Privacy Policy

UPDATED: January 31, 2021

The Superficial Siderosis Patient Registry is owned and maintained by the Superficial Siderosis Research Alliance, INC. (aka SSRA) The SSRA is a registered 501(c)(3) nonprofit organization. U.S. Federal Tax ID 84-2515094 incorporated in the State of Wisconsin, United States. The main corporate office is located at N28W24389 Single Tree Ct. Pewaukee, WI 53072

The Superficial Siderosis Patient Registry web site and all databases are administrated from an office in the state of Texas, the United States, located at 975 County Road 1124 Linden, TX 75563

The Superficial Siderosis Research Alliance is committed to protecting the privacy of our participating members. To better protect your privacy, we provide this notice explaining our information practices. To make this notice easy to locate, we make it available as a link on our home page. We define personal information to include: name(s), email address, mailing address, survey responses, registry information and non-public information included in your correspondence with us.

When you contact the Superficial Siderosis Patient Registry Coordinator at registry@superficialsiderosis.org, your email address and other information included in your email may be forwarded by the registry administrator to the appropriate person(s) within the SSRA for a response. A copy of all correspondence by the responding individual.

The Superficial Siderosis Patient Registry has established and maintains a mailing database. The mailing list includes families of affected individuals, friends, physicians, scientists, contributors, and others. The SSRA will never release our mailing list or our member families’ names to any outside organization or third party unless required to do so by law.  However, if an outside organization sends us information for distribution to Superficial Siderosis Patient Registry participants, we may mail or electronically forward it to you after proper approval.

Information determined to be confidential can only be released by written or verbal permission by the subject of the information or organization that owns the information. Verbal permission may be valid in limited circumstances. Any general release must be in writing. Information may be released if required by law, such as in response to an investigation or subpoena. The Superficial Siderosis Patient Registry web site provides links to other sites that may be of interest.  The SSRA is not responsible for the privacy practices or content of other such web sites.

The SSRA is firmly committed to maintaining the confidentiality of your personal information in all of our activities and programs. Every reasonable effort will be made to maintain the privacy and security of all personal information in our possession. Access to personal information will be limited to the registry administrator when need to use such information in the course of their work on the Superficial Siderosis Patient Registry. In all instances, the registry administrator understands their obligations under both the Superficial Siderosis Research Alliance and the Superficial Siderosis Patient Registry confidentiality and security requirements.

You must read this Privacy Policy (the “Privacy Policy”) and the Website (defined below) terms of use (the “Terms and Conditions”) prior to using any portion of the Superficial Siderosis Patient Registry Website located at https://superficialsiderosis.org (the “Website”). By using the Website, you agree to all the terms of the Privacy Policy and Terms and Conditions. If you do not agree with the terms of this Privacy Policy, you may not use any portion of the Website.

The Website is owned and operated by the Superficial Siderosis Research Alliance, Inc., aka “SSRA”, a Wisconsin corporation. The SSRA respects your privacy and has written the Privacy Policy so that you are aware of the information the Superficial Siderosis Patient Registry collects from you, how that information is protected, and how it is used. If you have any questions or comments regarding the Privacy Policy, or you feel that the SSRA is not abiding by its posted Privacy Policy, please contact us at registry@superficialsiderosis.org

1. General

This Privacy Policy outlines the type of information the Superficial Siderosis Patient Registry collects from the users of the Website and how it is shared with other parties. We reserve the right to modify the Privacy Policy at any time, and without prior notice, by posting amended terms and conditions on the Website. We encourage you to review the Privacy Policy periodically for any updates or changes.

