KNOW Rare Privacy Policy
(Last updated: November 1, 2021)
This Privacy Notice (“Notice”) is provided by Know Healthtech Inc. and its affiliates and subsidiaries, referred to in this Notice as “Know Healthtech,” “we,” “us” or “our.” This Notice is to advise persons who visit our website or subscribe to receive our services (“you”) about personal data that we collect, including what personal data we collect, and how we collect and use such personal data. Residents of the State of California may find supplemental privacy information in our California Consumer Privacy Act Notice.
In this Privacy Notice, you’ll learn about the following:
The Types of Personal Data We Process
Why We Process Your Personal Data
How We Share Your Personal Data
Cookies and Other Tracking Technologies
THE TYPES OF PERSONAL DATA WE PROCESS
The types of personal data we collect, access, disclose, store, use, or otherwise process (“process”) include:
Identifiers and contact information, such as real name, aliases, address, email address, phone number and other similar identifiers, and contact information.
Health and medical information, such as diseases, symptoms, complications, therapies, medications, outcomes, barriers to access, and insurance information.
Mental and physical characteristics, such as level of fatigue, weight, and slurred speech.
Account information, such as username and password.
Demographic information, such as age, date of birth, and gender.
Inferences, such as notes about preferences, predispositions, behavior, attitudes, and aptitudes.
Internet or other electronic network activity information, such as IP address, country or geographic region location, browser type, device type, operating system, dates and times you access our services, browsing history, search history, and other information about your interactions with our online services. We collect such information through cookies and other tracking technologies. Please see our “Cookies and Other Tracking Technologies” section below.
In addition to the above, we will collect any other information that you provide to us, such as stories about a doctor’s visit, questions related to our website, and the information provided on it. This information is collectively referred to as your “Personal Data.”
HOW WE COLLECT PERSONAL DATA
We collect Personal Data in a variety of ways, including:
Directly from you, such as through an online webform, when you apply for a clinical study, when you subscribe for updates from our site, and when you contact us or request information from us.
Automatically, such as through cookies or other technologies that provide us with information about your use of our website.
WHY WE PROCESS YOUR PERSONAL DATA
We process Personal Data for the business and commercial purposes described in the bullet points below. The laws of certain jurisdictions require that we have a “legal basis” for our processing of Personal Data; where those law apply, we have identified our legal bases in the first-line bullet points, but those legal bases do not act as limitations for any other jurisdictions.
As necessary for our legitimate interests in:
Operating and overseeing our business, enabling ethical and compliant business operations, conducting audits and investigations, managing your accounts, providing our services, improving and developing new services, researching market trends, monitoring our efforts, analyzing our website and program effectiveness and otherwise administering our business (e.g., expediting access of people with rare disease to clinical researchers and research studies). For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, health and medical information, mental and physical characteristics, and demographic information.
Communicating with you, for example, responding to your inquiries (including unsolicited requests for information about our clinical trials information), providing you with information we think may interest you, contacting you for your input, and maintaining records of our interactions with you. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information.
Promoting our business and research, for example, carrying out marketing activities, measuring the effectiveness of our promotional campaigns, and targeting advertisements on third-party services. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information and internet or other electronic network activity information.
Personalizing our interactions with you, for example, understanding your interests and adapting our services to your needs and preferences. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, inferences, demographic information, and internet or other electronic network activity information.
Protecting rights and interests, for example, protecting the health, safety, and security of Know Healthtech and its employees, persons who visit our website or subscribe to receive our services, patients, caregivers, health care providers, and the general public; enforcing our legal rights; and pursuing remedies or otherwise taking steps to limit damages and liabilities. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information to investigate violations of our contracts or health and medical information in the event of an emergency.
Identifying potential talent, for example, reviewing information to identify candidates for our talent pipeline via online or public sources. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, including professional or employment-related information and education information, and demographic information.
Pursuant to a contract, for example, negotiating contracts in advance of entering into one and honoring our contractual commitments, such as:
Engaging you to provide services on our behalf or as a business partner, for example, engaging with service providers that provide market research services or working with research collaborators. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information.
Providing patient support services, for example, supporting you, assisting you with claims and authorizations, and connecting you with other resources or organizations. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, health and medical information, and mental and physical characteristics.
Providing grants, sponsorships, and other opportunities, for example, offering our access to medicine programs and sponsoring and participating in research, events, and conferences. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, health and medical information, mental and physical characteristics, and demographic information.
