Effective date: January 1, 2018
The Johns Hopkins University and Medicine, Office of Development and Alumni Relations (DAR) is committed to supporting the privacy of its constituents. This Privacy Statement explains how we collect and process personal information, how we use and protect this information, and your rights in relation to this information.
This privacy notice applies to all personal information we collect or process about you. Personal information is information, or a combination of pieces of information, that could reasonably allow you to be identified.
1. Personal Information We Collect
While specific information may vary for particular individuals, we may collect, use, store, and transfer different kinds of personal information from a variety of sources, including from you directly (e.g. when you make a donation, sign up for an account or event), information we generate about you in the course of our relationship with you (e.g. data collected from cookies and other similar technologies which is described in our cookies policy), and information we collect about you from other sources, including commercially available sources such as public databases (where permitted by law).
We may be required by law to collect certain personal information due to a contractual relationship we may have with you. Failure on your part to provide this information may prevent or delay the fulfillment of these contractual obligations.
Information we collect directly from you
The categories of information that we may collect directly from you can include the following:
- personal details (e.g. your full name);
- contact details (e.g. phone number, email address, postal address, or mobile number);
- account details (e.g. username and password);
- transaction details (e.g. when you make donations);
- communications (e.g. when you participate in message boards or forums, participate in polls or surveys, write a review or contact us with a question, comment, or request).
Information we collect about your use of the Services
The following are examples of the other categories of information which we may collect about you:
- Technical information collected from your computer or mobile device (e.g. your IP address, browser type, operating system);
- information about your usage of our DAR websites (e.g. the pages you visit when using the Services, how often you use the Services, and the pages you access before the Services);
- information about your alumni status;
- limited information about your interactions with Johns Hopkins Hospitals.
Information we collect from other Services
The following are examples of the other categories of information which we may collect from other services:
- Personal details (e.g. name, date of birth);
- contact details (e.g. phone number, email address, postal address, or mobile number);
- augmented publically available data.
2. How We Use Your Personal Information and the Basis on Which We Use It
We use your personal information for a number of legitimate purposes in support of the University and its mission. We may use your personal information for the following purposes:
- Identification and authentication: We use your identification information to verify your identity when you access and use our Services and to ensure the security of your personal information. This is so we can comply with our contractual obligations to you.
- Operating Services: We process your personal information to provide the Services you have requested. This is so we can comply with our contractual obligations to you.
- Improving our Services: We analyze information about how you use our Services to provide an improved experience for our customers, including product testing and site analytics. This is so we can understand any issues with our Services and improve them.
- Communicating with you: We may use your personal information when we communicate with you, for example if we are providing information about changes to the terms and conditions or if you contact us with questions. This is so we are able to provide you with appropriate responses and provide you with notices about our Services.
- Marketing: We may use your personal information to build a profile about you and place you into particular marketing segments in order to better understand your preferences and to appropriately personalize the marketing messages we send to you. This is so we can provide you with more relevant and interesting advertising messages. You may opt out of these messages at any time.
- Exercising our rights: We may use your personal information to exercise our legal rights where it is necessary to do so, for example to detect, prevent, and respond to fraud claims, intellectual property infringement claims, or violations of law.
- Complying with our obligations: We may process your personal information to comply with our obligations, for example to carry out fraud prevention checks or comply with other legal or regulatory requirements, including where law explicitly requires this, to resolve disputes, and to enforce our agreements.
- Customizing your experience: We may use your personal information to improve your experience of the Services, such as by providing interactive or personalized elements on the Services and providing you with content based on your interests.
We may also anonymize your personal information in such a way that you are no longer identifiable, and we may use this anonymized information for any other purpose.
3. How and When We Share Your Personal Information
We may share your personal information with third parties under the following circumstances:
- Service providers and business partners: We may share your personal information with our service providers and business partners that perform marketing services and other business operations for us for the purposes set forth above. For example, we may collaborate with companies to process secure payments, send newsletters and marketing messages, support email and messaging services, and analyze information. These service providers and business partners may include fraud prevention agencies which are required to use your personal information only in the ways described in this policy.
