Last Updated: January 15, 2025
General Information
Children's Hospital of Philadelphia, its successors and assigns, and all of its present and former affiliates (including the Children’s Hospital of Philadelphia Foundation) (collectively, “CHOP”) has created this Privacy Policy to disclose our information-gathering and dissemination practices for our websites (including https://www.chop.edu/), mobile applications, and digital assets offered by us (collectively, our “Services”). The Privacy Policy also describes our practices in connection with information that we collect through offline activities as detailed in this policy. The Privacy Policy should be reviewed in tandem with the Terms of Use, which also applies to the Services.
If you are a resident of a U.S. State or foreign jurisdiction, such as the EU, that provides additional rights concerning your personal information, please review certain disclosures concerning those jurisdictions in the section entitled “Colorado, Delaware and New Jersey Residents” or “EU, UK and Switzerland Residents.”
Consent
PLEASE REVIEW THIS PRIVACY POLICY CAREFULLY. When you submit information to or through the Services, you consent to the collection and processing of your Personal Information as described in this Privacy Policy.
Where applicable under law, by using our Services and providing us with Personal Information (defined below), you agree to the practices described in this Privacy Policy and to the updates posted here from time to time. If you withdraw consent, you agree that despite withdrawal, CHOP may continue to use your Personal Information previously provided to use to the extent that we are legally or contractually obligated to do so and to the extent necessary to enforce any contractual obligations you may have to us. You also understand that by withdrawing your consent, we may no longer be able to provide you with Services previously available with consent.
If you consented to receiving email or SMS/text message communications from CHOP, you will continue to do so unless you unsubscribe or opt-out. You may choose to opt out or unsubscribe from receiving future marketing email messages from us. Each marketing and Foundation email sent from us contains a link with instructions on how to remove yourself from our email list. You may also opt-out of receiving SMS/text messages from us by following the opt-out instructions included in such text messages (e.g., replying STOP).
Personal information. CHOP may collect Personal Information you provide about yourself or your child through your accessing of the Services and interactions with the Services, such as contacting us through the Services, responding to a survey about your experience with us (including but not limited to your experience using the Services), registering for an event, submitting donations, scheduling or cancelling an appointment, providing referral information, inquiring about or applying for employment opportunities, using the chat functionality on our Careers, MyCHOP, Poison Control and Center for Fetal Diagnosis and Treatment pages, inquiring about or completing continuing education, completing forms as part of the intake process, creating an account with us, or otherwise subscribing to one of our online publications or email newsletters.
CHOP may collect other information about your computer hardware and software, such as browser and device information or information collected through cookies, pixel tags, and other technologies in order to optimize user experience, as discussed in Cookies and Other Technologies below. If we are required to treat this information as Personal Information under applicable law, then we may use and disclose it for the purposes for which we use and disclose Personal Information as detailed in this Privacy Policy.
We also contract with our third-party vendors to provide publicly available information to enrich your Personal Information related to donations.
All of this Personal Information is detailed below.
In using our Services, you may provide us with Personal Information, including, without limitation, the list below. You may provide us with this Personal Information when you ask us to assist you in seeking general medical assistance.
First and last name, email address, name, home, or work address, and/or telephone number, date of birth, health-related concern, National Provider Identifier (NPI) number, social security number
Driver’s license or passport information, or other documents that establish identity.
Protected Health Information (“PHI”) that constitutes health data protected by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA")
For information about how we use and protect your PHI please see our HIPAA Notice of Privacy Practices
Emergency contact information of relatives or other person’s Personal Information
Credit card or other payment information, billing address, transaction history, and other financial documentation
Insurance information
Account username and log in credentials, including unique identifiers such as username and password
Survey or content submissions
Reasons why you have selected or heard about our Services
When you contact us directly, by email, phone, mail, text, chat, when you post on message boards, blogs or complete an online form, we may record your comments and opinions
Participation and registration in events and seminars, opt-in marketing selection, and document or resource download references
Such as language preferences, and general or specific health-related information
Resume, occupation, work samples, benefits, competition requirements, educational history, certifications, protected classifications (e.g., age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, and veteran or military status) , or other information provided in applications for employment
This may also include information about your employing entity, business unit, manager and management reporting structure, job title, function and the nature of your duties and responsibilities, and non-publicly available education information
Preferences for communications and Services, chats, posts, or interactions and communications with us or our third-party providers
Information derived from other Personal Information about you, which could include your preferences, interests, and other information used to personalize your experience
Preferences set for notifications, marketing communications and how our website is displayed
Additional information as otherwise described to you at the point of collection or pursuant to your consent
Any other information you choose to directly provide to us in connection with your use of products or Services
You are responsible for ensuring the accuracy of the Personal Information you submit to us. Submitting inaccurate Personal Information or failing to maintain the accuracy of Personal Information that changes (for example, a change of email address) may disrupt your ability to use our Services, may affect the information you receive from us, and may impact our ability to contact you. You can update your Personal Information at any time by logging into and visiting your user account page, as applicable, or contact us.
