Privacy Policy
Effective Date: October 2018
This Privacy Policy describes how we use, disclose and protect the information we collect about you when you visit our website at https://moffitt.org/ or other sites, mobile applications and services that link to this Privacy Policy, or in other circumstances when we present you with this Privacy Policy (collectively, the “Services”) of the H. Lee Moffitt Cancer Center & Research Institute, Inc. and its subsidiaries (collectively, “Moffitt” “we” or “us”). This Policy also contains information about your privacy rights and how you can exercise them. Moffitt is the data controller of the information we collect under this Privacy Policy.
Please read our Privacy Policy and our website Terms and Conditions of Use to understand both our commitment to you and your privacy, and how you can help us to honor that commitment.
Please also review our Notice of Privacy Practices (the “NPP”) which governs our use and disclosure of your Protected Health Information. “Protected Health Information” is individually identifiable health information that is protected by the U.S. Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (collectively, “HIPAA”). If there is a conflict between the Notice of Privacy Practices and this Privacy Policy with respect to Protected Health Information, the NPP controls to the extent of the conflict.
Personal Information We Process
“Personal Information” refers to any information that relates to you directly or indirectly, in particular by reference to an identifier, location, or factors specific to the physical, physiological, genetic, economic, cultural or social identity. We process the following categories of Personal Information:
- Protected Health Information, such as information in your Moffitt medical record that is available through the MyMoffitt Patient Portal. Note that some of the categories of Personal Information listed below (e.g., contact information and financial information) may be considered Protected Health Information if we collect it in connection with the provision of health care items or services to you or other activities regulated by HIPAA;
- Contact information, such as your name phone number, address. and email address;
- Technical information, such as your IP address, browser, operating system, device type and ID, and data collected about your interaction with the Services (such as the webpages you visited on the Services);
- Financial information, such as your payment card information (for which we engage third party service providers to process on our behalf);
- Recruitment information, such as curriculum vitae/resume, work history, and qualifications;
- Education and training information, such as your schooling, license numbers, and other information included on our application, fellowship, and event forms and registrations;
- Research study participant qualification information, such as demographic and medical information used to determine whether you meet the eligibility criteria for enrollment into research studies; and
- Any other information that you provide to us that can be used to identify you.
We collect Personal Information about you in the following ways:
- When you submit information voluntarily. There are certain areas of the Services where you can voluntarily submit Personal Information to Moffitt, such as when you register for an event, apply for a fellowship, or otherwise contact us directly;
- Through data collection technology. We use cookies and other data collection technology to collect and store your Personal information when you interact with the Services;
- Through social media, such as if you link to social media platforms or use social media plug-ins, we may (depending on your user privacy settings on that social media platform) automatically receive information about you from that social media platform; and
- From third parties, such as your health care providers, our marketing and bill payment partners, and publicly available sources.
In addition to Personal Information, we may collect other information that alone cannot be generally used to identify you. For example, when you use the Services, we may collect your browser type, device type, and operating system information. If any of this information can be used to identify you because, for example, we link it to your Personal Information, we will treat such information as Personal Information.
Our Use of Your Personal Information
The chart below describes the Personal Information that we collect, the likely sources of the Personal Information, how we may use and disclose it, for what purposes, and pursuant to what legal basis under the European Union’s General Data Protection Regulation (“GDPR”). Please also review our NPP for more information for how we use and disclose Protection Health Information to provide health care items and services and conduct other activities subject to HIPAA.
Use of your Personal Information |
Categories of Personal Information We Process |
Source |
Legal Basis under GDPR |
Communications & Marketing |
|||
Obtain your subscription preferences and send marketing communications |
Contact information and other information you provide, such as your topic preferences and areas of interest |
You |
Legitimate interest: To provide you with information you request or that we think might be of interest to you Consent: As required by law |
Contact you regarding important administrative announcements |
Contact information |
You |
Legitimate interest: To provide you with important information about the Services or the company, or our services |
Respond to inquiries and fulfill requests |
Contact information and other information you provide, such as your requests |
You |
Legitimate interest: To provide you with information you need and other services you request and to efficiently communicate with you |
Conduct questionnaires and surveys |
Contact information and other information you provide, such as your survey answers |
You |
Legitimate interest: To evaluate and take action with regard to your feedback and comments about Moffitt |
Register you for events and deliver event-related materials |
Contact information other information you provide, such as your preferences for the event |
You |
Legitimate interest: To enable your attendance at our events and to deliver your event materials Contract: As may be described on the registration page for the event |
Perform website analytics and develop and improve our features, content, and services |
Technical information and other information we collect, such as demographics, behavior, and event tracking |
First and third-party analytics cookies |
Legitimate interest: To understand more about our visitors (what pages you view, how long you visit, your devices, etc.) in order to improve our services |
Deliver advertising |
Technical information and other information we collect, such as demographics, behavior, and event tracking |
First and third-party analytics cookies |
Legitimate interest: To deliver advertising that is relevant to your preferences and demographics in an effort to make your experience more enjoyable |
