Privacy Statement

Sanford Health acknowledges and respects any individual's right to privacy. We take your concerns related to privacy and security seriously. We therefore want you to know how we may collect, process, use, share, and protect your information that we acquire through the Coordination of Rare Diseases at Sanford registry (CoRDS). Participants who also are patients of Sanford Health should consult the Notice of Privacy Practices, a separate document which references how patient medical information (protected health information) may be used or disclosed.

This Privacy Statement applies to that portion of sanfordhealth.org and sub-domains specific to the CoRDS registry, which we will refer to as our "website".

Information We Collect and How It Is Used

Visitors can browse the Sanford Health and CoRDS website without providing any personal information. Certain pages contain forms that give visitors the option of enrolling in CoRDS as a registry participant by signing an informed consent document. To do so you must provide us with contact information including name, physical address, phone, email address and other personal data if you choose to enroll. Providing this information is voluntary. The information you submit is used to enroll you in the CoRDS registry and shared internally with Sanford Health employees who need this information to complete your enrollment, help respond to your requests, or improve Sanford Health operations. Information submitted may be also be used to evaluate the technical functionality of our website. Information provided may also be utilized to address inappropriate use or communications associated with our website.

Retaining and Deleting Personal Data

This Section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. The current CoRDS protocol does require that we keep data for participants indefinitely. In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the legal retention requirements applicable to the research protocol governing CoRDS. Notwithstanding the other provisions of this Section, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Sharing Information with Third Parties

We do not share personal information with third parties unrelated to Sanford Health, except when required to for legal purposes or investigations. We will ask for your permission before sharing your personal data with other rare disease registries or researchers working in the rare disease field of medicine. We may share your personal data with third parties who we have contracted with to help us provide you services. We will ensure that these third parties have agreed not to use or disclose your personal information except to help us provide the services.

Your Rights

You have certain rights under privacy and data protection law specific to the CoRDS registry and the General Data Protection Regulation. Some of the rights are complex, and not all of the details have been included in our summary. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

Your principal rights under data protection law are:
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority; and (h) the right to withdraw consent.

You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

In some circumstances you have the right to the erasure of your personal data without undue delay. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.

In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.

You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

You have the right to receive your personal data from us in a structured, commonly used and machine-readable format.

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. If you reside in the EU, you may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. If you do not reside in the EU, you may contact Sanford CoRDS directly to make your complaint.

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

You may exercise any of your rights in relation to your personal data contacting us via any of the contact information listed at the end of this notice.

Newsletters, Email Communications, and Other Related Services

CoRDS may offer you with the opportunity to receive e-newsletters and e-publications related to the ongoing operation of CoRDS at Sanford Health. You can sign up for free and can unsubscribe at any time through the contact information contained in those communications.

Other communications that you send to us via email may be shared with a CoRDS customer service representative or other Sanford Health employee that is best able to respond to your inquiry. Email communications are not completely secure or confidential. It is possible that an email may be accessed or ready by other Internet users. Please do not use email for communications you wish to keep protected and secure.

IP Addresses

Our Internet server automatically tracks the Internet Protocol (IP) address of the computers that access our site. An IP address is a number that is assigned to your computer when you access the Internet. IP addresses are not personally identifiable information because different individuals may use the same computer to access the Internet. Sanford Health may use this information to evaluate how visitors navigate our websites and help improve the content.

Tracking Technologies

Sanford Health, or any third party advertising partners we choose to work with, may employ various tracking technologies such as cookies, web beacons and analytics software. These tools help us manage the content on our websites by informing us what content is useful to visitors.

Cookies

When you visit our website we may send one or more "cookies" to your computer or other internet browsing device. Cookies are alphanumeric identifiers stored on your computer through your web browser and are used by most websites to help personalize your browsing experience. Cookies may facilitate additional website features for enhanced performance of your web experience such as remembering preferences, allowing social interactions, analyzing usage for website optimization, providing custom content, allowing third parties to provide social sharing tools, and delivering images or videos from third party websites. Some features of our website will not function if you do not allow cookies. We may link the information we store in cookies with any other information you submit while on our website.

