Building access to the Regenstrief Institute is restricted through early 2021. More on our coronavirus precautions.
See our coronavirus precautions.

Privacy Notice

Effective: 09/26/2020

Your privacy is important to the Regenstrief Institute so we have developed a Privacy Policy that covers how we collect, use, disclose, transfer, and store your information.

The Regenstrief Institute is a healthcare research organization with many research initiatives, products, and services.

Please take a moment to familiarize yourself with our privacy practices and contact us if you have any questions.

Regenstrief Institute Health Research Privacy Policy

 

Collection and Use of Personally Identifiable Information

Personally Identifiable Information (“PII”) is data that can be used to identify a single person.

You may be asked to provide your PII anytime you contact the Regenstrief Institute. The Regenstrief Institute and its partners may share this PII with each other and use it consistent with this Privacy Policy. They may also combine it with other information to improve our research or services. You are not required to provide personal information that we have requested, but, if you choose not to do so, in many cases we will not be able to respond to any questions you may have.

Here are some examples of the types of PII that the Regenstrief Institute may collect and how we may use it:

 

What personally identifiable information we collect

  • When you view pages on our company website, the web server automatically collects certain technical information from your computer or device and about your connection.
  • When you contact us, we may collect a variety of information, including your name, mailing address, phone number, email address, contact preferences, device identifiers, IP address, location information, credit card information and profile information where the contact is via social media.
  • We may ask for a government issued ID in limited circumstances, including when you may receive a gift card for participating in a research study.

 

How we use your personally identifiable information

We may process your PII: for the purposes described in this Privacy Policy, with your consent, for compliance with a Regenstrief Institute legal obligation; for the performance of a contract to which you are a party; to protect your vital interests; or when we have assessed it is necessary for the legitimate interests pursued by the Regenstrief Institute or to a third party to whom it may be required to disclose information. If you have questions about the lawful basis that we process your PII, you can contact the Privacy & Data Protection Officer.

  • The PII we collect allows us to keep you posted on Regenstrief-related announcements, articles, and upcoming events. If you do not want to be on our mailing list, you can opt-out anytime by contacting the Regenstrief Institute public relations department.
  • You can also change your preferences for receiving emails here.
  • We may also use PII to help us create, develop, operate, deliver and improve our research, products, services, content and advertising, and for anti-fraud purposes. We may also use your PII for account and network security purposes, to protect our services and research from harm, and for pre-screening or scanning uploaded content for potentially illegal or other harmful content. We limit our uses of data for anti-fraud purposes to those which are strictly necessary and within our assessed legitimate interests to protect our research and services.
  • We may use your PII, including date of birth, to verify your identity, assist with identification of users, and to determine appropriate services. For example, we may use date of birth to determine the age of an account holder.
  • From time to time, we may use your PII to send important notices, such as communications about research or changes in our policies.
  • We may also use PII for internal purposes such as auditing, data analysis and process improvement to enhance our research and services.
  • If you apply for a position at the Regenstrief Institute or we receive your information in connection with a potential role at the Regenstrief Institute, we may use your PII to evaluate your candidacy and to contact you. If you are a candidate, you will receive separate information about how the Regenstrief Institute handles candidate PII at the time of application.

 

Source of your personally identifiable information not collected from you

We may have received your PII from other entities if those entities have entered into data sharing agreements with the Regenstrief Institute. We may also validate the information provided by you with a third party for security and fraud prevention purposes.

If you are a potential candidate for employment with the Regenstrief Institute, we may have received your PII from third parties such as recruiters or external websites. We will use the PII we receive to contact you about a potential opportunity or in evaluating your candidacy. If you did not provide us your PII directly, we will inform you of the source when we first contact you regarding your candidacy.

For research purposes, we may use data that could be associated with an identifiable person. When acquiring such data for research, we do so in accordance with applicable laws in the jurisdiction where the data is hosted. When using such data for research, we do not attempt to re-identify individuals whose data may be within.

 

Collection and Use of Non-Personal Information

Non-personal Information (“de-identified”) is data that cannot be used to identify a single person.

