Family Tree Clinic

Data Privacy Policy

Introduction

This Privacy and Cookie Policy explains how we collect, use, share, disclose or otherwise process personal information we hold about you. Understanding what our audiences prefer allows us to personalize content, show relevant adverts, and generally improve your experience of our services.

About Us

Family Tree Clinic, a nonprofit community clinic located in St Paul, MN, will collect, use, share and disclose or otherwise process your personal information in line with this Policy. The relevant data controller for your data will depend on which product or service you have interacted with or to which title you have subscribed as set out below.

Collection of Information

Registration, forums, apps and your dealings with us
We collect information about you when you provide it to us; for example, when you fill out our online forms, subscribe to our e-newsletter, respond to our promotions, register and use one of our apps, enquire about our products and services or participate in a reader forum (which could be on any medium).

Information from devices
We also collect information automatically when you interact with our websites or use our apps. This can include information about the device and the device’s general geographic location. This can be to provide services that have copyright restrictions, or to deliver news that is relevant to where you are. We may also collect information from cookies placed on your device. See the section on Cookies for more information about our use of cookies. With your consent, we may also collect the specific location of your device or request access to data from other applications to provide certain services you have requested.

Public information and posts
Any information about yourself or others that you post on our social media pages, on platforms like Twitter, Facebook and other chat rooms, blogs and forums, will be viewed by other people (including search engines), over whom we have no control. You are responsible for the information you choose to post or otherwise make available in such public areas, and you acknowledge that this may be collected and used by third parties.

Other sources
We may also obtain online and offline information about you from other organizations, such as consumer insight providers, that have your permission or where there is a legitimate interest in sharing your personal information with us or companies like us. We may combine this with information we collect in accordance with this Policy.

Our Legal Bases for Using Personal Information

All organizations need a legal reason to use your personal information. If they don’t have one, they can’t use it. There are a number of legal grounds that enable data processing. Below are the most relevant grounds you should be aware of.

With your consent
There are some activities where we process personal information with your consent. For example, where we want to send you marketing messages by email, we would ask your permission first and you could opt-out at any time. However, if you opt-out or withdraw consent, we may not be able to provide the product or service you have requested.

To enter into and fulfil a contract
We also process your personal information in order to fulfil a contract we have with you. For example, we would use your information to provide you with access to your medical records portal or other services you may have signed up for.

For a legitimate interest
We may use your information where there is a legitimate reason to do so. For example, we may use your information where it would help achieve our business objectives or to facilitate a benefit to you or someone else.

We only rely on legitimate interests if the reason for using your information is fair and lawful. Where we want to rely on legitimate interests as a legal basis, we will carry out a balancing test between our legitimate interests and your privacy rights.

Our legitimate interests in processing personal data include:

To comply with legal obligations
There may be situations where we need to use your information to comply with legal and regulatory obligations or defend claims.

Purposes of processing (why we use your information)

Lawful basis for the use of your information – this may depend on the specific activity

How We Use Personal Information

To provide products and services and improve experience
We will use your information to provide you with products and services you have asked for and to manage our relationship with you, including allowing you to interact, comment, and participate in online games, contests and other programs.

We may use your information to monitor, improve and protect our products, content, services and websites, both online and offline. We may also provide you with help and support where we believe it is required. For example, if you have provided your contact information, we may contact you when a checkout journey is not completed.

To personalize content
We sometimes make assumptions about your interests based on the way you interact with our products and services and the information we hold about you. Knowing these preferences also allows us to understand the products, content and services our customers like, letting us focus our efforts on developing those areas. We may also use this information to make decisions about what direct marketing to show you.

“Do Not Track” browser settings
If you choose to turn on Do Not Track setting in your browser, your browser sends a special signal to websites, analytics companies, ad networks, plug-in providers, and other web services you encounter while browsing to request that they stop tracking your activity. Currently our websites and apps are not designed to respond to “Do Not Track” signals.

To send you direct marketing
Where we have your permission or a legitimate interest, we may send you direct marketing. This may include communications by post, phone, email, messages to your mobile devices, through social media (such as Facebook, Instagram and Twitter) and on our website, or on other websites, as you browse the internet. The communications may contain information about our products, services, events and offers. We may also send you information, offers and promotions from our commercial customers and partners where you have given your consent.

You will be able to opt-out of direct marketing by following the instructions in the communication or by changing the settings.

To send you health-related communications
As part of the products and services you have with us, you are entitled to receive newsletters, bulletins, and other “in-life” communications that relate to those products and services, including triggered emails, such as updates you make. You will be told about the types of communications you will receive when you sign up and you will be able to unsubscribe at any time. However, if you do, you may not get the most out of the products and services you have signed up to.

Service messages
We may send you service messages by email, SMS, social media, post, or other channels, containing important information about changes to our service or your account. These communications are a fundamental part of our products and services. For example, we may contact you to validate your payment details or to tell you about changes to the product or service.

To conduct market research and perform analytics
We may use your information to conduct market research to improve the services we offer and to develop new products and services. You will be able to opt-out of receiving market research surveys by following the instructions in the communication.

