Privacy Policy

Effective: 09/26/2020

Your privacy is important to the Regenstrief Institute so we have developed a Privacy Policy that covers how we collect, use, disclose, transfer, and store your information.

The Regenstrief Institute is a healthcare research organization with many research initiatives, products, and services.

Please take a moment to familiarize yourself with our privacy practices and contact us if you have any questions.

Personally Identifiable Information (“PII”) is data that can be used to identify a single person.

You may be asked to provide your PII anytime you contact the Regenstrief Institute. The Regenstrief Institute and its partners may share this PII with each other and use it consistent with this Privacy Policy. They may also combine it with other information to improve our research or services. You are not required to provide personal information that we have requested, but, if you choose not to do so, in many cases we will not be able to respond to any questions you may have.

Here are some examples of the types of PII that the Regenstrief Institute may collect and how we may use it:

The Regenstrief Institute’s websites, online services, applications, email messages, and social media posts may use “cookies” and other technologies such as pixel tags and web beacons.

Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie. We use cookies and similar technologies for storing and honoring your preferences and settings, enabling you to sign in, combating fraud, analyzing how our products and services perform, and fulfilling other legitimate purposes.

You have a variety of tools to control the data collected by cookies, web beacons, and similar technologies. For example, you can use controls in your Internet browser to limit how the websites you visit are able to use cookies and to withdraw your consent by clearing or blocking cookies.

As true with most Internet services, we gather some information automatically and store it in log files. This information includes Internet Protocol addresses, browser type and language, Internet service provider, referring and exit websites and applications, operating system, date/time stamp, and clickstream data. We use this data to understand trends, administer web sites, learn about user behavior on a site, improve research, product and services, and to gather demographic information about the user base as a whole. The Regenstrief Institute may use this information in our marketing and communication services.

In some of our communications, we use a “click-through URL” linked to content on a website or social media post. When you click on one of these URLs, they pass through a separate web server before arriving at the destination page on our website. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our communication efforts. If you prefer not to be tracked this way, you should not click on text or graphic links in the email messages or social media posts. Pixel tags enable us to send email messages in a format that viewers can read, and they tell us whether the email has been opened. We may use this information to reduce or eliminate messages sent to recipients.

At times, the Regenstrief Institute may provide third parties with certain PII to improve our research, products, and services, or to help our communication efforts. When we do, we require those third parties to handle PII in accordance with relevant laws. The Regenstrief Institute does not sell PII to third parties.

The Regenstrief Institute shares PII with companies who provides services to us such as information processing and storage, managing data, conducting market research or surveys, and assessing your interest in our research, products, and services.

It may be necessary (by law, legal process, litigation, requests from governmental agencies) for the Regenstrief Institute to disclose your PII. We may also disclose your PII if we determine that disclosure is necessary or appropriate for law enforcement or other issues of public importance. We may also disclose your PII, but only if there is a lawful basis for doing so, if we determine that disclosure is reasonably necessary to enforce our terms and conditions, or to protect our systems and research. This could include providing PII to public or governmental authorities.

The Regenstrief Institute takes the security of your PII very seriously. Our websites and online services protect your PII during transit using encryption such as Transport Layer Security (“TLS”). When we store your PII, we use encrypted storage solutions with limited access using appropriate administrative, technological, and physical safeguards.

When you use some Regenstrief Institute services or post on Regenstrief Institute social media accounts, the PII and content you share may be visible to others and can be read, collected, or used by other users. You are responsible for the PII you choose to share or submit in these instances. For example, if you list your name and email address in a social media post, that information is public.

The Regenstrief Institute does not make any decisions involving the use of algorithms that significantly affect you.

The Regenstrief Institute allows you to keep your PII accurate, complete, and up to date. We will retain your PII for the period necessary to fulfill the purposes outlined in this Privacy Policy and our research-specific retention terms. When assessing these retention periods, we carefully examine our need to collect PII at all, and if we establish a relevant need, we only retain it for the shortest possible period to realize the purpose of the collection unless a long retention period is required by law.

The Regenstrief Institute will provide you with a copy of your PII for any purpose including to request that we correct the data if it is inaccurate or delete the data unless the Regenstrief Institute is not required to retain, provide access or copies, or delete it by law or for legitimate research or business purposes.

We may decline to approve requests that are frivolous, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by law. We may also decline deletion or access requests if we believe doing so would undermine our legitimate use of data for anti-fraud and security purposes described earlier. Contact the Regenstrief Institute to request access, corrections, or deletions of your PII.

The California Consumer Privacy Act (“CCPA”) provides California consumers with the right to obtain from certain businesses information about the PII they collect, use, and disclose. If you choose to exercise your privacy rights, you have the right to not receive discriminatory treatment or a lesser degree of service from the business. The Regenstrief Institute is not a business organized or operated for the profit or financial benefit of its shareholders or other owners.

A consumer has the right to opt-out of the sale of their PII. The Regenstrief Institute does not sell PII, and we do not sell goods or services to consumers for personal, family, or household purposes from Internet websites or online services.

The Regenstrief Institute takes extra precautions to protect the privacy and safety of children who may access our websites, services, and be included in research. Children under the age of 13, or equivalent minimum age in the relevant jurisdiction, are not allowed to create unique accounts for our websites and services. If we discover that we have collected the information of a child under the age of 13, or the equivalent minimum age in the relevant jurisdiction, we will take steps to delete the information as soon as possible. If at any time a parent needs to access, correct, or delete data associated with their child under the age of 13, or the equivalent minimum age in the relevant jurisdiction, they may contact us to delete their child’s information.

The Regenstrief Institute does not provide location-based services to collect, use, or share precise location data such as the real-time geographic location of your computer or device without your explicit consent for research.

On occasion, third parties may share their location data with us for research purposes. That location data is de-identified unless you have given your consent for the third party to share your data with us.

The Regenstrief Institute website, social media posts, and other communications may contain links to third-party websites, products, and services.

Information collected by third parties, which may include features such as location data or contact details, is governed by their privacy policies. We encourage you to learn about the privacy practices of those third parties.

The Regenstrief Institute does not transfer or store the information to locations outside of the United States, and we do not have any legal entities or control agents outside of the United States that collect, process, store or share PII. When you share your information, which originates from outside the United States to us, that information will be subject to jurisdiction of the United States.

If you have any questions or concerns about the Regenstrief Institute’s Privacy Policy, you would like to contact our Privacy/Data Protection Officer, or if you would like to make a complaint about a possible breach of local privacy laws, please contact us by phone, email, or by filling out the form below.

When we receive a privacy question or a question about PII, we attempt to respond as quickly as possible within our limited resources, but some substantive questions may require up to seven (7) days for us to respond to you. You may contact the relevant jurisdictional regulator about your complaint at any time or if you are unsatisfied with our reply.

When your complaint indicates we can make an improvement in our handling of privacy issues, we will take steps to make such improvement at our next reasonable opportunity.

The Regenstrief Institute may update this Privacy Policy from time to time. When we change the policy in a material way, a notice will be posted on our website along with the updated Privacy Policy.

Regenstrief Institute, Inc. 1101 W. 10^th St., Indianapolis, Indiana, USA, 46202