mydiabetes.foundation (the “
This policy describes the Company’s practices for collecting, using, maintaining, protecting, and disclosing the personal data it may collect from you or that you may provide when you visit any Diabetes Foundation Program website (collectively, the “Website”) and the Company’s practices for collecting, using, keeping, protecting, and disclosing that information.
This policy applies to the personal data collected through the Website, regardless of the country where you are located.
1. Data the Company may collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). The Company may collect, use, store, and transfer different kinds of personal data about you, which the Company has grouped together as follows:
The Company also collects, uses, and shares
Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, the Company may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if the Company combines or connects Aggregated Data with your personal data so that it can directly or indirectly identify you, the Company treats the combined data as personal data which will be used in accordance with this policy.
The Company does not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor does the Company collect any information about criminal convictions and offenses.
If you fail to provide personal data Where the Company needs to collect personal data by law or under the terms of a contract it has with you and you fail to provide that data when requested, the Company may not be able to perform the contract it has or is trying to enter into with you (for example, to provide you with goods or services). In this case, the Company may have to cancel a product or service you have with the Company, but the Company will notify you if this is the case at the time.
2. How the Company collects data about you
The Company uses different methods to collect data from and about you including through:
Cookies and automatic data collection technologies
The Company does not control how these third-party tracking technologies operate or how they may use the collected data. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
3. How the Company uses your personal data
The Company uses your personal data to provide you with products, offer you services, communicate with you, deliver advertising and marketing, or to conduct other business operations, such as using data to improve and personalize your experiences. Examples of how the Company may use the personal data it collects includes to:
The Company may also use personal data to contact you about its own and third parties’ goods and services that may be of interest to you via email, direct mail, or otherwise. For more information, see Your personal data use choices.
The Company may use personal data to enable it to display advertisements to its advertisers’ target audiences. Even though the Company does not disclose your personal data for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria. If you are an European Economic Area (EEA) resident, please note that the Company is processing your data to fulfill contracts it might have with you (for example, if you make an order through the Website), to comply with a legal obligation, or otherwise to pursue its legitimate business interests, more specifically its economic interest in offering you products and services, growing its business, making you personalized offers, and in recovering any debts due to it. The Company may use nonpersonal data for any business purpose.
4. Disclosure of your personal data
The Company may share your personal data with:
The Company may share nonpersonal data without restriction.
5. Cross-border data transfers
For operational reasons the Company may process, store, and transfer personal data it collects, in and to a country outside your own, with different privacy laws that may or may not be as comprehensive as your own. Where the Company does so, and where the Company is required to under local law, the Company will put in place appropriate mechanisms to ensure that your personal data receives an adequate level of protection where it is processed.
If you are located outside the United States, the Company advises you that your personal data may at times be accessible by persons who are located worldwide including in countries that the European Commission or other geopolitical regions have not determined to provide the same adequate level of data protections in your country, province territory, or geopolitical region. By submitting your personal data or engaging with the Website, you consent to the Company’s transfer, storing, or processing, including the transfer of your data across international boundaries to jurisdictions anywhere in the world as permitted by local law.
If you are a European Economic Area (EEA) or Switzerland resident or otherwise located in the EEA or Switzerland, please note that your information will be transferred outside of the EEA or Switzerland, including to the United States. If you are a Canadian resident or otherwise located in Canada, please note that personal data transfers outside of Canada may result in your data becoming accessible to foreign jurisdiction’s law enforcement or other authorities.
6. Your personal data use choices
The Company strives to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. The Company has established the following personal data control mechanisms:
The Website may, from time to time, contain links to and from the websites of the Company’s partner networks, advertisers and affiliates, or plug-ins enabling third-party features. If you follow a link to any third-party website or engage a third-party plug-in, please note that these third parties have their own privacy policies and that the Company does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these third parties.
7. Accessing and correcting your personal data
You may send the Company an email at support @ mydiabetes.foundation to request access to, correct, or delete any personal data that you have provided to the Company. The Company may not accommodate a request to change data if the Company believes the change would violate any law or legal requirement or negatively affect the data’s accuracy.