You may also be asked if you would like to join our audience panels to help us improve our products and services. We value your participation and you will always have the choice to opt-out of these panels.

To match data and gain audience insights
Where we have your permission or a legitimate interest, we may compare our customer database with our commercial customers’ and partners’ customer databases. This process allows us to see if a partner’s adverts would reach its existing customers that use our products and services, or we could reach our customers through their products or services. It also helps us to understand if those customers are likely to find promotions from those partners relevant. Where a customer is found to be on both databases, we may use the marketing permissions we hold to send that customer direct marketing. We do this through the use of a trusted third party processor to identify matching customers.

We may also provide our commercial customers and partners with information about the effectiveness and reach of advertising campaigns that they have planned or carried out. This information will not identify you directly without your consent.

To detect ad blockers
When you visit our sites we may check (using cookies, code, script or other technical means) to see if you have an ad blocker installed on your device or if your internet browser settings allow adverts or not.
If we detect that your device or internet browser is using an ad blocker, we may ask you to “whitelist”, trust or pause blocking adverts while you visit our websites or apps. You can do this easily in your browser settings or within the ad blocker itself. If you continue to use an ad blocker this may have an impact on the content you are able to see on our website or apps.

Information about your use of ad blockers may be stored or associated with your device (including through the use of cookies) to re-insert advertisements on our websites and to understand how our customers use ad blockers. The advertisements that are re-inserted may include those from ad blockers’ “whitelists” or that promote our own products and services.

To allow third party advertising
In some instances targeted advertising may be displayed on our websites and apps by third parties using our platforms. These third party adverts may collect and use your personal information, which is outside of our control. This targeting may be caused by cookies already in place on your device. More general information on cookies can be found in the Cookies section of this Policy.

To provide co-branded services and features
We may offer co-branded services or features, such as competitions or other promotions, together with a third party and may share the information you provide with that third party where we have your consent. These co-branded services may be hosted by us or by the third party. In these instances the third party may also be a data controller for your information. In this case, the third party’s use of your information will be governed by their privacy policy, which you should always read.

To disclose your information as permitted by law
Your information may be disclosed where we are permitted by law to do so, for example where we get police requests or regulatory inquiries. We may also disclose your personal information where we are allowed by law to protect or enforce our rights or the rights of others and for the detection and prevention of crimes, such as fraud.

To take payments, check your identity and conduct credit checks
Customer information will be used to take payment for products and services and may be used to verify credit details related to this payment. Permission to do so is implicit in providing financial details to process payment. Direct debit or continuous payment authority information, including card details, may be retained in accordance with our regulatory requirements, by us or our payment processors for ease of renewal of services.

To ensure that our products and services conform to agreed industry standards
We may share your information with auditors for the purposes of verifying that we comply with relevant standards. For example, we may ask third party auditors to assess our compliance with information security and Privacy by Design best practice. This may require them to access your information in our systems.

Linked services
Our services may be linked to websites and apps operated by third party companies, and may carry advertisements or offer content developed and maintained by unaffiliated companies. We are not responsible for the privacy practices of these companies, and once you leave the Family Tree Clinic site you should check the applicable privacy policy of the other service.

How We Share Your Information

Your information will be shared between the Family Tree Clinic website and third party applications like Google Analytics. This is to perform analytics and analysis of how you interact with the organization’s website. We are not responsible for the actions of third party applications in regards to your data.

Access & Control of Your Information

Updating your information
Please ensure you update your personal information or tell us if it changes or is inaccurate. You can update your details, for example your email address, in your account settings or an equivalent section if you are a subscriber. You may also email our Director of Advancement, Wen Brovold at wbrovold@familytreeclinic.org.

You can change your mind about receiving direct marketing or other communications you receive from us, such as bulletins and other information about your chosen products and services.

Withdrawing consent for processing
Where we may rely on your consent to process personal information, you have the right to withdraw that consent at any time.

Other rights

You may request a copy of your personal information, as well as the right to not be profiled. You can also ask us to correct any inaccuracies in your personal information. In some circumstances you may be able to ask us to transfer information you have provided to us to another organization.

You may also have the right to object, erase, or restrict our processing of your information – for example, where we process personal data because this is in our legitimate interests, you may object to this. We will need to carefully consider your request, as there may be circumstances which require us, or allow us, to continue processing your data.

Retention of Personal Information

We will retain your information for as long as necessary for the uses set out in this Policy, or while there is a legitimate reason for doing so. If you ask us to delete your information before that time, we may not be able to do so due to technical, legal, regulatory or contractual constraints. For example, we would need to retain your name and contact details for suppression purposes if you do not want to receive direct marketing from us.

If you ask for your account to be closed, we will do this as soon as is reasonably possible subject to any applicable terms and conditions relating to the account. Personal information from closed accounts is retained in order to comply with legal obligations, prevent fraud, collect any fees owed and to resolve disputes.

Cookies and Similar Technologies

This section covers our use of cookies and similar technologies.

What are Cookies?

