One Cancer Place Privacy Policy

Updated as of December 31, 2023

Introduction

One Cancer Place (“One Cancer Place,” “we,” “our,” or “us”) respects the privacy of your information. This Privacy Policy is designed to assist you in understanding how we collect, use and safeguard the information you provide to us in using our website (the “Site”) and the services provided through our Site (the “Services”).

From time to time, we may change this Privacy Policy. If we do, we will post an amended version on this webpage. If we make material changes to our Privacy Policy, we may also notify you by other means, such as sending an email or posting a notice on our home page. If required by applicable data protection laws, we will obtain your consent to any material changes. Please review this Privacy Policy periodically.

Please also refer to our Terms of Use regarding the proper usage of the Sites and Services.

This Privacy Policy covers the following topics:

1. Note on HIPAA
2. What is One Cancer Place?
3. Collecting and Using Information
4. Cookies and Other Tracking Technologies
5. Third Party Processors
6. International Data Transfers
7. “Do Not Track” Signals
8. Advertising and Marketing Choices
9. Third Party Links
10. Security
11. Children’s Privacy
12. Your Personal Data and Your Rights –United States Only
13. Your Personal Data and Your Rights –Europe and the United Kingdom Only
14. Your Choices and Rights – Rest of the World
15. How to Contact Us

1. Note on HIPAA

As part of engaging with the Service, you may provide Personal Data related to your health and medical conditions. One Cancer Place is not a covered entity under the Health Insurance Portability and Accountability Act (“HIPAA”) and the Personal Data you provide is not regulated by HIPAA. As such, this Privacy Policy is not intended for compliance with HIPAA, nor should you take this policy as a reflection of your rights under HIPAA. All information you provide related to your health and medical conditions is provided on a voluntary basis.

2. What is One Cancer Place?

One Cancer Place provides a network and resources to individuals navigating a cancer diagnosis and treatment. Through our pillars – education, navigation, and community – visitors of the Site and users of the Services can learn more about what their diagnosis is and what it means, find providers in their area, and find support through patient groups.

One Cancer Place is registered as a 501(c)(3) nonprofit organization. We are located at 275 S Harrison Street, Suite 408, Denver, Colorado 80209. One Cancer Place is the data controller of all personal data collected from residents of the European Economic Area or the United Kingdom.

3. Collecting and Using Information

Personal Data We Collect

Through your use of the Site and Services, we will collect personal data from you. For purposes of this Privacy Policy, “Personal Data” refers to any information relating to an identified or identifiable natural person that we maintain in an accessible form.

Information You Provide

When you use the Site or Services, you may voluntarily provide us with the following types of Personal Data:

• Medical Information. You may provide Personal Data related to medical conditions, including your diagnosis, prognosis, and treatment plans. This information is provided on a strictly voluntary basis and is not covered by HIPAA, as disclosed in the “Note on HIPAA” section above.
• Make a Donation. To make a donation, you will provide us with your email address, first and last name, phone number, postal address, and your payment information.
• Location. To find providers and resources near you, you may input your location.
• Sign up for Education. To sign up for coursework, you will provide us with your name, email address, and other contact information as necessary.
• Subscribe to Newsletter. You can subscribe to our newsletter by providing your name and email address.
• Contact Us. When you contact us by telephone or email, you may need to provide us with your name, email address, and/or phone number.
• Interact with our Site or Services. When you send us any feedback, questions, comments, suggestions, ideas, or interact with the Services in any way, you may need to provide us with your sign-in information, name and/or email address.

Information as You Navigate Our Site and Services

We automatically collect certain Personal Data through your use of the Site and Services. We will automatically collect certain Personal Data, such as the following:

• Usage Information. For example, the pages on the Site you access, the frequency of access, and what you click on while on the Site.
• Device Information. For example, hardware model, operating system, application version number, and browser.
• Mobile Device Information. Aggregated information about whether the Site is accessed via a mobile device or tablet, the device type, and the carrier.
• Location Information. Location information from Site visitors on a city-regional basis.

Third Party Information

In some cases, we may receive certain Personal Data from you about a third party. Your information is then provided to One Cancer Place. If you submit any Personal Data about another individual to us, you are responsible for making sure that you have the authority to do so and to allow us to use their Personal Data in accordance with this Privacy Policy.

How We Use Your Personal Data

We use the Personal Data we collect to provide the Services to you, to improve our Services and Site, and to protect our legal rights. In addition, we may use the Personal Data we collect to:

• Communicate with you about our Site or Services, response to a request or question from you, or to inform you of any changes to our Site or Services;
• Provide support;
• Maintain and improve our Site and Services;

• Investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of our terms of use;

• Defend our legal rights and the rights of others;
• Efficiently maintain our business; and
• Comply with applicable law.