2. Collection, Use and Disclosure of Information

a. Collection of Information. All of the information you provide to the Superficial Siderosis Patient Registry will be maintained in a secure server cloud-based database and any information that could identify you will not be shared without your express written consent unless otherwise required by law.

b. Use and Disclosure of Information. The goal of this registry is to make the information you provided searchable while protecting your identity. De-identified data (information where all personal identifiers such as name, address, residence, country, government-issued ID have been removed) gathered from this profile will be made available to registrants of the Website in the hope that analyses of a substantially larger database will support breakthroughs and clinical trials that could lead to better treatments and care management.  De-identified information may be disclosed to third parties and otherwise used in accordance with legal requirements.

c. The SSRA does not employ independent contractors, vendors and suppliers (“Outside Contractors”) to provide specific services and products related to the Website or to the services provided on the Website, including but not limited to, performing general statistical analysis, maintaining an email suppression list as may be required by state and/or federal law, fraud screening, testing and implementation of special services to users, and developing applications for the Website and the services provided on the Website.

3. Withdrawal of Information

At any time, you have the right to withdraw your information from the Website registry database.  You may exercise this right by contacting the Superficial Siderosis Patient Registry administrator at registry@superficialsiderosis.org and your account will be deactivated and the identifying information in your profile will be removed.

4. Protection of User Information

All users are required to review and abide by the Website Terms and Conditions and the Privacy Policy. The Superficial Siderosis Research Alliance will use every reasonable method to protect the security of information and data submitted to the Website. We employ best practices from our networking to our secure servers to protect data from intrusion. Users should keep in mind, however, that no internet transmission is ever 100% secure or error-free. Where you use passwords, ID numbers, or other special access features on the Website, you should take special care to safeguard them.

5. Ownership of Information

All of the information you provide to the Superficial Siderosis Patient Registry in connection with the Website is owned by you. You agree to grant the Superficial Siderosis Research Alliance and the Superficial Siderosis Patient Registry administrator or medical advisor the right to maintain, use and disclose your De-Identified data as set forth in this Privacy Policy and the Superficial Siderosis Patient Registry website Terms and Conditions. Your information may contribute to the development of inventions or commercial products from which others may derive economic benefit. You will have no rights to any inventions, commercial products or other such discoveries and you will receive no economic benefit.

6. Third Party Notifications/Advertising

This website is maintained by the SSRA and allows no advertising

7. Cookies

When you visit the Website, we may send one or more cookies to your computer that will uniquely identify your browser. In addition, in the course of serving advertisements to this site, our third-party advertisers may place or recognize a unique “cookie” on your browser. A cookie is a piece of data stored on the user’s hard drive containing information about the user. Cookies may be used by the Superficial Siderosis Patient Registry to enable storage of login information and cookie policy agreement. Usage of a cookie is in no way linked to any personally identifiable information while on the Website.  If a user rejects the cookie, he or she may still use the Site but login ability may be affected. Some of Superficial Siderosis Patient Registry web site componets use cookies, but the registry has no access to or control over these cookies.

8. Log Files; Web Beacons

The Superficial Siderosis Patient Registry does not track registry members

9. Website Links

The Website may contain links to other web sites. This Privacy Policy applies solely to information collected on or submitted to the Website. The SSRA is not responsible for the privacy practices of other sites linked to the Website or third party advertisements served on the Website. The SSRA encourages users to read the privacy policies of websites and third party advertisers when they connect to them through the Website.

10. Communications from the Superficial Siderosis Patient Registry

From time to time, the registry administrator, medical advisor, or approved research entities will notify users of updates and other valuable information about the Superficial Siderosis Patient Registry, the Website, and related clinical and research information. By using the Website, or registering or subscribing for services provided on or through the Website, users consent to being contacted by the SSRA and related entities, and to receiving such updates and information. All contacts with the registry members are to follow best practices with respect to email communications, security, and privacy.

11. Required Disclosures

You understand and agree that the Superficial Siderosis Research Alliance may disclose information provided by you if in its good faith belief such disclosure is required by applicable law.

12. Contact Us; Member Accounts

If you elect to contact the Superficial Siderosis patient registry through the contact information provided on the Website, register for an account, you may be asked for any of the following: your name, e-mail address, e-mail subject and a message containing your inquiry (in the case of a “contact us” inquiry), and certain profile and account information (in the case of a member account registration). The web site administrator stores this data in order to reply to the submitted inquiry or to establish and service the member account. The submitted information is then subject to the terms detailed in this Privacy Policy.

