The Regenstrief Institute is a healthcare research organization with many research initiatives, products, and services.
Please take a moment to familiarize yourself with our privacy practices and contact us if you have any questions.
Personally Identifiable Information (“PII”) is data that can be used to identify a single person.
Here are some examples of the types of PII that the Regenstrief Institute may collect and how we may use it:
We may have received your PII from other entities if those entities have entered into data sharing agreements with the Regenstrief Institute. We may also validate the information provided by you with a third party for security and fraud prevention purposes.
If you are a potential candidate for employment with the Regenstrief Institute, we may have received your PII from third parties such as recruiters or external websites. We will use the PII we receive to contact you about a potential opportunity or in evaluating your candidacy. If you did not provide us your PII directly, we will inform you of the source when we first contact you regarding your candidacy.
For research purposes, we may use data that could be associated with an identifiable person. When acquiring such data for research, we do so in accordance with applicable laws in the jurisdiction where the data is hosted. When using such data for research, we do not attempt to re-identify individuals whose data may be within.
Non-personal Information (“de-identified”) is data that cannot be used to identify a single person.
We also collect data in a form that does not, on its own, permit direct association with any specific individual. We may collect, use, transfer, and disclose de-identified information for any purpose. The following are some examples of de-identified information that we collect and how we may use it:
If we link PII with de-identified data, the linked data will be treated as PII for as long as the link remains.
The Regenstrief Institute’s websites, online services, applications, email messages, and social media posts may use “cookies” and other technologies such as pixel tags and web beacons.
As true with most Internet services, we gather some information automatically and store it in log files. This information includes Internet Protocol addresses, browser type and language, Internet service provider, referring and exit websites and applications, operating system, date/time stamp, and clickstream data. We use this data to understand trends, administer web sites, learn about user behavior on a site, improve research, product and services, and to gather demographic information about the user base as a whole. The Regenstrief Institute may use this information in our marketing and communication services.
In some of our communications, we use a “click-through URL” linked to content on a website or social media post. When you click on one of these URLs, they pass through a separate web server before arriving at the destination page on our website. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our communication efforts. If you prefer not to be tracked this way, you should not click on text or graphic links in the email messages or social media posts. Pixel tags enable us to send email messages in a format that viewers can read, and they tell us whether the email has been opened. We may use this information to reduce or eliminate messages sent to recipients.
At times, the Regenstrief Institute may provide third parties with certain PII to improve our research, products, and services, or to help our communication efforts. When we do, we require those third parties to handle PII in accordance with relevant laws. The Regenstrief Institute does not sell PII to third parties.
The Regenstrief Institute shares PII with companies who provides services to us such as information processing and storage, managing data, conducting market research or surveys, and assessing your interest in our research, products, and services.
It may be necessary (by law, legal process, litigation, requests from governmental agencies) for the Regenstrief Institute to disclose your PII. We may also disclose your PII if we determine that disclosure is necessary or appropriate for law enforcement or other issues of public importance. We may also disclose your PII, but only if there is a lawful basis for doing so, if we determine that disclosure is reasonably necessary to enforce our terms and conditions, or to protect our systems and research. This could include providing PII to public or governmental authorities.
The Regenstrief Institute takes the security of your PII very seriously. Our websites and online services protect your PII during transit using encryption such as Transport Layer Security (“TLS”). When we store your PII, we use encrypted storage solutions with limited access using appropriate administrative, technological, and physical safeguards.
When you use some Regenstrief Institute services or post on Regenstrief Institute social media accounts, the PII and content you share may be visible to others and can be read, collected, or used by other users. You are responsible for the PII you choose to share or submit in these instances. For example, if you list your name and email address in a social media post, that information is public.
The Regenstrief Institute does not make any decisions involving the use of algorithms that significantly affect you.
The Regenstrief Institute will provide you with a copy of your PII for any purpose including to request that we correct the data if it is inaccurate or delete the data unless the Regenstrief Institute is not required to retain, provide access or copies, or delete it by law or for legitimate research or business purposes.
We may decline to approve requests that are frivolous, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by law. We may also decline deletion or access requests if we believe doing so would undermine our legitimate use of data for anti-fraud and security purposes described earlier. Contact the Regenstrief Institute to request access, corrections, or deletions of your PII.
The California Consumer Privacy Act (“CCPA”) provides California consumers with the right to obtain from certain businesses information about the PII they collect, use, and disclose. If you choose to exercise your privacy rights, you have the right to not receive discriminatory treatment or a lesser degree of service from the business. The Regenstrief Institute is not a business organized or operated for the profit or financial benefit of its shareholders or other owners.
A consumer has the right to opt-out of the sale of their PII. The Regenstrief Institute does not sell PII, and we do not sell goods or services to consumers for personal, family, or household purposes from Internet websites or online services.
The Regenstrief Institute takes extra precautions to protect the privacy and safety of children who may access our websites, services, and be included in research. Children under the age of 13, or equivalent minimum age in the relevant jurisdiction, are not allowed to create unique accounts for our websites and services. If we discover that we have collected the information of a child under the age of 13, or the equivalent minimum age in the relevant jurisdiction, we will take steps to delete the information as soon as possible. If at any time a parent needs to access, correct, or delete data associated with their child under the age of 13, or the equivalent minimum age in the relevant jurisdiction, they may contact us to delete their child’s information.
The Regenstrief Institute does not provide location-based services to collect, use, or share precise location data such as the real-time geographic location of your computer or device without your explicit consent for research.
On occasion, third parties may share their location data with us for research purposes. That location data is de-identified unless you have given your consent for the third party to share your data with us.
The Regenstrief Institute website, social media posts, and other communications may contain links to third-party websites, products, and services.
Information collected by third parties, which may include features such as location data or contact details, is governed by their privacy policies. We encourage you to learn about the privacy practices of those third parties.
The Regenstrief Institute does not transfer or store the information to locations outside of the United States, and we do not have any legal entities or control agents outside of the United States that collect, process, store or share PII. When you share your information, which originates from outside the United States to us, that information will be subject to jurisdiction of the United States.
The Regenstrief Institute strives to ensure your PII is secure and endeavors to be a good steward of your information. We stress the importance of the privacy and security of our data in two ways.
When we receive a privacy question or a question about PII, we attempt to respond as quickly as possible within our limited resources, but some substantive questions may require up to seven (7) days for us to respond to you. You may contact the relevant jurisdictional regulator about your complaint at any time or if you are unsatisfied with our reply.
When your complaint indicates we can make an improvement in our handling of privacy issues, we will take steps to make such improvement at our next reasonable opportunity.
Regenstrief Institute, Inc. 1101 W. 10th St., Indianapolis, Indiana, USA, 46202