We also collect data in a form that does not, on its own, permit direct association with any specific individual. We may collect, use, transfer, and disclose de-identified information for any purpose. The following are some examples of de-identified information that we collect and how we may use it:

  • We may collect information such as occupation, language, zip code, area code, unique device identifier, referrer URL, location, and time zone where you have accessed our services so that we can better understand our outreach and improve our research, products, and services.
  • We may collect information regarding users and research participants from other research teams, websites, and services. This information is aggregated and used to help us understand which parts of our website, products, and services are utilized. Aggregated data is de-identified data.

If we link PII with de-identified data, the linked data will be treated as PII for as long as the link remains.

 

Cookies and Other Technologies

The Regenstrief Institute’s websites, online services, applications, email messages, and social media posts may use “cookies” and other technologies such as pixel tags and web beacons.

Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie. We use cookies and similar technologies for storing and honoring your preferences and settings, enabling you to sign in, combating fraud, analyzing how our products and services perform, and fulfilling other legitimate purposes.

You have a variety of tools to control the data collected by cookies, web beacons, and similar technologies. For example, you can use controls in your Internet browser to limit how the websites you visit are able to use cookies and to withdraw your consent by clearing or blocking cookies.

As true with most Internet services, we gather some information automatically and store it in log files. This information includes Internet Protocol addresses, browser type and language, Internet service provider, referring and exit websites and applications, operating system, date/time stamp, and clickstream data. We use this data to understand trends, administer web sites, learn about user behavior on a site, improve research, product and services, and to gather demographic information about the user base as a whole. The Regenstrief Institute may use this information in our marketing and communication services.

In some of our communications, we use a “click-through URL” linked to content on a website or social media post. When you click on one of these URLs, they pass through a separate web server before arriving at the destination page on our website. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our communication efforts. If you prefer not to be tracked this way, you should not click on text or graphic links in the email messages or social media posts. Pixel tags enable us to send email messages in a format that viewers can read, and they tell us whether the email has been opened. We may use this information to reduce or eliminate messages sent to recipients.

 

Disclosure to Third Parties

At times, the Regenstrief Institute may provide third parties with certain PII to improve our research, products, and services, or to help our communication efforts. When we do, we require those third parties to handle PII in accordance with relevant laws. The Regenstrief Institute does not sell PII to third parties.

 

Service providers

The Regenstrief Institute shares PII with companies who provides services to us such as information processing and storage, managing data, conducting market research or surveys, and assessing your interest in our research, products, and services.

 

Others

It may be necessary (by law, legal process, litigation, requests from governmental agencies) for the Regenstrief Institute to disclose your PII. We may also disclose your PII if we determine that disclosure is necessary or appropriate for law enforcement or other issues of public importance. We may also disclose your PII, but only if there is a lawful basis for doing so, if we determine that disclosure is reasonably necessary to enforce our terms and conditions, or to protect our systems and research. This could include providing PII to public or governmental authorities.

 

Protection of Personally Identifiable Information

The Regenstrief Institute takes the security of your PII very seriously. Our websites and online services protect your PII during transit using encryption such as Transport Layer Security (“TLS”). When we store your PII, we use encrypted storage solutions with limited access using appropriate administrative, technological, and physical safeguards.

When you use some Regenstrief Institute services or post on Regenstrief Institute social media accounts, the PII and content you share may be visible to others and can be read, collected, or used by other users. You are responsible for the PII you choose to share or submit in these instances. For example, if you list your name and email address in a social media post, that information is public.

 

Automated decision-making and profiling

The Regenstrief Institute does not make any decisions involving the use of algorithms that significantly affect you.

 

Integrity and retention of PII

The Regenstrief Institute allows you to keep your PII accurate, complete, and up to date. We will retain your PII for the period necessary to fulfill the purposes outlined in this Privacy Policy and our research-specific retention terms. When assessing these retention periods, we carefully examine our need to collect PII at all, and if we establish a relevant need, we only retain it for the shortest possible period to realize the purpose of the collection unless a long retention period is required by law.