How We Share Your Personal Data

We may share the information that we collect about you in the following ways:

• With service providers who perform data services on our behalf (e.g., email, hosting, maintenance, backup, analysis, etc.). Any such service providers will be under an obligation to us to maintain the confidentiality of your Personal Data;
• To service providers to prepare, deploy and analyze advertising content;
• To the extent that we are required to do so by law;
• In connection with any legal proceedings or prospective legal proceedings;
• To establish, exercise, or defend our legal rights, including providing information to others for the purposes of fraud prevention;
• To any person who we reasonably believe may apply to a court or other competent authority for disclosure of that Personal Data where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that Personal Data;
• To any other person or entity as part of any business or asset sale, equity transaction, merger, acquisition or in preparation for any of these events; and
• To any other person or entity where you consent to the disclosure.

4. Cookies and Other Tracking Technologies

“Cookies” are small files of information that are stored by your web browser software on your computer hard drive, mobile or other devices. Like many other companies, we may use cookies and other tracking technologies (such as pixels and web beacons).

We may use the following types of Cookies:

Strictly Necessary Cookies

These Cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these Cookies, but some parts of the Sites will not then work. These Cookies do not store any personally identifiable information.

We may utilize Google reCAPTCHA, which is a free service that protects websites from spam and abuse using advanced risk analysis techniques to tell humans and bots apart. Google reCAPTCHA works differently depending on what version is deployed. For example, you may be asked to check a box indicating that you are not a robot or Google reCAPTCHA may detect abusive traffic without user interaction. Google reCAPTCHA works by transmitting certain types of information to Google, such as the referrer URL, IP address, visitor behavior, operating system information, browser and length of the visit, cookies, and mouse movements. Your use of Google reCAPTCHA is subject to Google’s Privacy Policy and Terms of Use.  More information as to Google reCAPTCHA and how it works is available here.

Performance Cookies

We may use these Cookies to count visits and traffic sources so we can measure and improve the performance of our Sites. They help us to know which pages are the most and least popular and see how visitors move around the Sites. If you do not allow these Cookies we will not know when you have visited our Sites and will not be able to monitor its performance.

We may use Cookies and similar technologies third-party vendors provide to collect information on user behavior (e.g., screens and pages visited, buttons and links clicked, limited information entered, and user taps, keystrokes, and mouse movements). This information enables us to monitor and improve the user experience.

We use Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses Cookies or other tracking technologies to help us analyze how users interact with the Site and Services, compile reports on their activity, and provide other services related to their activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a returning visitor, and any referring website. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. To learn more about Google’s partner services and to learn how to opt-out of tracking of analytics by Google, click here.

Functional Cookies

These Cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these Cookies, then some or all of the Services may not function properly.

Targeting Cookies

These Cookies may be set through our Site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other websites. If you do not allow these Cookies, you will experience less targeted advertising.

Social Media Cookies

These Cookies are set by a range of social media services that we have added to the Sites to enable you to share our content with your friends and networks. They are capable of tracking your browser across other websites and building a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these Cookies, you may not be able to use or see these sharing tools.

How You Can Manage Your Cookies

Browser Settings

Cookies can be blocked by changing your Internet browser settings to refuse all or some Cookies. If you choose to block all Cookies (including essential Cookies) you may not be able to access all or parts of the Sites.

You can find out more about Cookies and how to manage them by visiting www.AllAboutCookies.org.

Platform Controls

You can opt out of Cookies set by specific entities by following the instructions found at these links:

• Google: https://adssettings.google.com

Advertising Industry Resources

You can understand which entities have currently enabled Cookies for your browser or mobile device and how to opt-out of some of those Cookies by accessing the Network Advertising Initiative’s website or the Digital Advertising Alliance’s website. For more information on mobile specific opt-out choices, visit the Network Advertising Initiative’s Mobile Choices website.

Please note that these opt-out mechanisms are specific to the device or browser on which they are exercised. Therefore, you will need to opt out on every browser and device that you use.

5. Third Party Processors

To ensure that your Personal Data receives an adequate level of protection, we have put in place appropriate procedures with the service providers we share your Personal Data with to ensure that your Personal Data is treated by those service providers in a way that is consistent with and which respects the applicable laws on data security and privacy.

For example, we use third-party processors for certain communications, donation tracking, and other processing as necessary for the Services.

6. International Data Transfers

For individuals in Switzerland, the European Union (EU), and other countries outside the United States, please note that we operate internationally and transfer information to the United States for the purposes described in this policy. The United States may have privacy and data protection laws that differ from, and are potentially less protective than, the laws of your country. Your Personal Data can be subject to access requests from governments, courts, or law enforcement in the United States according to the laws of the United States.