8. Data security
The security of your personal data is very important to the Company. The Company uses reasonable and appropriate security measures designed to protect your personal data from loss, misuse, and unauthorized access, use, alteration, or disclosure. The Company stores all personal data behind firewalls on severs employing security protections. The Company encrypts any payment transactions using SSL technology. The safety and security of your information also depends on you. Where the Company has given you (or where you have chosen) a password for access to certain parts of the Website, you are responsible for keeping this password confidential. The Company asks you not to share your password with anyone. The Company urges you to take care when providing information in public areas of the Website, which any Website visitor can view. Unfortunately, the transmission of information via the Internet is not completely secure. Although the Company does its best to protect your personal data, the Company cannot guarantee the security of your personal data transmitted to the Website. Any transmission of personal data is at your own risk. The Company is not responsible for the circumvention of any privacy settings or security measures contained on the Website.
9. Date retention How long will the Company use my personal data for?
The Company will only retain your personal data for as long as reasonably necessary to fulfill the purposes it collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. The Company may retain your personal data for a longer period in the event of a complaint or if the Company reasonably believes there is a prospect of litigation in respect to its relationship with you. To determine the appropriate retention period for personal data, the Company considers the amount, nature, and sensitivity of the personal data; the potential risk of harm from unauthorized use or disclosure of your personal data; the purposes for which the Company processes your personal data and whether it can achieve those purposes through other means; and the applicable legal, regulatory, tax, accounting, or other requirements. By law the Company has to keep basic information about its customers (including Contact, Identity, Financial, and Transaction Data) for seven years after they stop being customers or affiliates for tax purposes. In some circumstances you can ask the Company to delete your data: see
Accessing and correcting your personal data
In some circumstances the Company will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case the Company may use this information indefinitely without further notice to you.
10. Children’s online privacy
The Company does not direct its Website to minors and it does not knowingly collect personal data from individuals under 18-years old. If the Company learns it has mistakenly or unintentionally collected or received personal data from an individual under 18-years old, it will delete it. If you believe the Company mistakenly or unintentionally collected data from or about an individual under 18-years old, please contact the Company at support @ mydiabetes.foundation.
11. Do Not Track policy
Do Not Track (“DNT”) is a privacy preference that you can set in your browser. DNT is a way for you to inform websites and services that you do not want certain information about your webpage visits collected over time and across websites or online services. The Company is committed to providing you with meaningful choices about the information it collects and that is why the Company provides you the ability to opt out. But the Company does not recognize or respond to any DNT signals as the Internet industry works toward defining exactly what DNT means, what it means to comply with DNT, and a common approach to responding to DNT. For more information, visit www.allaboutdnt.com.
12. Your California privacy rights
If you are a California resident, you may have certain additional rights. California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal data by the Company to third parties for the third parties’ direct marketing purposes. Further, if you are a California resident and would like to opt out from the disclosure of your personal data to any third party for direct marketing purposes, please send an email to support @ mydiabetes.foundation. If you opt out from permitting your personal data to be shared, you may still receive selected offers directly from the Company in accordance with California law.
1 3. Your EU GDPR and Swiss privacy rights
If you reside in the European Economic Area (EEA) or Switzerland, under certain circumstances, you have rights under data protection laws in relation to your personal data. Your rights may include the following:
If you wish to exercise any of the rights set out above, please contact the Company at support @ mydiabetes.foundation. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, the Company may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, the Company may refuse to comply with your request in these circumstances.
The Company may need to request specific information from you to help it confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. The Company may also contact you to ask you for further information in relation to your request to speed up its response. The Company tries to respond to all legitimate requests within one month. Occasionally it may take the Company longer than a month if your request is particularly complex or you have made a number of requests. In this case, the Company will notify you and keep you updated.
15. Contact Information
Questions, comments, requests, and complaints regarding this policy or the Company’s privacy practices are welcomed and should be addressed to support @ mydiabetes.foundation.