Our Services may automatically collect certain Personal Information. We may collect Personal Information automatically through your use of our Services, including the website, such as through the use of cookies, through security monitoring and recording at our offices and facilities, on phone calls, and through third parties. We use this information to help us design our Services to better suit our users’ needs and for other business purposes as described in this Privacy Policy.
This Personal Information may include:
We collect information about the computer, tablet, smartphone, or other electronic device you use to connect to our Services.
Every computer on the Internet has a unique address called an Internet Protocol (“IP” Address). An IP Address is just like a telephone number in that it is a long string of numbers and/or letters. IP Addresses are automatically assigned to all Internet Users by their Internet Service Providers (“ISP”). However, since it would be difficult to remember everyone’s IP Address, the Internet allows you to type in an easy to remember name, i.e., a domain name or e-mail address which corresponds to the IP Address. When you use the Internet, your IP Address, as well as other information is automatically logged by web servers.
Along with your IP Address, we collect browser type and language; operating system; platform type; device type; software and hardware attributes; and unique device, advertising, and app identifiers.
Internet or other electronic network activity information, including browser and app logs, content you view or engage with, and app, browser, and device information.
Domain server from which you are using our Services.
Type of computer, web browsers, software, search engine used, operating system, or platform you use.
Mobile device information, including the type of device you use, operating system version, your device’s telephone number (if it has one), the device identifier (or “UDID”). This also includes behavior, use, and aggregated usage, performance data, and from where the application was downloaded.
Location information related to the IP address of devices used to access the Services, type of browser software, operating system, or mobile device in use, associated region or location data, Internet domain and service provider used, and referring/exit pages from which you linked to our Services.
Date and time of your visit or use of our Services.
Data identifying the website pages you visited prior to and after visiting our website or use of our Services.
Your movement and activity within the website, which is aggregated with other information.
For example, the website from which you came and the website to which you are going when you leave our website, how frequently you access the Services, the time you access the Services and how long you use them, whether you open emails or click the links contained in emails, whether you access the Services from multiple devices, interaction with email content, access times, error logs, and other similar information, and other actions you take on the Services. Information about files you download, domain names, landing pages, browsing activity, content or ads viewed and clicked, dates and times of access, pages viewed, forms you complete or partially complete, search terms, uploads or downloads, the URL that referred you to our Services.
General (not precise) Location data
Information provided by social networks connected to the Services, in accordance with your privacy settings on the social media platform. The connected social network may provide us with information such as your name, ID, profile picture, network, gender, username, user ID, email address, friend list, age or age range, language, country, friends list, follower list, photos, location, generated contact, and any other information you have agreed it can share or that the social network provides to us. It also includes information you provide to us directly through our Services on social media networking and blogging platforms (e.g., Facebook, Instagram, YouTube, and Twitter).
Inferences drawn from any of the information identified above reflecting your preferences and characteristics.
We may collect additional Personal Information about you from our affiliates, partners or vendors, third-party websites, social media platforms, such as, but not limited, to Facebook, Twitter, Instagram, LinkedIn (“Social Media Platforms”), and/or sources providing publicly-available information (e.g., from the U.S. Postal Service) to help us provide the Services to you, confirm, enhance, or supplement our existing information about you (e.g., with your consent, background checks for credit history), help prevent fraud, maintain security, and for fundraising and other business purposes.
Personal Information we may access about you, with your consent, may include, but is not limited to, your basic social media platform information and certain information about your activities on the social Media Platform. This information is used by CHOP for the operation of our Services, to maintain quality of the service, and to provide general statistics regarding the use of CHOP Services. Please keep in mind that when you provide Personal Information through CHOP public message boards or on a third-party website or platform (for example, via our applications), the information you provide may be separately collected by the third-party website or the social media platform. Note: CHOP does not read any of your private online communications.
We may also collect Personal Information to perform our Services, including billing, public filings, and other information available from third-party websites.
We also contract with third party vendors to provide publicly available information to enrich your personal information specifically related to donations.
The Personal Information we collect is covered by this Privacy Policy, and the information the third-party website or social media platform collects is subject to the third-party website or platform’s privacy practices. We encourage you to review the privacy statements of websites you choose to link to from CHOP so that you can understand how those websites collect, use, and share your Personal Information. CHOP is not responsible for the privacy statements or other content on websites outside of CHOP. You are responsible for reading those privacy statements on third party websites.
The Services use “cookies” during a site visit. A cookie is a small file containing a string of characters that is sent to your computer when you visit a website or use an online service. When you visit CHOP’s websites or use the Services again, the cookie allows that website or online service to recognize your browser or device. Cookies may store unique identifiers, user preferences, and other information. We may use “session cookies” or “persistent cookies.” Session cookies are temporary and expire once you close your browser or once your session ends. Persistent cookies remain on your device for much longer or until you or your browser erase them. Persistent cookies have varying durations that are dependent on their expiration date. Cookies are used by the Services in the following ways:
Web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to manage and delete cookies, visit www.allaboutcookies.org. To manage cookies on the Services, please visit our cookie preference tool.
