UPDATED: January 31, 2021
The Superficial Siderosis Patient Registry is owned and maintained by the Superficial Siderosis Research Alliance, INC. (aka SSRA) The SSRA is a registered 501(c)(3) nonprofit organization. U.S. Federal Tax ID 84-2515094 incorporated in the State of Wisconsin, United States. The main corporate office is located at N28W24389 Single Tree Ct. Pewaukee, WI 53072
The Superficial Siderosis Patient Registry web site and all databases are administrated from an office in the state of Texas, the United States, located at 975 County Road 1124 Linden, TX 75563
The Superficial Siderosis Research Alliance is committed to protecting the privacy of our participating members. To better protect your privacy, we provide this notice explaining our information practices. To make this notice easy to locate, we make it available as a link on our home page. We define personal information to include: name(s), email address, mailing address, survey responses, registry information and non-public information included in your correspondence with us.
When you contact the Superficial Siderosis Patient Registry Coordinator at email@example.com, your email address and other information included in your email may be forwarded by the registry administrator to the appropriate person(s) within the SSRA for a response. A copy of all correspondence by the responding individual.
The Superficial Siderosis Patient Registry has established and maintains a mailing database. The mailing list includes families of affected individuals, friends, physicians, scientists, contributors, and others. The SSRA will never release our mailing list or our member families’ names to any outside organization or third party unless required to do so by law. However, if an outside organization sends us information for distribution to Superficial Siderosis Patient Registry participants, we may mail or electronically forward it to you after proper approval.
Information determined to be confidential can only be released by written or verbal permission by the subject of the information or organization that owns the information. Verbal permission may be valid in limited circumstances. Any general release must be in writing. Information may be released if required by law, such as in response to an investigation or subpoena. The Superficial Siderosis Patient Registry web site provides links to other sites that may be of interest. The SSRA is not responsible for the privacy practices or content of other such web sites.
The SSRA is firmly committed to maintaining the confidentiality of your personal information in all of our activities and programs. Every reasonable effort will be made to maintain the privacy and security of all personal information in our possession. Access to personal information will be limited to the registry administrator when need to use such information in the course of their work on the Superficial Siderosis Patient Registry. In all instances, the registry administrator understands their obligations under both the Superficial Siderosis Research Alliance and the Superficial Siderosis Patient Registry confidentiality and security requirements.
2. Collection, Use and Disclosure of Information
a. Collection of Information. All of the information you provide to the Superficial Siderosis Patient Registry will be maintained in a secure server cloud-based database and any information that could identify you will not be shared without your express written consent unless otherwise required by law.
b. Use and Disclosure of Information. The goal of this registry is to make the information you provided searchable while protecting your identity. De-identified data (information where all personal identifiers such as name, address, residence, country, government-issued ID have been removed) gathered from this profile will be made available to registrants of the Website in the hope that analyses of a substantially larger database will support breakthroughs and clinical trials that could lead to better treatments and care management. De-identified information may be disclosed to third parties and otherwise used in accordance with legal requirements.
c. The SSRA does not employ independent contractors, vendors and suppliers (“Outside Contractors”) to provide specific services and products related to the Website or to the services provided on the Website, including but not limited to, performing general statistical analysis, maintaining an email suppression list as may be required by state and/or federal law, fraud screening, testing and implementation of special services to users, and developing applications for the Website and the services provided on the Website.
3. Withdrawal of Information
At any time, you have the right to withdraw your information from the Website registry database. You may exercise this right by contacting the Superficial Siderosis Patient Registry administrator at firstname.lastname@example.org and your account will be deactivated and the identifying information in your profile will be removed.
4. Protection of User Information
5. Ownership of Information
6. Third Party Notifications/Advertising
This website is maintained by the SSRA and allows no advertising
8. Log Files; Web Beacons
The Superficial Siderosis Patient Registry does not track registry members
9. Website Links
10. Communications from the Superficial Siderosis Patient Registry
From time to time, the registry administrator, medical advisor, or approved research entities will notify users of updates and other valuable information about the Superficial Siderosis Patient Registry, the Website, and related clinical and research information. By using the Website, or registering or subscribing for services provided on or through the Website, users consent to being contacted by the SSRA and related entities, and to receiving such updates and information. All contacts with the registry members are to follow best practices with respect to email communications, security, and privacy.
11. Required Disclosures
You understand and agree that the Superficial Siderosis Research Alliance may disclose information provided by you if in its good faith belief such disclosure is required by applicable law.
12. Contact Us; Member Accounts
13. Children Under The Age Of Thirteen (13)
14. Change of Control
15. Notification of Changes
16. California Privacy Rights
As provided by California Civil Code Section 1798.83, a California resident who has provided Personal Information to a business with whom he/she has established a business relationship for personal, family, or household purposes (“California user”) is entitled to request information about whether the business has disclosed Personal Information to any third parties for the third parties’ direct marketing purposes. In general, if the business has made such a disclosure of Personal Information, upon receipt of a request by a California user, the business is required to provide a list of all third parties to whom Personal Information was disclosed in the preceding calendar year, as well as a list of the categories of Personal Information that were disclosed.
California users may request further information about our compliance with this law by contacting us at email@example.com. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through our Site.
The Superficial Siderosis Patient Registry
The Superficial Siderosis Patient Registry website is housed on a secure cloud server. All identifiable information is stored in a secure cloud-based database .
A secure VPN is used to connect to Azure, so any data uploaded to, or downloaded from, Azure is encrypted and all data stored in its cloud instances is also encrypted. HIPAA requires access controls to be implemented to limit who can access PHI. Azure offers and the Superficial Siderosis Patient Registry use these controls and use Active Directory to allow permissions to be set. Multi-factor authentication has also be added. Audit controls are also necessary for HIPAA compliance. Azure provides detailed logging, so the patient registry administrator can see who accessed or has attempted to access PHI.