Cookies and other online tracking technologies are small bits of data or code that are used to identify your devices when you use and interact with our websites and other services. They are often used for remembering your preferences, to identify popular news stories, to remember you’re logged in and allowing you to comment on stories.
Our legal bases for cookies and similar technologies

Placing cookies: in order to place cookies, tags and other technologies on your browser or device, we need to have your permission. We do this by providing a clear notice in the form of a cookie banner that tells you what cookies are used for, as well as providing you with useful information about the technologies we use and a link to this Policy. You’ll need to indicate your acceptance of our use of cookies. On a mobile device this might be by swiping a banner, pressing a button, or using facial recognition.

You are able to opt-out of the use of cookies.

Using information collected from cookies: where we want to use the information that cookies and similar technologies collect, we either need your consent or a legitimate interest. In practice it will not always be practical to get opt-in consent as doing so with cookie banners and pop-ups would disrupt your use and enjoyment of our sites and content. This is why we usually rely on our legitimate interests to use the data collected by cookies. To do this we conduct an assessment to make sure the purposes for which we use your data are fair and that your privacy rights are considered. We only rely on legitimate interests where your rights do not override our interests in using the data.

What Cookies Do We Use and Why?

Essential cookies and similar technologies
These are vital for the running of our services on our websites and apps. Without the use of these cookies, parts of our websites would not function.

Analytics cookies and similar technologies
These collect information about your use of our websites and apps, and enable us to improve the way they work. For example, analytics cookies show us which are the most frequently visited pages allowing us to provide the most popular articles further up the page. They help us record how you interact with our websites, such as how you navigate around pages and from page to page, identifying improvements we can make to the customer journey. They also help identify any difficulties you have accessing our services, so we can fix any problems. Additionally, these cookies allow us to see overall patterns of usage at an aggregated level.

Functional/preference cookies and similar technologies
These cookies collect information about your choices and preferences, and allow us to remember things like language, your username (so you can log in faster), text size, and location, so we can show you relevant content to where you are. They allow us to customize the services you have accessed. We also use these cookies to provide you with services such as video clips.

Tracking, advertising cookies and similar technologies
We use these types of technologies to provide advertisements that we think may be more relevant to your interests. This can be done by delivering online adverts based on your previous web browsing activity, known as “online behavioral advertising” (OBA). Cookies are placed on your browser which will remember the websites you have visited. Adverts based on what you have been looking at are then displayed to you when you visit websites which use the same advertising networks.

We may also use cookies and similar technologies to provide you with adverts based on your location, offers you click on, and other similar interactions with our websites and apps.

Web beacons and tracking pixels
These are bits of data that count the number of users who access a website or webpage and can also allow us to see if a cookie has been activated. Web beacons used on web pages or in emails allow us to see how successful an article has been, or whether an email message was successfully delivered and read in a marketing campaign. Web beacons are also used to verify any clicks through to links or advertisements contained in emails. We may use this information to help us identify which emails are more interesting to you and to inform advertisers how many customers have clicked on their adverts (the information shared with advertisers is aggregated and does not identify you individually).

Flash cookies
We may, in certain situations, use Adobe Flash Player to deliver special content, such as video clips or animation. To improve your user experience, Local Shared Objects (commonly known as Flash cookies) are used to provide functions such as remembering your settings and preferences. Flash cookies are stored on your device, but they are managed through an interface different from the one provided by your web browser.

Tracking URLs
Tracking URLs are a special web link that allows us to measure when a link is clicked on. They are used to help us measure the effectiveness of campaigns and advertising and the popularity of articles that are read.

Device fingerprinting
We may collect and analyze a device’s browser information to help identify that device, present content correctly, conduct analytics and help prevent and detect fraud.
If you access our services from a mobile device, we may collect a unique device identifier assigned to that device, geo-location data, and other transactional information for that device.

How We Use Cookies and Similar Technologies

As well as the uses already identified above, we use cookies and similar technologies to:
Protect our networks
Cookies and similar technologies help us identify and prevent threats to our sites. They are necessary to protect your information and our business from outside threats.

Allow you to access our services
Cookies and similar technologies permit your connection to our websites: our servers receive and record information about your computer, device, and browser, including potentially your IP address, browser type, other software or hardware information, and your geographic location.

Assess usage of services
We use information about your usage of our services, websites and apps, such as pages you have visited, content you have viewed, search queries you have run, and advertisements you have seen or interacted with to assess how our services are used.

Provide eCommerce functionality
Cookies and similar technologies help us provide functionality that you need to navigate our sites, select products and services and purchase them or make donations.

Provide relevant content
The content on our websites and in our communications with you may be adjusted depending on what we know about the content, products and services that you like. This means we can highlight content and articles that we believe will be of interest to you. We provide personalization by using cookies, IP addresses, web beacons, URL tracking and mobile app settings.

Changes to This Policy

From time to time, we make changes to our Privacy Policy and Cookie Policy. This may be in relation to changes in the law, best practice, changes in our services or treatment of your personal information. Where necessary, we will seek your consent to these changes. We will always display clearly when the privacy policy was last amended on the website.

Last amended March 2020