7. “Do Not Track” Signals

Some internet browsers incorporate a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the “Do Not Track” signal, the Site does not currently interpret, respond to or alter its practices when it receives “Do Not Track” signals.

 8. Advertising and Marketing Choices

Depending on your location (and reflecting applicable law), you may have been asked to indicate your preferences, provide us with your consent regarding the receipt of such information from us, and indicate how you would like to receive it. Wherever you are located, we will send you marketing communications based on any preferences you may have expressed.

We only want to send you information in which you are interested. If you do not want to receive these communications or would like to understand more about other unsubscribe options, please contact us as set out in the “How to Contact Us” section below.

For email communications, you can opt-out and/or manage your preferences by clicking on the unsubscribe link provided at the bottom of any email you receive from us. You also may submit a request to us at [email protected]. If we call you with information that you do not want to receive, you can advise us of this during the telephone call.

9. Third Party Links

The Site and Services may contain links that will let you leave the Site and Services and access another website. Linked websites are not under our control. Except as stated below, this Privacy Policy applies solely to Personal Data that is acquired on this Site and Services. We accept no responsibility or liability for these other websites.

10. Security

We maintain commercially reasonable security measures to protect the Personal Data we collect and store from loss, misuse, destruction, or unauthorized access. However, no security measure or modality of data transmission over the Internet is 100% secure. Although we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee absolute security.

Users of the Service are responsible for maintaining the security of any password, user ID, or other form of authentication involved in obtaining access to password protected or secure areas of the Service. In order to protect you and your information, we may suspend your use of any of the Service, without notice, pending an investigation, if any breach of security is suspected.

11. Children’s Privacy

The Site and Services are not intended for children under 16 years of age. We do not knowingly collect, use, or disclose Personal Data from children under 16.

 12. Your Personal Data and Your Rights –United States Only

One Cancer Place is a registered 501(c)(3) nonprofit organization and may be exempt from the privacy legislation in your state. However, depending on the state in which you reside, you may have certain privacy rights regarding your personal data. Privacy rights are provided in the “Your Choices and Rights – Rest of the World” section below.

California Shine the Light Law     

We do not disclose Personal Data (referred to as “personal information” under certain state laws, including California and Nevada) obtained through our Site or Services to third-parties for their direct marketing purposes.  Accordingly, we have no obligations under California Civil Code § 1798.83.

Notice to Nevada Residents

Nevada law allows Nevada residents to opt-out of the sale of certain types of Personal Data. Subject to a number of exceptions, Nevada law defines “sale” to mean the exchange of certain types of Personal Data for monetary consideration to another person. We do not currently sell Personal Data as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt-out of sales and we will record your instructions and incorporate them in the future if our policy changes. Opt-out requests may be sent to [email protected].

13. Your Personal Data and Your Rights –Europe and the United Kingdom Only

If you are in a country in the European Economic Area (EEA) or in the United Kingdom, you are entitled to the following explanation of the legal bases we rely on to process your Personal Data and a description of your privacy rights. Please note that depending on where you reside, your relationship with One Cancer Place, and/or the way in which One Cancer Place is regulated in your country of residence, you may not have opportunity to avail yourself of all the privacy rights listed here.

Processing of Special Categories of Personal Data

We may process certain special categories of personal data in connection with our legitimate activities as a not-for-profit organization. For example, the purpose of the services is to provide resources to cancer patients. As such, you may provide information related to your medical diagnosis, prognosis, and treatment plans, which may be considered as part of a special category under GDPR or similar laws. This information is provided on a voluntary basis, and you may revoke your consent to process at any time, in addition to exercising other rights.

Legal Bases for Processing Your Personal Data

The legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.

Consent

We may process your Personal Data based on your consent such as when you create an account or when you ask us to send certain kinds of marketing communications. You have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal.

Our Legitimate Interests

We may process your Personal Data if doing so is necessary for our legitimate interests and your rights as an individual do not override those legitimate interests. For example, when we process your Personal Data to carry out fraud prevention activities and activities to increase network and information security, to market directly to you, to expand our business activities and to improve our services and the content and functionality of our Site.

To Perform a Contract

We may process your Personal Data to administer and fulfill contractual obligations to you.

To Enable Us to Comply with a Legal Obligation

We may process your Personal Data to comply with legal obligations to which we are subject. This may include any requirement to produce audited accounts and to comply with legal process.

Necessary for the Exercise or Defense of Legal Claims

If you bring a claim against us or we bring a claim against you, we may process your Personal Data in relation to that claim.

If you have any questions about or need further information concerning the legal basis on which we collect and use your Personal Data for any specific processing activity, please contact us using the “How to Contact Us” section below.