 

Your Privacy Rights

The Regenstrief Institute will provide you with a copy of your PII for any purpose including to request that we correct the data if it is inaccurate or delete the data unless the Regenstrief Institute is not required to retain, provide access or copies, or delete it by law or for legitimate research or business purposes.

We may decline to approve requests that are frivolous, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by law. We may also decline deletion or access requests if we believe doing so would undermine our legitimate use of data for anti-fraud and security purposes described earlier. Contact the Regenstrief Institute to request access, corrections, or deletions of your PII.

 

California

The California Consumer Privacy Act (“CCPA”) provides California consumers with the right to obtain from certain businesses information about the PII they collect, use, and disclose. If you choose to exercise your privacy rights, you have the right to not receive discriminatory treatment or a lesser degree of service from the business. The Regenstrief Institute is not a business organized or operated for the profit or financial benefit of its shareholders or other owners.

 

Nevada

A consumer has the right to opt-out of the sale of their PII. The Regenstrief Institute does not sell PII, and we do not sell goods or services to consumers for personal, family, or household purposes from Internet websites or online services.

 

Children Online Privacy Protection Act (“COPPA”)

The Regenstrief Institute takes extra precautions to protect the privacy and safety of children who may access our websites, services, and be included in research. Children under the age of 13, or equivalent minimum age in the relevant jurisdiction, are not allowed to create unique accounts for our websites and services. If we discover that we have collected the information of a child under the age of 13, or the equivalent minimum age in the relevant jurisdiction, we will take steps to delete the information as soon as possible. If at any time a parent needs to access, correct, or delete data associated with their child under the age of 13, or the equivalent minimum age in the relevant jurisdiction, they may contact us to delete their child’s information.

 

Location-Based Services

The Regenstrief Institute does not provide location-based services to collect, use, or share precise location data such as the real-time geographic location of your computer or device without your explicit consent for research.

On occasion, third parties may share their location data with us for research purposes. That location data is de-identified unless you have given your consent for the third party to share your data with us.

 

Third-Party Sites and Services

The Regenstrief Institute website, social media posts, and other communications may contain links to third-party websites, products, and services.

Information collected by third parties, which may include features such as location data or contact details, is governed by their privacy policies. We encourage you to learn about the privacy practices of those third parties.

 

International Transfers

The Regenstrief Institute does not transfer or store the information to locations outside of the United States, and we do not have any legal entities or control agents outside of the United States that collect, process, store or share PII. When you share your information, which originates from outside the United States to us, that information will be subject to jurisdiction of the United States.

 

Our Commitment to Your Privacy

The Regenstrief Institute strives to ensure your PII is secure and endeavors to be a good steward of your information. We stress the importance of the privacy and security of our data in two ways.

  • We require our employees, collaborators, and subcontractors to complete (initial and annually thereafter) privacy and security training.
  • The Regenstrief Institute requires strict data sharing agreements when another party is authorized to collect, store, transfer, access, or use our information that may contain PII.

 

Privacy Questions

If you have any questions or concerns about the Regenstrief Institute’s Privacy Policy, you would like to contact our Privacy/Data Protection Officer, or if you would like to make a complaint about a possible breach of local privacy laws, please contact us. You can always contact us by phone, email, or by filling out the contact form on our website at https://www.regenstrief.org/contact-us/.

When we receive a privacy question or a question about PII, we attempt to respond as quickly as possible within our limited resources, but some substantive questions may require up to seven (7) days for us to respond to you. You may contact the relevant jurisdictional regulator about your complaint at any time or if you are unsatisfied with our reply.

When your complaint indicates we can make an improvement in our handling of privacy issues, we will take steps to make such improvement at our next reasonable opportunity.

The Regenstrief Institute may update this Privacy Policy from time to time. When we change the policy in a material way, a notice will be posted on our website along with the updated Privacy Policy.

Regenstrief Institute, Inc. 1101 W. 10th St., Indianapolis, Indiana, USA, 46202