR).
How long do we store your Personal Data
We retain Personal Data only for so long as necessary to fulfill the purposes for which it was collected, including as described in this Privacy Policy, or as required by law. If you ask us to delete specific Personal Data, we will honor this request unless deleting that information prevents us from carrying out necessary business functions such as performing a contract you have entered into with CHDI. When assessing retention periods, we first carefully examine whether it is necessary to retain the Personal Data collected and, if retention is required, work to retain the Personal Data for the shortest possible period permissible under law.
Third party websites and links
The Website may have links to other websites that we do not control. You should know that we have no control over the content, privacy policies or security of any of these websites you elect to visit or interact with. Furthermore, we are not responsible for the content, privacy policies or security of any of these websites you elect to visit or interact with, and you should check those policies on such websites.
Anti-spam
If you believe you have received unwanted, unsolicited email from us sent via the Website or purporting to be sent via the Website, please forward a copy of that email to .
Your data protection rights
You have rights in relation to your Personal Data. The table below sets out the rights at your disposal to address any concerns or submit queries to us about our processing of your Personal Data. Please note that these rights are not absolute and may only apply in certain circumstances.
| Right | Further Information |
|
Right of access |
You have the right to access the Personal Data we process about you. If you exercise this right, you will receive confirmation about whether we process your Personal Data and, if so, a copy/copies of your Personal Data. |
|
Right to object |
You have a right to object at any time to the processing of your Personal Data where we process it on the legal basis of pursuing our legitimate interests. |
|
Right to rectification |
You have the right to request that we amend any inaccurate Personal Data that we have about you. |
|
Right to erasure/ withdraw consent |
You have a right to request, in certain circumstances, the deletion of your Personal Data; for example, if you exercise the right to object and we do not have an overriding reason to continue processing your Personal Data or if we no longer need to process your Personal Data. The withdrawal of your consent to the use of your Personal Data does not affect any past use of your Personal Data based on your consent before its withdrawal. |
|
Right to restriction of processing |
You have the right, in certain circumstances, to restrict our processing of your Personal Data; for example, if you contest the accuracy of the Personal Data we hold about you or you object to us processing your Personal Data. |
|
Right to data portability |
You may request us to provide you with your Personal Data that you have given us in a structured, commonly used, and machine-readable format. |
You may exercise these rights by contacting us at .
If you believe we are processing your Personal Data in an unlawful way you may contact us as set out in the ‘Contact Us’ section below. You have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or in the place where an alleged infringement occurred. The relevant supervisory authority in Ireland is the Data Protection Commission. For further information see www.dataprotection.ie.
Contact us
If you have any questions about this privacy policy or our Personal Data practices, you may contact us at .
If you would like to contact CHDI’s Data Protection Officer, please address questions, comments and requests to .
Controlling language
This Privacy Policy has been prepared using the English language. In the event that the terms of any translated version conflict with the terms of this English version, the terms of the English version of this Privacy Policy will control in all instances.
Modifying this Privacy Policy
We reserve the right to modify this Privacy Policy at any time by posting such change on this page. We encourage you to refer back to this page and review this Privacy Policy often for the latest information and the effective date of any modifications. If we decide to change this Privacy Policy, we will post a new policy on the Website and change the revision number and effective date at the bottom. Changes to this Privacy Policy will not apply retroactively. Your continued use of the Website after any such modifications constitutes your acknowledgement of, and agreement with, the Privacy Policy, as modified.
Revision History
| Revision No. | Revision Date | Policy |
|
1 |
September 1, 2009 |
|
|
2 |
March 12, 2015 |
|
|
3 |
November 1, 2015 |
|
|
4 |
June 1, 2024 |
Current Privacy Policy |
www.chdifoundation.org – Privacy Policy
Revision No. 004 (Effective June 1, 2024)