With your consent, or if you are a Minor (defined in the “Privacy Statement for Minors” section below), with your or your parent’s or legal guardian’s consent, in order to:
Send promotional materials, for example, if you are a patient who enrolls in one of our patient support programs and you have consented to promotional communications. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, demographic information and identifiers.
Evaluate job candidates, for example, reviewing your job applications, talking to references, and reviewing information to identify candidates for our talent pipeline. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information and demographic information, as well as professional or employment-related information and education information.
Share your story with others, for example, when we share patient stories to help our employees and others better understand our patients and their journeys. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, as well as audio and visual information.
Collect information from or about you, for example, when we are legally required to obtain your consent before collecting certain Personal Data (e.g., sensitive information, such as health and medical information and mental and physical characteristics) about you.
As required by law, for example, by:
Monitoring adverse events and product complaints, for example, providing infrastructure to intake adverse event reports and complaints, maintaining records of such events and complaints, appropriately responding to reports and complaints, and providing appropriate information to regulators. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, health and medical information, and mental and physical characteristics.
Complying with transparency requirements, for example, monitoring payments and other transfers of value. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information.
Monitoring fraud and abuse, for example, investigating potential claims of fraud and abuse. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information.
Responding to legal process, for example, complying with legal requests from administrative or judicial authorities and complying with subpoenas. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information.
Due to the nature of our business, Know Healthtech is subject to a number of legal requirements. As a result, we may be required to process Personal Data, including sensitive Personal Data (for example, health and medical information and mental and physical characteristics), in order to meet these obligations. We will process your Personal Data in accordance with our legal obligations and in a way that protects your privacy to the extent possible, for example, pseudonymizing information, while still complying with our legal obligations.
HOW WE SHARE YOUR PERSONAL DATA
We may share your Personal Data in the following ways:
With vendors and service providers who work on our behalf to provide certain services, for example, entities that provide us with research services, data storage, data analysis and processing, distribution, patient support, IT and data security, and legal services. When we share Personal Data with vendors and service providers, we endeavor to require that they keep your Personal Data confidential and secure and process it for limited and specified purposes.
To our affiliates and subsidiaries, for example, current and future companies within the Know Healthtech family of companies.
With business partners, for example, researchers with whom we collaborate, companies with whom we co-develop a therapy, or companies with whom we co-promote a product.
In connection with a business transfer, for example, as part of a sale, assignment, or transfer of a Know Healthtech business or asset group, or acquisition of or merger with another entity. We may also share your Personal Data in contemplation of such transactions, such as during due diligence.
In response to requests from government or law enforcement agencies or where required or permitted by applicable laws, court orders, or government regulations, for example, in response to a subpoena or regulatory inquiry.
To protect rights and interests, for example, when needed for corporate audits, to investigate or respond to a complaint or threat, or to exercise our legal rights.
With your consent, for example, when you agree that we can share your Personal Data with a health care provider.
COOKIES AND OTHER TRACKING TECHNOLOGIES
We automatically process certain types of information whenever you interact with us on our online services and in some emails we may send to you. Automatic technologies we use may include, for example, cookies and web beacons.
Cookies: A cookie is a piece of information that is placed on your computer when you access certain websites. The cookie uniquely identifies your browser to the server. Most web browsers are set up to accept cookies, though you can reset your browser to refuse all cookies or to indicate when a cookie is being sent. Note, however, that some portions of our websites may not work properly if you refuse cookies.
Web Beacons: On certain websites or emails, we may utilize a common Internet technology called a “web beacon” (also known as a “pixel tag”, an “action tag”, or “clear GIF technology”). Web beacons help analyze the effectiveness of advertising campaigns and websites by measuring, for example, the number of visitors to a site or how many visitors clicked on key elements of a website.
Do Not Track (DNT) is a privacy preference that you can set in certain web browsers. Our websites may not recognize or respond to DNT signals, as the industry is currently working toward defining what DNT means and developing a common approach to responding to DNT signals. You can learn more about DNT here.
DATA ANALYTICS
We may use third-party analytics services (such as Google Analytics) on our online services to process information about your use of our online services, for example, knowing which webpage referred you to our services, understanding which pages you visited or usage trends, providing certain features to you, and assisting with fraud prevention. To learn more about Google’s privacy practices, please review the Google Privacy Policy. To prevent Google Analytics from using your information for analytics, you can install the Google Analytics Opt-Out Browser Add-on here.
INTEREST-BASED ADVERTISING
Some of our online services may integrate third-party advertising technologies that allow for the delivery of relevant content and advertising on non-Know Healthtech services that you use. The ads on third-party services may be based on various factors, such as the content of the page you are visiting, your searches, demographic data, and your activities on our websites and third-party services.