- Where required by law: We may share your personal information with law enforcement agencies, courts, other government authorities, or other third parties where we believe necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
4. Your Rights Over Your Personal Information
You may have certain rights regarding the personal information we hold about you, subject to local law. These may include the rights to access, correct, delete, restrict, or object to our use of, or receive a portable copy in a usable electronic format of your personal information. You also may have the right to lodge a complaint with your local data protection or privacy regulator.
We encourage you to contact us at the contact information set forth below to update or correct your information if it changes or if the personal information we hold about you is inaccurate. Where you have provided your consent to any use of your personal information, you can request withdrawal of this consent at any time. Please note that we may require additional information from you in order to honor your request.
If you would like to discuss or exercise any rights you may have under law, please contact us at the contact information set forth below in Section 11.
5. Automated Decisions About You
We also make automated decisions about you based on your personal information in the following circumstances:
- To deliver personalized invitations to events, or to send you recommendations based on your donation history or alumni history.
- Subject to local legal requirements and limitations, you can contact us to object to our use of automated decision making.
6. Information Security and Storage
We implement physical, technical, and organizational security measures designed to safeguard the personal information we process through the Services. These measures are aimed at providing ongoing integrity and confidentiality for your personal information. We evaluate and update these measures on a regular basis. However, no information system can be 100% secure, so we cannot guarantee the absolute security of your information.
We retain your personal information for as long as we have a relationship with you. When deciding how long to keep your personal information after our relationship with you has ended, we take into account our legal obligations. We may also retain records to investigate or defend against potential legal claims.
7. COPPA (Children's Online Privacy Protection Act)
We do not knowingly collect or use any personally identifiable information from children (defined by COPPA as minors younger than 13) on our DAR websites. We do not knowingly allow children to communicate with us or use any of our Online Platforms. If you are a parent and become aware that your child has provided us with information, please contact us using one of the methods specified herein, and we will work with you to address this issue.
8. California and Delaware "Do Not Track" Disclosures
California and Delaware law require us to indicate whether we honor “Do Not Track” settings in your web browser concerning targeted advertising. At this time, there is no worldwide uniform or consistent industry standard or definition for responding to, processing, or communicating "Do Not Track" signals. Thus, like many other websites and online services, we do not currently respond to any "Do Not Track" browser requests.
9. California Privacy Rights
Under California law, California residents have the right to request in writing from businesses with whom they have an established business relationship: (a) a list of the categories of personally identifiable information—such as name, email, mailing address, and the type of services provided to the customer—that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the name and address of all such third parties. To request the above information, please email us at: Webcenter@jhmi.edu with a reference to California Disclosure Information. Please note that we are only required to respond to each customer once per calendar year.
10. Rights for Individuals in the European Economic Area
You have the right in certain circumstances to (1) access your personal information; (2) correct or erase information; (3) restrict processing; and (4) object to communications, direct marketing, or profiling. To the extent applicable, the EU’s General Data Protection Regulation provides further information about your rights. You also have the right to lodge complaints with your national or regional data protection authority.
If you are inclined to exercise these rights, we request an opportunity to discuss with you any concerns you may have. To protect the personal information we hold, we may also request further information to verify your identity when exercising these rights. Upon a request to erase information, we will maintain a core set of personal data to ensure we do not contact you inadvertently in the future, as well as any information necessary for Johns Hopkins University’s archival purposes. We may also need to retain some financial information for legal purposes, including US IRS compliance. In the event of an actual or threatened legal claim, we may retain your information for purposes of establishing, defending against, or exercising our rights with respect to such claim.
By providing information directly to The Johns Hopkins University and Medicine, Office of Development and Alumni Relations, you consent to the transfer of your personal information outside of the European Economic Area to the United States. You understand that the current laws and regulations of the United States may not provide the same level of protection as the data and privacy laws and regulations of the EEA.
11. Contact Us
The Johns Hopkins University and Medicine Office of Development and Alumni Relations is the primary controller of the personal information we collect and process as described herein.
If you have questions or concerns regarding the way in which your personal information has been used, please contact us via firstname.lastname@example.org.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you may have the right to make a complaint to the data protection authority in the applicable jurisdiction.
12. Changes to the Policy
We may modify or update this privacy notice from time to time. If we make any revisions that materially change the ways in which we process your personal information, we will notify you of these changes before applying them to that personal information.
Last Updated: May 24, 2018