Administration and Internal Operations |
|||
Verify your identity |
Contact information, other demographic information, and Protected Health Information |
You |
Legitimate interest: To provide you with access to your account and information, and to prevent fraud |
Provide access to the MyMoffitt and other portals |
Contact information, Protected Health Information, and other information about your demographics |
You |
Legitimate interest: To provide you with access to your account and offer portal-related services |
Process your donations |
Contact information, financial information, and other information you provide when you donate |
You |
Contract: To process your donation in accordance with your instructions For additional information about how we treat donor information, please visit our Donor Privacy page. |
Recruit personnel for employment and training opportunities |
Contact information, recruitment information, education and training information, and other information relevant to potential recruitment by Moffitt, such as employment records, criminal records, demographics, and veteran status |
You, your references, your former employers, and publicly available sources, such as LinkedIn |
Pre-contractual Measures: To recruit and evaluate potential candidates to join Moffitt Legal obligations: To comply with applicable legal obligations, including for employment law purposes Legitimate interest: To make the best recruitment decisions for Moffitt Consent: As required by law |
Medical Treatment and Clinical Research |
|||
Schedule an appointment |
Contact information, Protected Health Information, and other information necessary to schedule the appointment |
You |
Consent: As required by law Contract: To provide the services you request Legitimate interest: To schedule appointments for services that you request |
Locate a physician |
Contact information and other information necessary to fulfill your request |
You |
Legitimate interest: To suggest a physician that would suit your needs Consent: As required by law |
Evaluate your medical condition(s) and provide you treatment |
Protected Health Information and other information necessary for your treatment. |
You and your health care provider(s) |
Consent: As required by law Contract: To provide the treatment that you request Legitimate interest: To provide the treatment that is medically appropriate for the patient and as permitted by HIPAA or other applicable law and the NPP |
Review requests to participate in research studies and screen eligibility for enrollment |
Contact information, research study participant qualification information, and other information relevant to your eligibility and qualifications to participate in research studies at Moffitt. |
You and your health care provider(s) |
Consent: As required by law Scientific and research purposes: To engage in clinical research in accordance with applicable laws Legal obligations: To comply with applicable legal obligations Legitimate interest: To ensure research subjects are eligible and appropriate for the studies |
We may also aggregate or de-identify your Personal Information so that it can no longer be used to identify you. This aggregate or de-identified information may be used for any purpose permitted by law.
Other Uses: In the event of any other purposes for which we wish to use your Personal Information that are not listed above, or any other changes we propose to make to the existing purposes, we will notify you by amending this Privacy Policy in accordance with the Section titled “Changes to this Privacy Policy” below.
Cookies and other Data Collection Technology
We use Cookies, Web Beacons (also known as pixel tags and clear GIFs) and other similar technology (together, “Data Collection Technology”) on our Services. “Cookies” are small text files placed on your computer’s hard drive that allow us to know how often you visit our Services and the activities you conduct while on our Services. A “Web Beacon” (also called a “pixel tag” or “clear GIF”) is a piece of computer code that enables us to monitor user activity and website traffic. To learn more about Cookies and Web Beacons, visit www.allaboutcookies.org.
Data Collection Technology helps us dynamically generate content on our web pages that is specifically designed for you and allows us to statistically monitor how many people are using our Services and for what purpose. For example, we use Google Analytics, a web-based analytics tool that tracks and reports on the manner in which the website is used to help us to improve it. Google Analytics does this by placing Cookies on your device. The information that the Cookies collect, such as the number of visitors to the website, the pages visited and the length of time spent on the website, is aggregated. We also may use Data Collection Technology to collect information from the computer or device that you use to access our online services, such as your operating system type, browser type, domain and other system settings, as well as the language your system uses and the country and time zone in which your computer or device is located.
Your Control of Cookies: Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies. If you choose to decline cookies, you may not be able to fully utilize all features of this Site. You have the ability to delete cookie files from your hard drive at any time.
Our Policy on Do Not Track Signals: Some web browsers incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser’s user. To the extent we are able, we honor the DNT signals we receive from your browsers.
Our Disclosure of Personal Information to Third Parties
We will disclose your Personal Information within Moffitt, at your direction, as disclosed to you at the time of collection, or in the following circumstances:
- Service Providers: We may provide your Personal Information to our services providers that help us run and manage our organization and process Personal Information solely on our behalf. The categories of service providers include technology, hosting, billing, marketing, and telehealth providers.
- Corporate Transaction: In the event Moffitt is involved in a merger, reorganization, acquisition or sale of all or a portion of its assets, or other corporate transaction, we may disclose your Personal Information as part of that transaction.
- As Required By Law: We may disclose your Personal Information if we determine that the disclosure is necessary: (i) to comply with any law applicable to us, a request from law enforcement, a regulatory agency, or other legal process; (ii) to protect the legitimate rights, privacy, property, interests or safety of Moffitt, our business partners, personnel, or the general public; (iv) to pursue available remedies or limit damages; (v) to enforce our Terms & Conditions; or (vi) to respond to an emergency.
We reserve the right to disclose or sell non-identifiable aggregate or anonymized information to third parties for any lawful purpose.