We neither have access to, nor does this Notice govern, the use of cookies or other tracking technologies that may be placed on your device to access the services by non-affiliated third parties. To learn more about certain third-party trackers used for interest-based advertising, for example, through cross-device tracking, and to exercise certain choices regarding such technologies, please visit the Digital Advertising Alliance (DAA), Network Advertising Initiative (NAI) , Digital Advertising Alliance-Canada, European Interactive Digital Advertising Alliance, or your device settings if you have the DAA or other mobile app that allows you to control interest-based advertising on your device. We do not control these opt-out links or whether any particular company chooses to participate in these opt-out programs.
The opt-outs described at the links above are device- and browser-specific and may not work on all devices. If you clear cookies on your device or in your browser, you will have to go through the process of opting out again. If you choose to use any of these opt-out tools, this does not mean you will cease to see advertising. Rather, the ads you see will just not be based on your interests.
YOUR RIGHTS AND CHOICES
If you receive promotional communications from us, you may opt out of those communications by following the opt-out instructions in the communication (e.g., through an unsubscribe link in an email or texting “STOP” in response to a text message). If you opt out of receiving promotional communications from us, we may still send you important administrative messages (e.g., updates about your account with us).
In addition, depending on the jurisdiction in which you are located or reside, you may have certain rights with regard to your Personal Data. We will honor your request in accordance with applicable laws and regulations, and we may verify your identity before responding to your request. Please note that the rights described below may be subject to limitations under applicable laws and regulations.
To the extent provided for under applicable law, you may contact us at any time to
Ask what Personal Data we process about you;
Request a copy of your Personal Data;
Request that we correct inaccurate or incomplete Personal Data’
Opt out of or suppress certain Personal Data processing
Request deletion of your Personal Data
Impose restrictions on our processing of your Personal Data; and
Withdraw your consent to certain processing of your Personal Data.
You can exercise these rights by emailing us at privacy@knowrare.com. You may also have the right to lodge a complaint with the privacy or data protection regulator in your state or country of residence.
Residents of the State of California may have additional rights as described in our California Consumer Privacy Act Notice.
DATA SECURITY
Know Healthtech has implemented privacy and security controls designed to help protect your Personal Data. Please note, however, that no security measures are 100% effective, and we cannot guarantee absolute security of your Personal Data. We encourage you to take steps to protect yourself, for example, by not sharing login credentials to your accounts, not sending us sensitive information using unsecure methods (e.g., via unencrypted email), and protecting your devices (e.g., with passwords).
DATA RETENTION
Know Healthtech retains your Personal Data for as long as necessary for the purpose for which it was collected, unless a longer period is required to comply with applicable laws. Our retention periods vary depending on the purpose(s) for which your Personal Data was collected. Some of the criteria we use to assess appropriate retention periods include: (1) the nature of the Personal Data and the activities involved, (2) when and for how long you interact with us, and (3) our legal obligations. To provide security and business continuity we make backups of certain data, which we may retain for longer than the original data.
PRIVACY STATEMENT FOR MINORS
We may process Personal Data about persons under the age of 18 (“Minors”) with the consent of their parent or guardian for the provision of certain services, such as patient support programs or research activities. We do not, however, knowingly solicit Personal Data from, or market or advertise to, Minors. If we become aware that we have collected Personal Data about a Minor without the consent of a parent or guardian, we will take reasonable steps to delete it in accordance with applicable legal requirements. Please contact us as described in the “How to Contact Us” section below to make us aware of Personal Data that we process about a Minor without consent.
THIRD-PARTY RESOURCES
We may provide you with links to or information about third-party resources. For example, we provide patients with information about patient advocacy groups, and we provide researchers with links to clinical trial registries. Please note that we do not control the privacy policies or practices of such third parties, and we encourage you to review the privacy notices of the third parties with which you interact.
UPDATES TO THIS PRIVACY NOTICE
We may change this Notice from time to time, and we will post any changes to this Notice online. The date on which this notice was last updated is included at the beginning of this Notice. We may not notify you of any changes to this Notice, so you should check back occasionally to ensure that you are aware of the most recent version.
HOW TO CONTACT US
The “data controllers” are Know Heathtech Inc. or the Know Heathtech affiliate in the country in which you are located or with which you interact with us.
Regardless, general questions or comments about our privacy practices from anyone anywhere in the world may be directed as follows: