Effective as of: March 15, 2019 JDRF VALUES THE PROTECTION OF INDIVIDUAL PRIVACY AND IS COMMITTED TO THE PRIVACY OF THOSE WHO VISIT AND USE OUR WEBSITES. THIS DOCUMENT SETS FORTH THE PRIVACY POLICY (“PRIVACY POLICY”) FOR JDRF (“WE”, “US” OR “OUR”) WEBSITES (COLLECTIVELY, “SITE”). FOR PURPOSES OF THIS PRIVACY POLICY ONLY, REFERENCES TO “JDRF”, “WE”, “US” AND “OUR” INCLUDE TYPEONENATION.ORG (“T1N”). WHERE APPLICABLE, THIS PRIVACY POLICY INCLUDES THE CHILD PRIVACY POLICY ADDENDUM. THIS PRIVACY POLICY GOVERNS THE MANNER IN WHICH JDRF COLLECTS, USES, MAINTAINS, DISCLOSES AND SECURES INFORMATION COLLECTED FROM USERS OF THE SITE. YOU SHOULD READ THIS PRIVACY POLICY. EXCEPT FOR THE LIMITED SITUATIONS MENTIONED BELOW, JDRF DOES NOT SHARE OR SELL DONOR INFORMATION COLLECTED ONLINE.

I. INFORMATION COLLECTION AND USE

Each time you visit the Site, we collect information about you based on your consent.

A. Personally Identifiable Information

We collect personally identifiable information about you when you visit the Site.

During your interactions with the Site, when you register with the Site or make a donation or agree to volunteer, we collect the following types of information: your name, date of birth, postal address, email address, telephone number, credit card information (for online donations), your personal connection to type 1 diabetes (T1D), and your preferences for receiving additional information such as newsletters, IP Address, internet service provider, browser, operating system, device type, screen size, location (country, region, state, city), language preference, webpages visited, time spent on the website, clicks, referring website.

We use this information, upon the following legal bases, to: validate Site users based on our legitimate interest in sharing information about JDRF and soliciting support, to facilitate participation in various JDRF services such as fundraising and community forums as offered through the Site based on our legitimate interest in further the mission of JDRF, to process any donations that you make through the Site based on your consent, to contact you regarding the Site, our services, or your account based on consent/legitimate interest in promoting the fundraising and research goals of JDRF, if you send us an e-mail, we will retain it and any response we make in order to handle any follow-up questions you may have, and to measure how effectively we address your concerns based on our legitimate interest in communicating with you regarding inquiry; and

You may also submit information that personally identifies you or someone you know, including any medical condition or connection to T1D, when you post to any public forum that is offered through the Site, such as through the “Share your Story” tab, web logs, bulletin boards, or other forums which permit users to interact online. Any information you transmit online in such forums will be made public and JDRF cannot control nor is it responsible for the use any third party may make of such information. You should understand that any information that you submit on any public forum through the Site is not and cannot be treated as confidential by us. Your participation on these forums and public post boards is voluntary, and you consent to full public disclosure of any personally identifiable information that you submit through such forums.

JDRF processes personal information provided in discussion forums based on its legitimate interest in promoting awareness of Type 1 diabetes,

To help us enhance and optimize users’ overall Site experience, based on our legitimate interest in providing you with better and more targeted content that you find useful, we also collect information during your Site visits, such as pages most frequently accessed by you, time spent on a page or area of the Site, mouse movements, non-sensitive text entered, the number of visits to the Site by you, types of browser used by you, cookie preferences or search terms entered by you. We can tell the type of computer and web service that you are using, as well as its location, and the date, time, and pages that you visit. Examples of information may include your Internet access provider, your computer’s Internet protocol (IP) address, your browser and operating system, the date and time of your visit, and data based on your use of the Site.

JDRF collects and uses this information in order to, among other things, provide you with or assist in the provision of information through the Site and to maintain the performance of the Site. Record Retention and Data Minimization JDRF retains such personally identifiable information only for as long as is necessary depending on the reason for your submission (which could extend beyond the transaction that you are performing on the Site), and collects no more personally identifiable information than is reasonably necessary to provide you with the services for which the information is collected. Disclosure to Third Parties We do not share this personally identifiable information with any third parties except in the very limited circumstances as noted below, in the “Disclosure of Information” section VI, and in the “Child Privacy Policy Addendum” where applicable there.

B. Cookies

Like most standard website servers, JDRF uses cookies and to collect information about how you use the Site. A cookie is a small, unique text file that a website can send to your computer hard drive when you visit a website. Cookies allow us to provide visitors to our Site with certain conveniences, such as delivering unique content or providing easy log-on access. We also use cookies to track the path of users through our Site, and to keep track of where they came from (for example, if they arrive via a search engine). You can choose to set your web browser to turn off cookies, but if you do, you may lose certain features when navigating on the Site. We do not link the information we store in cookies to any personally identifiable information you submit to us through the Site.

II. SECURITY

A. Encryption

We make reasonable efforts to protect personally identifiable information received from users of our Site from unauthorized use of disclosure. We do not allow unauthorized access via the Internet to the portion of our server that contains personally identifiable information. We use standard security protocols and mechanisms to exchange the transmission of sensitive data such as credit card information. When you enter sensitive personal information such as your date of birth and credit card information on our Site, we encrypt it using secure socket layer (SSL) technology.

B. Additional Safeguards

JDRF maintains reasonable physical, electronic and procedural safeguards such as intrusion prevention, intrusion detection, firewalls, disaster recovery anti-virus, anti-malware, cybersecurity awareness training, penetration testing, vulnerability scans, and mobile device management to protect the confidentiality and security of any personally identifiable information that you disclose to us. We limit access to your personally identifiable information within JDRF and JDRF’s affiliates to those employees who need to know such personally identifiable information to provide information, services and/or products to you. However, due to the nature of the Internet and computer systems, no transmission of data over the Internet is guaranteed to be completely secure, regardless of our best intentions. As such, JDRF cannot ensure or warrant the security of any personally identifiable information you transmit to us.

III. EXTERNAL LINKS OR REFERENCES

While JDRF does not display any third party advertising on the Site, the Site may contain links or references to other parties’ websites, including sponsors of JDRF or JDRF’s services. JDRF is not responsible for the privacy or other practices of any such outside websites, and JDRF expressly disclaims any and all liability related to such websites. We encourage our users to consider this before deciding to visit such outside websites and to read the applicable privacy policies and terms of use of each such website.

IV. CHILDREN’S DATA/CHILDREN’S ONLINE PRIVACY PROTECTION ACT (COPPA)

We are committed to comply with any applicable laws and/or requirements that are intended to afford protection to children, such as the United States Children’s Online Privacy Protection Act. Unless you are visiting a Site for which the Child Privacy Policy Addendum is attached and applicable, use of the Site by anyone under the age of 13 is prohibited. For the T1N website, children under the age of 13 are not allowed to visit or otherwise use that website.

V. COMMUNICATIONS FROM JDRF

We send all new members a welcome email. From time to time, we will also send email notification, mail or call you to provide you with information concerning updates or enhancements to our services, account issues, or service-related announcements. Generally, you may not opt-out of these communications. If you do not wish to receive them, you have the option to deactivate your on-line account.

VI. DISCLOSURE OF INFORMATION

A. Disclosure to Agents of JDRF

JDRF may need to share your information with third parties in limited circumstances. For instance, and from time to time, we may share the information you provide to us, including personally identifiable information, with outside contractors, auditors, consultants, or others hired by us to assist in providing financial, operational or research activities on our behalf. We require these parties to use such personally identifiable information only for the specifically intended and authorized purpose, on behalf of JDRF, and consistent with this Privacy Policy. Also, personal data is be shared with third parties, such as our sponsors or third party service providers, who use this de-identified information to study and understand Site user preferences and to provide better Services and content.

B. Disclosures to Other Charitable Organizations

JDRF participates in a list exchange in which we share very limited personally identifiable donor information with select other non-profit charitable organizations. We do this in order to enhance our ability to get and retain additional donors, which ultimately strengthens our ability to provide you with more superior services. The only personally identifiable information about donors that we share on the list exchange with these other charitable organizations is limited to the donor’s name, mailing address, and the duration of the donation made to us (such as a yearly donation). We do not share any other donor personally identifiable information with the list exchange, including the amount of the donation. If you wish to opt-out of this sharing of limited personally identifiable information with the list exchange, you may do so by contacting us in writing or email, through the address shown in this Privacy Policy below.

C. Disclosures Required by Law

From time to time, JDRF may be required to provide personally identifiable information or non-personally identifiable information in response to a valid court order, subpoena, government investigation, or as otherwise required by law, or if we reasonably believe that you have committed unlawful acts or acts that may endanger the health or safety of another user or the general public. JDRF also reserves the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful. We may release such information when we believe that its release is reasonably necessary to protect the rights, property, and safety of others and ourselves.

D. Opting In Through Other Venues

Please be advised that if you provide consent and allow JDRF to disclose your personally identifiable information through one JDRF venue (such as the Site), you will be deemed to have “opted in” through all JDRF venues. E. Business Transitions In the event JDRF goes through a business transition, such as a merger, being acquired by another company, bankruptcy, or selling a portion of its assets, unless personally identifiable information is collected through a Site for which the Child Privacy Policy Addendum is applicable, users’ personally identifiable information may be part of the assets transferred.

VII. UPDATING INFORMATION

You may review, request corrections, or ask that we delete the personally identifiable information we collect from you. You may do this by contacting JDRF using the contact information provided at the end of this Privacy Policy. You have certain rights relating to your Personal Data, subject to local data protection laws. Depending on the applicable laws and, in particular, if you are located in the EEA, these rights may include:
To access your Personal Data held by JDRF (right to access);
To correct inaccurate, out of date or incomplete Personal Data (right to rectification);
To erase your Personal Data, to the extent permitted by applicable data protection laws (right to be forgotten);
To restrict our processing of your Personal Data, to the extent permitted by law (right to restriction of processing);
To transfer your Personal Data to another controller, to the extent possible (right to data portability);
To object to any processing of your Personal Data carried out on the basis of our legitimate interests, for the purposes of direct marketing and any automated decision-making (right to object).