International Transfer of Personal Information
Moffitt is committed to complying with this Privacy Policy and data protection laws, including those outside of the United States, that apply to our collection and use of your Personal Information. Moffitt is located in the United States, and we recognize that the laws in the United States may be different and, in some cases, not as protective as the laws other countries, including those located in the European Economic Area. By providing us with your Personal Information and using our Services, you acknowledge that your Personal Information will be transferred and processed in the United States. If you would like to know more about how we protect your Personal Information, you can contact us using the information in the section “Contact Us” at the end of this Privacy Policy.
Security of Your Personal Information
We have made efforts to provide a reasonable level of security for your Personal Information. We use a two-tier system that combines technical and organizational safeguards designed to protect your Personal information. For example, we use Secure Sockets Layer encryption technology to protect the integrity and privacy of the Personal Information you provide to us through the Internet. In addition, only authorized individuals (such as Moffitt employees, agents, medical staff and professional staff) are permitted access to your Personal Information.
While Moffitt has taken reasonable steps to protect any information that you may submit from unauthorized interception and use, the risk of unauthorized interception and use of electronically transmitted information cannot be entirely eliminated. Therefore, there is always a risk of unauthorized interception and use of any information that you submit to Moffitt through this Services.
Retention of Personal Information
We will keep your Personal Information for as long as necessary to fulfill the purposes for which we collected it, including any legal, professional, accounting or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information, whether we can achieve those purposes through other means, and all applicable legal requirements.
Marketing
If you do not wish to receive marketing-related emails from us, please click the unsubscribe link at the bottom of any marketing email, or email us using the information in the section “Contact Us.” Please note that even if we stop all marketing communications, you may still receive administrative, legal, and other important communications from us.
Your Rights
You have the right to request access and modifications to the Personal Information we maintain about you. We will respond to your inquiry within a reasonable timeframe and may charge a small fee if your requests are manifestly unfounded or excessive.
If you wish to exercise any of your rights (including the rights of individuals in the European Economic Area discussed below), please contact us using the information in the “Contact Us” section at the end of this Privacy Policy. If we are unable to honor your request, or before we charge a fee, we will let you know why.
Please note that if you decide to exercise some of your rights, we may be unable to provide you certain services, or you may not be able to use or take full advantage of the services we offer.
Special Rights of Individuals in the European Economic Area
If you are located in the European Economic Area and we maintain your Personal Information, you have the following additional rights (under the GDPR) with regard to your Personal Information:
- Right to access and receive: You may request a copy of or access to the Personal Information we hold about you. You may also request that we transfer your Personal Information to a third party in a machine-readable format.
- Right to correct: You may ask us to update or correct inaccurate or incomplete Personal Information we hold about you.
- Right to limit or restrict: You may have the right to request that we stop using all or some of your Personal Information or to limit our use of it.
- Right to erase: You may have the right to request that we delete all or some of your Personal Information. This right may be limited if we have collected your Personal Information for research purposes.
- Right to withdraw consent: You have the right to withdraw any consent you have previously given to Moffitt at any time. Your withdrawal of consent does not affect the lawfulness of our collecting, using, and sharing of your Personal Information prior to the withdrawal of your consent. Even if you withdraw your consent, we have the right to use your Personal Information if it has been fully anonymized and cannot be used to personally identify you.
- Right to complain: You have the right to lodge a complaint with your Supervisory Authority if you are unhappy with how we process your Personal Information. You can find contact information for your Supervisory Authority on the European Commission Data Protection Authorities webpage or through other publicly available sources.
Special Notice to California Residents
California Civil Code Section 1798.83 permits individual California residents to request certain information regarding our disclosure of certain categories of Personal Information to third parties for those third parties’ direct marketing purposes. To make such a request, please contact us using the information in the “Contact Us” section below. This request may be made no more than once per calendar year, and we reserve our right not to respond to requests submitted other than to the email or mailing addresses specified below.
Children’s Privacy
The Services is intended for adults aged 18 and older, and Moffitt does not knowingly collect Personal Information through the Services from any person known to be under the age of 18.
Third-Party Websites and Services
When using the Services, you may come across links or references to third-party websites and services that we do not operate or control. If you provide your Personal Information to that third party through its websites or services, you will be subject to that third party’s privacy practices, policies, and terms of use. This Privacy Policy does not apply to any Personal Information that you provide to a third-party website or service. We recommend that you read the privacy policy that applies to that third-party website or service. A link or reference to a third-party website or service does not mean that we endorse that third party or the quality or accuracy of the information presented on its website or service.
Changes to this Privacy Policy
Moffitt reserves the right to modify this Privacy Policy at any time. We will notify you via the Services or any other reasonable means (e.g., by emailing you using the email address we have on file) prior to when any material changes to the Privacy Policy take effect. Any modified Privacy Policy will supersede the current Privacy Policy.
Contact Us
We welcome your questions and comments about this Privacy Policy or how we process your Personal Information. Please contact us using the information below and we will respond to you as soon as reasonably possible.
Moffitt Cancer Center
12902 USF Magnolia Drive
Tampa, FL 33612
corporatecompliance@moffitt.org
+1 (813) 745-1869
+1 (844) 760-5840 (toll free)
Legal Statements and Policies