The Cancer Research Institute (CRI) is committed to maintaining the privacy of our Website visitors, donors, scientists, patients, and others, and upholds the confidentiality of your personal data. CRI does not share, sell, rent, or trade information about its donors and other contacts.
This notice (together with our any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting our website or portals (sites) you are accepting and consenting to the practices described in this notice.
We will collect and process the following data about you:
- Information you give us. This is information about you that you give us by filling in forms on our sites or by corresponding with us by phone, email, or otherwise. The information you give us may include your name, address, email address and phone number, and financial and credit card information.
- Information we collect about you. With regard to each of your visits to our sites we will automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, and operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through, and from our site (including date and time), webpages you viewed; page response times, download errors, duration of page visits, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page and any phone number used to call our customer service number.
- Information we receive from other sources. We work closely with third parties (including, for example, business partners; sub-contractors in technical, payment, and delivery services; advertising networks; analytics providers and search information providers).
Cookies
A cookie is a piece of text that is stored on your computer by your web browser. We use cookies to monitor how people use our site so we can develop and improve the design, layout, and function of the site.
Cookies enable us to identify your device. We use cookies that are strictly necessary to enable you to move around the site or to provide certain basic features. We use cookies to enhance the functionality of the website by storing your preferences, for example. We also use cookies to help us to improve the performance of our website to provide you with a better user experience. We also allow cookies that may be served where we embed social media links, such as share buttons with Twitter, YouTube, and LinkedIn.
If you do not want us to use cookies in your browser, you can remove cookies from your computer's hard drive, or set your browser to block cookies or to send a warning notice before a cookie is stored on your computer. However, please note that you may not be able to use many of the services on our website or other websites without cookies.
More detailed information on cookies can be found at www.allaboutcookies.org.
The legal basis for processing your personal data
In order to comply with applicable data protection laws, we are required to set out the legal basis for the processing of your personal data. In accordance with the purposes for which we collect and use your personal data, as set out above, the legal basis for processing your personal data will typically be one of the following:
- our own or our third parties’ legitimate business interests (for example, in maintaining and promoting our business by providing customers with feedback opportunities or other instances where we have carried out a legitimate interests assessment and have established an existing legitimate interest);
- the performance of a contract that we have in place with you;
- your consent where appropriate;
- to protect your vital interests; or
- compliance with our legal obligations.
Uses made of the information
We use information held about you in the following ways:
- Information you give to us. We will use this information:
- to process and receive your donation, to register your attendance at an event or meeting, to process and receive a grant application, to build a Website User Profile (such as an ImmunoCommunity profile), to carry out our obligations arising from any contracts entered into between you and us, and to provide you with the information and services that you request from us;
- to provide you with newsletters and other information about events, meetings, and services we offer that are similar to those that you have already purchased or enquired about;
- to notify you about changes to our service;
- to ensure that content from our site is presented in the most effective manner for you and for your computer.
- Information we collect about you. We will use this information:
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical, and survey purposes;
- to operate our organization in an efficient and effective manner, including determining return on advertising investment;
- to improve our site or communications to ensure that content is presented in the most effective manner for you and for your computer;
- as part of our efforts to keep our site safe and secure;
- Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Disclosure of your information
You agree that we have the right to share all or some of your personal information, as appropriate, with:
- Selected third parties including:
- business partners, suppliers, and sub-contractors for the performance of any contract we enter into with them or you;
- analytics and search engine providers that assist us in the improvement and optimization of our site;
We will disclose your personal information to third parties:
- In the event that we sell or buy any assets or undergo other organizational changes, in which case we will disclose your personal data to the prospective seller or buyer as part of a transaction.
- If all or some of our assets are acquired by a third party, in which case personal data held by us about our customers and employees will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply other agreements; or to protect the rights, property, or safety of us, our customers, or others.
Where and how we store your personal data
The data that we collect from you is stored on our servers which are behind firewalls and located in the USA. Donations made through our site are encrypted using 128-bit SSL encryption. Donor anonymity will be respected if requested and where applicable. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with applicable law and this privacy notice.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Records retention
We will keep your personal data for as long as we need it, or as otherwise prescribed by law, for the purposes set out above, and so this period will vary depending on your interactions with us. For example, where you have contracted with us, we will keep a record of your payment for the period necessary for invoicing and tax purposes. We may also keep a record of correspondence with you (for example, if you have made a complaint or raised a concern) for as long as is necessary to protect us from a legal claim. Our data retention policy further describes our retention practices. Please note that where you unsubscribe from our marketing communications, we will keep a record of your email address to ensure we do not send you marketing emails in future.
Your rights re marketing
Where applicable law applies, you have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.
Our site may, from time to time, contain links to other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Social media features
Our site may include social media or lead generation features, such as Facebook or Twitter buttons and widgets, a share button or widget, or an email subscription pop-up. These features may collect your IP address and which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media and lead generation features and widgets may be hosted by a third party and your interactions with these features and widgets are governed by the privacy notice of the company providing it.
Children
Our site is directed at an adult audience and we do not knowingly collect information from or about children.
Data subject rights
A Data subject (i.e., a natural person whose personal data is processed by a controller or processor) in the EEA and other jurisdictions may have rights in relation to their personal data which include:
- Right to rectification. Data subjects may request that we rectify any inaccurate or incomplete personal data.
- Right to withdraw consent. Data subjects may at any time withdraw their consent to the processing of their personal data carried out by us on the basis of their previous consent. Such withdrawal will not affect the lawfulness of processing based on such previous consent.
- Right to make a subject access request (SAR). Data subjects may request in writing copies of their personal data. However, compliance with such requests is subject to certain limitations and exemptions and the rights of other individuals. Each request should make clear that a SAR is being made. You may also be required to submit a proof of your identity and any payment permitted by law, where applicable.
- Right to object to processing including automated processing and profiling. We do not make automated decisions about data subjects. However, we may rely on information provided by third parties such as credit reference agencies which may score data subjects on the basis of automated decisions. Profiling may be carried out for business administration purposes, such as monitoring trends in user visits of our website and in order to deliver relevant ads to users’ devices. We will comply with valid objection requests unless we have a compelling overriding legitimate ground for the continuation of our processing or we have another lawful reason to refuse such requests. We will comply with each valid opt-out request in relation to marketing communications.
- Right to erasure. Data subjects may request that we erase their personal data. We will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping the personal data, such as our business record retention obligations that we have to comply with.
- Restriction. Data subjects may request that we restrict our processing of their personal data in various circumstances. We will comply, unless there is a lawful reason for not doing so, such as a legal obligation to continue processing your personal data in a certain way.
- Right to data portability. In certain circumstances, data subjects may request the controller to provide a copy of their personal data in a structured, commonly used and machine-readable format and have it transferred to another provider of the same or similar services. We do not consider that this right applies to our Services. However, to the extent it does, we will comply with such transfer request. Please note that a transfer to another provider does not imply erasure of the data subject’s personal data which may still be retained for legitimate and lawful purposes.
- Right to lodge a complaint with the supervisory authority. We suggest that data subjects contact us about any questions or complaints in relation to how we process their personal data. However, each data subject has the right to contact the relevant supervisory authority directly.
Changes to our privacy policy
Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.
Contact
Comments, questions, or requests regarding the Cancer Research Institute’s Privacy Policy should be directed to:
Email: data@cancerresearch.org
Phone: (800) 99-CANCER (800-992-2623)
Mail: Cancer Research Institute, Data Privacy, 29 Broadway, Floor 4, New York, NY 10006-3111
CRI’s annual report can be obtained by request from the New York State Attorney General’s Charities Bureau, 28 Liberty Street, New York, NY 10005 or from the Cancer Research Institute.
UPDATED February 21, 2020