13. Children Under The Age Of Thirteen (13)

The Superficial Siderosis Patient Registry is unable to prevent children under the age of thirteen (13) from visiting the Website; however, no part of our Website is directed at or intended for persons under the age of thirteen (13). If you are under the age of thirteen (13), please do not access the Website at any time or in any manner. In order to comply with the Children’s Online Privacy Protection Act, The Superficial Siderosis Patient Registry will not knowingly collect personally identifiable information from children under the age of thirteen (13). By providing personally identifiable information through the Website including, but not limited to, your name and e-mail address, you represent and warrant that you are at least thirteen (13) years of age and that you agree to comply with the Privacy Policy. If at any time, the Superficial SiderosisPatient Registry learns that personally identifiable information has been collected from persons under the age of thirteen (13) without verified parental or legal guardians consent, the Superficial SiderosisPatient Registry Registry will take the appropriate steps to delete such information.

14. Change of Control

In the event that Superficial Siderosis Research Alliance is involved in a bankruptcy, merger, acquisition, reorganization or sale of assets, your information may be sold or transferred as part of that transaction. The promises in this Privacy Policy will apply to your information as transferred to the new entity.

15. Notification of Changes

You should review the Privacy Policy whenever you use the Website in order to be aware of the ways that your information is used. The SSRA reserves the right to change the Privacy Policy at any time, without prior notice.

16. California Privacy Rights

As provided by California Civil Code Section 1798.83, a California resident who has provided Personal Information to a business with whom he/she has established a business relationship for personal, family, or household purposes (“California user”) is entitled to request information about whether the business has disclosed Personal Information to any third parties for the third parties’ direct marketing purposes. In general, if the business has made such a disclosure of Personal Information, upon receipt of a request by a California user, the business is required to provide a list of all third parties to whom Personal Information was disclosed in the preceding calendar year, as well as a list of the categories of Personal Information that were disclosed.

However, under the law, a business is not required to provide the above-described lists if the business adopts and discloses to the public (in its privacy policy) a policy of only disclosing users’ Personal Information to third parties for their direct marketing purposes when the California user has first affirmatively agreed to the disclosure.  Rather, the business may comply with the law by notifying the California user of his or her right to prevent disclosure of Personal Information and providing a cost free means to exercise that right.

As stated in this Privacy Policy, we do not share information with third parties for their direct marketing purposes unless you affirmatively agree to such disclosure, typically by opting in to receive information from a third party that is participating in some activity described on our Applications. If you do ask us to share your information with a third party for its marketing purposes, we will only share information in connection with that specific activity, as we do not share information with any third party on a continual basis.  To prevent disclosure of your Personal Information for use in direct marketing by a third party, do not opt in to such use when you provide Personal Information on our Application. Please note that whenever you opt in to receive future communications from a third party, your information will be subject to the third party’s privacy policy.  If you later decide that you do not want that third party to use your information, you will need to contact the third party directly, as we have no control over how third parties use information. You should always review the privacy policy of any party that collects your information to determine how that entity will handle your information.

California users may request further information about our compliance with this law by contacting us at registry@superficialsiderosis.org. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through our Site.

The Superficial Siderosis Patient Registry

The Superficial Siderosis Patient Registry website is housed on a secure cloud server. All identifiable information is stored in a secure cloud-based database .

A secure VPN is used to connect to Azure, so any data uploaded to, or downloaded from, Azure is encrypted and all data stored in its cloud instances is also encrypted. HIPAA requires access controls to be implemented to limit who can access PHI. Azure offers and the Superficial Siderosis Patient Registry use these controls and use Active Directory to allow permissions to be set. Multi-factor authentication has also be added. Audit controls are also necessary for HIPAA compliance. Azure provides detailed logging, so the patient registry administrator can see who accessed or has attempted to access PHI.