To the extent our processing your Personal Data is based on your consent, you have the right to withdraw your consent at any time. To communicate any concerns about our processing of your Personal Data with data protection authorities located in the EEA.

VIII. GENERAL

A. Privacy Policy Changes

Our Privacy Policy is intended to provide you with a safe and secure experience. We reserve the right to change, modify, add or remove portions of our Privacy Policy at any time without prior notice at our sole discretion. If we decide to change our Privacy Policy, we will post those changes on the Site and other places we deem appropriate. We will use information in accordance with the Privacy Policy under which the information was collected. All Privacy Policy changes are effective immediately upon posting. The last date on which this Privacy Policy has been updated is noted above.

B. Consent to Receive Notices Via the Site

By consenting to our use of your personally identifiable information to the Site, you are agreeing that JDRF may deliver all privacy and related notices to you in the manners described in this Section.

IX. CONTACT INFORMATION

Questions or comments regarding this Privacy Policy should be directed to JDRF using the following contact information:

JDRF Attention: Privacy Policy
200 Vesey Street, 28th Floor
New York, NY 10281
Email: privacy@jdrf.org
Telephone: 1-800-533-CURE (2873)
Fax: (212) 785-9595

X. LIMITATION OF LIABILITY

YOU UNDERSTAND AND AGREE THAT ANY DISPUTE OVER PRIVACY IS SUBJECT TO THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY (WHICH INCLUDES, WHERE APPLICABLE, THE CHILD PRIVACY POLICY ADDENDUM) AND JDRF’S TERMS OF USE (INCLUDING ANY INDEMNIFICATION AND LIMITATIONS ON DAMAGES CONTAINED THEREIN). CHILD PRIVACY POLICY ADDENDUM Effective as of: March 15, 2016 JDRF (“WE”, “US” OR “OUR”) PRIVACY POLICY, LINKED AT THE BOTTOM OF JDRF’S WEBPAGES, DESCRIBES HOW JDRF COLLECTS AND USES PERSONALLY IDENTIFIABLE AND OTHER USER INFORMATION. THIS DOCUMENT (“CHILD PRIVACY POLICY ADDENDUM”), WHICH IS A PART OF THE PRIVACY POLICY, SETS FORTH ADDITIONAL PRIVACY POLICY TERMS AND CONDITIONS APPLICABLE TO THE COLLECTION AND USE OF SUCH INFORMATION FROM CHILDREN UNDER 13 YEARS OF AGE. THIS CHILD PRIVACY POLICY ADDENDUM DOES NOT APPLY TO T1N, HOWEVER, AND FOR PURPOSES OF THE T1N WEBSITE, CHILDREN UNDER THE AGE OF 13 ARE NOT ALLOWED TO VISIT OR OTHERWISE USE THAT WEBSITE. INFORMATION COLLECTION AND USE

Child Personally Identifiable Information

JDRF is a non-profit organization dedicated to finding a cure for diabetes and its complications through the support of research. Kids Walk is an online program designed to teach students about diabetes and to raise funds for type 1 diabetes research.

You, for yourself or your child under the age of 13 for which you are a parent/legal guardian, may be prompted to provide for some or all of the following types of information (referred to as “child personally identifiable information”) in order to register, access various content or features, or otherwise participate in Kids Walk:
Contact information, such as name or e-mail address
User name and password;
Geolocation information;
Other information, such as school, city, state, and zip code;
Communications preferences;
Search queries;
Comments and other information posted through interactive online features;
Correspondence you send to us.

We use child personally identifiable information collected through the Site to validate Site users and facilitate participation in the Kids Walk program all for the sole benefit of the participating schools and such schools’ students. We do not share child personally identifiable information with any third parties except the child’s respective school where necessary to facilitate the child’s involvement in Kids Walk. JDRF does not condition a child’s participation in Kids Walk on the child disclosing more personal information than is reasonably necessary to participate in such activity.

Correcting/Updating/Deleting/Deactivating Personal Information

A user 13 or over or the adult parent or guardian of a user under 13 may review, request corrections, ask that we delete, or refuse further collection or use of the personally identifiable information JDRF collects from such user or the child or children for which such user is the legal guardian. Such user may do this by contacting JDRF at:

Postal Address:
JDRF Attention: Privacy Policy
200 Vesey Street, 28th Floor
New York, NY 10281
Email: privacy@jdrf.org
Telephone: 1-800-533-CURE (2873)
Fax: (212) 785-9595

Consent to Receive Notices Via the Site

By using the Site or submitting personally identifiable information to the Site (and, for parents or guardians of children under the age of 13, having consented to your child’s use of the Site), you are agreeing that JDRF may deliver all privacy and opt out notices to you in the manners described in the Privacy Policy.