We may use both session ID cookies and persistent cookies. A session ID cookie expires when you close your internet browser. A persistent cookie is stored on your computer. Cookies enable us to track and target the interest of our visitors to enhance your experience on our website. You can learn how to remove persistent cookies by following the directions provided in the "Help" portion of your Internet browser.

Web Beacons

We may use Web Beacons alone or with cookies to collect information about our website content. Web Beacons are tiny graphic objects that are embedded in a web page or email and are usually invisible to the user but allows verification that a user has viewed the web page or email. Web Beacons may be used to track web page visits or form submissions. In some cases, the Web Beacon may be tied to the information submitted by visitors to our website. This technology allows us to evaluate the effectiveness of our website and any Sanford Health advertising or marketing campaigns.

Third Party Tracking Technologies

The use of cookies or web beacons by any third party service provider is not covered by our Privacy Statement. We do not have access or control over these technologies utilized by third parties.

Analytics Software

We and any third party tracking-utility parties we partner with may use log files on our website to gather certain information automatically and store for analytical purposes. This information includes internet (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to track and compile non-personal information to analyze trends, monitor visitor traffic within our website content, and gather aggregate demographic information about our visitors. We may combine this log file information with other information we collect from or about you to help improve the services we offer, our marketing, analytics or website functionality.

Social Media Features and Widgets

Sanford Health websites may contain various features that allow visitors to interact with our website content via their chosen social media platform, such as the Facebook "Like" or "Share" buttons. Use of these interactive widgets or mini-programs on our website is voluntary. These services are provided to enhance your browsing experience and ability to communicate information from our website to the audience of your choice. These social media features are hosted by a third party and governed by the Privacy Statement of the company providing those services.

We may provide you with the opportunity to share information from our website with a friend or make a referral by providing an email address or other contact information for that person. We will use that contact information to provide information about CoRDS.

Links to Other Websites

Our website content may contain links to other websites not owned by Sanford Health. These third party websites have different privacy notices and practices. If you submit any information to those websites, your information is governed by the Privacy Statement published on that website. We encourage you to carefully read the Privacy Statement for any website you visit.

Public Forums

Our website may offer publicly accessible blogs, community forums or message boards. Be aware that any personal information you disclose in those public forums may be collected and used by others outside the control of Sanford Health. Please contact the posted administrator of a particular forum to request removal of your personal information. In some cases we may not be able to remove your information.

Legal Disclosure

We reserve the right to disclose personal information as required by law, such as to respond to a subpoena or other mandatory legal process. We may disclose personal information when we believe in good faith that the disclosure is necessary to protect our rights, to protect the safety of others, investigate fraud, or respond to government requests.

Security of Your Information

Sanford Health provides reasonable and appropriate security measures to protect our website content and any personal information you may provide against foreseeable hazards. When you enter sensitive information (such as a credit card number) on our forms, we encrypt the transmission of that information using secure socket layer technology (SSL). When you come across a web page that is secured, your browser will likely display a "closed lock" or other symbol to inform you that SSL has been enabled. The web address should start with "https://" rather than "http://". SSL allows a secure connection between your web browser and a web server. No computer system or information however can ever by fully protected from every possible threat or hazard and therefore we cannot warrant the security of any information you transmit to us, and you do so at your own risk.

Protecting Children's Privacy

Sanford Health is committed to protecting children's privacy on the Internet. We do not knowingly collect personal information from children.

Changes to the Privacy Statement

We may change or update our Privacy Statement over time. Notification of material changes will be on our website. This Privacy Statement was last updated on April 24, 2018.

Contact information

If you have questions regarding this Privacy Statement you can contact us via email at cords@sanfordhealth.org or via mail at:

Sanford Health Coordination of Rare Diseases Route 5031
PO Box 5039
Sioux Falls, SD 57117-5039
Phone: 1-877-658-9192

Sanford Health's Data Protection Officer's contact information is as follows:
Chief Privacy Officer
Sanford Health
PO Box 5039
Sioux Falls, SD 57117-5039
privacyoffice@sanfordhealth.org