Your Rights

Access Your Personal Data

You have the right to obtain from us confirmation as to whether or not we are processing Personal Data about you and, if so, the right to be provided with the information contained in this Privacy Policy. You also have the right to receive a copy of the Personal Data undergoing processing.

Rectify Your Personal Data

You have the right to ask us to rectify any inaccurate Personal Data about you and to have incomplete Personal Data completed.

Restrict Our Use of Your Personal Data

You have the right to ask us to place a restriction on our use of your Personal Data if one of the following applies to you:

• You contest the accuracy of the information that we hold about you, while we verify its accuracy;
• We have used your information unlawfully, but you request us to restrict its use instead of erasing it;
• We no longer need the information for the purpose for which we collected it, but you need it to deal with a legal claim; or
• You have objected to us using your information, while we check whether our legitimate grounds override your right to object.

Object to Our Use of Your Personal Data

You have the right to object to our use of your Personal Data where our reason for using it is based on our legitimate interests or your consent (rather than when the reason for using it is to perform an obligation due to you under a contract with us).

Delete Your Personal Data

You can ask us to delete your Personal Data if:

• We no longer need it for the purposes for which we collected it;
• We have been using it with no valid legal basis;
• We are obligated to erase it to comply with a legal obligation to which we are subject;
• We need your consent to use the information and you withdraw consent;
• You object to us processing your Personal Data where our legal basis for doing so is our legitimate interests and there are no overriding legitimate grounds for the processing.

However, this right is not absolute. Even if you make a request for deletion, we may need to retain certain information for legal or administrative purposes, such as record keeping, maintenance of opt-out requirements, defending or making legal claims, or detecting fraudulent activities. We will retain information in accordance with the “How Long Is Your Personal Data Kept” section below.

If you do exercise a valid right to have your Personal Data deleted, please keep in mind that deletion by third parties to whom the information has been provided might not be immediate and that the deleted information may persist in backup copies for a reasonable period (but will not be available to others).

Transfer Your Personal Data to Another Service Provider

You may request that we transfer some of the Personal Data you have provided to you or another service provider in electronic copy. This applies to Personal Data we are processing to service a contract with you and to Personal Data we are processing based on your consent.

To exercise any of these rights, please contact us as described in the “How to Contact Us” section below.

Make a Complaint

If you have any concerns or complaints regarding our processing of your Personal Data, please contact us as described in the “How to Contact Us” section below and we will do our best to answer any question and resolve any complaint to your satisfaction.

If, for whatever reason, you feel we do not meet the standards you expect of us, you are also entitled to make a complaint to your local supervisory authority:

EU Data Protection Authorities (DPAs)

Swiss Federal Data Protection and Information Commissioner (FDPIC)

Information Commissioner’s Office (United Kingdom)

How Long Is Your Personal Data Kept?

We will retain your Personal Data for as long as necessary to fulfill the purposes for which we collect it and as set out in this Privacy Policy and for the purpose of satisfying any legal, accounting, or reporting requirements that apply to us.

14. Your Choices and Rights – Rest of the World

Depending on the jurisdiction in which you are located, you may have certain rights with respect to your Personal Data. Please note that depending on where you reside, your relationship with One Cancer Place, and/or the way in which One Cancer Place is regulated in your country of residence, you may not have opportunity to avail yourself of all the privacy rights listed here or available to you under the law. For example, you may have the following rights:

• Right to access your Personal Data;
• Right to receive a copy of your Personal Data, including in a machine-readable format;
• Right to delete your Personal Data;
• Right to update your Personal Data;
• Right to correct inaccurate, out-of-date, or irrelevant Personal Data;
• Right to anonymization, blocking or deletion of unnecessary or excessive Personal Data or Personal Data processed in noncompliance with applicable law;
• Right to receive information about public and private entities with which we have shared your Personal Data;
• Right to information about the possibility of denying consent and the consequences of such denial;
• Right to revoke consent;
• Right to data portability;
• Right to confirm that we are processing your Personal Data;
• Right to restrict our processing of your Personal Data;
• Right to opt out of targeted advertising, sales, and shares;
• Right to not be subject to automated decision-making;
• Right to a verification procedure that provides whether we are in compliance with the applicable law;
• Right to object to or opt out of direct marketing from us; and
• Right to not receive discriminatory treatment for exercising your rights.

If you would like to exercise your legal rights, please contact us at [email protected]. We will process your request in accordance with any applicable legal requirements.

For a description of the legal bases for which we collect your Personal Data, please see the section “Your Personal Data and Your Rights –Europe and the United Kingdom Only - Legal Bases for Processing Your Personal Data” above.

15. How to Contact Us

For questions or concerns about our privacy policies or practices, please contact us at:

One Cancer Place
275 S Harrison Street, Suite 408
Denver, CO 80209
[email protected]