To find out how to manage cookies on popular browsers, please visit:
Google Chrome
Microsoft Edge
Mozilla Firefox
Microsoft Internet Explorer
Opera
Apple Safari
Some web browsers provide settings that allow a user to reject cookies or to alert a user when a cookie is placed on the user’s computer, tablet or mobile device. Most mobile devices also offer settings to reject mobile device identifiers. Although users are not required to accept cookies or mobile device identifiers, blocking or rejecting them may prevent access to some features available through the Services.
In addition to cookies, we may use the following data collection tools to provide you with a more consistent and personalized experience when interacting with us, to provide you with information about opportunities to donate to CHOP, and to remind you to complete any registrations or donations you may have started on the Services:
For flash cookies, you can access flash management tools from Adobe’s website. In addition, some, but not all, browsers provide the ability to remove local shared objects within cookie and privacy settings.
Please note that third-party tracking technologies such as tracking cookies and pixels are not used on Chop.edu webpages focused primarily on patient care or on authenticated websites or apps.
CHOP may collect and use your information through the Services:
CHOP may share your Personal Information collected through the Services in the following ways:
CHOP uses commercially reasonable security measures designed to help safeguard against unauthorized intrusion to the Services and the alteration, acquisition, or misuse of Personal Information. The measures we use are intended to provide a level of security appropriate to the risk of processing your Personal Information and to help ensure that your data is safe and secure. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. We do not guarantee that your Personal Information will not be misused by third parties. We are not responsible for the circumvention of any privacy settings or security features. You agree that we will not have any liability for misuse, access, acquisition, deletion, or disclosure of your Personal Information. If you have reason to believe that your interaction with us is no longer secure, please immediately contact us.
Use of the Services is subject to the Terms of Use. To the extent you provide Personal Information through the Services, you agree to the disclaimers and indemnification provisions set forth in the Terms of Use.
It is your responsibility to maintain the confidentiality of your log-in credentials and unique identifiers used to access the Services. You are also responsible for ensuring the accuracy of the Personal Information you submit to CHOP. Submitting inaccurate Personal Information or failing to maintain the accuracy of Personal Information that changes (for example, a change of email address) may disrupt your ability to use our Services, may affect the Services you receive from us, and may impact our ability to contact you.
You are responsible for taking all reasonable steps to ensure that no unauthorized person shall have access to your CHOP passwords or accounts. It is your sole responsibility to: (1) control the dissemination and use of activation codes and passwords; (2) authorize, monitor, and control access to and use of your CHOP account and password; and (3) promptly inform us of any need to deactivate a password.
CHOP will retain your Personal Information in a reasonably necessary manner that is needed to provide you with our Services in accordance with the purpose for which it was collected, processed, or for another disclosed purpose. CHOP will also retain and use your Personal Information as necessary to comply with our legal obligations, including any applicable rules on statute of limitations, any relevant litigation, or regulatory investigations, to enable us to defend or bring potential legal claims, resolve disputes, enforce our agreements, and in accordance with our routine recordkeeping that considers the duration of your use of our Services. We are under no obligation to store Personal Information indefinitely. We disclaim any liability arising out of, or related to, the disposal of your Personal Information.
We operate in the United States and on a more limited basis around the world. Your Personal Information may be transferred to and processed in any country in which we provide Services or engage service providers or licensed independent contractors. These countries may be outside the United States and may have different data protection laws than in the United States.
Thus, we transfer your Personal Information to third parties as stated in this Privacy Policy, and some of these parties may be in countries other than your own, whose privacy and data protection laws may not be equivalent to those in your country of residence.
When we transfer your Personal Information to other countries, we apply appropriate safeguards to protect your Personal Information and comply with applicable laws. If you have questions about how we transfer your Personal Information, please contact us.
Be aware that third party actors attempt to acquire Personal Information through some illegal actions such as phishing. If you receive a call, text, email, or social media that you cannot verify is from CHOP asking for Personal Information, do not respond and do not share your Personal Information. If you have questions, call your CHOP provider using a phone number you know is legitimate, or contact us through MyCHOP.
You may decide to subscribe to one of our short code mobile message programs (the “Program”) to receive SMS/text messages from CHOP. If you choose to opt-in and consent, such as by providing your telephone number to us and clicking submit online, we will collect information about your interactions with the SMS/text messages that we may send to you from time to time as part of the Program(s) in which you are enrolled.
By providing your telephone number and clicking submit online, you agree to this Privacy Policy, and authorize us to make or initiate fund-development calls, text messages and prerecorded voicemails to that phone number using an automated system. Your agreement is not a condition of purchasing any products, goods or services. Message & data rates may apply, and message frequency may vary.
CHOP does not sell information that we obtain from you through our Program, including personal information you submit to us online to consent and opt-in to the Program, and we do not share that information with non-affiliated third parties for any purpose other than to provide the services, and other information requested by you, or to fulfill our legal obligations.
You may opt out of receiving our newsletters, communications, or development appeals by following the unsubscribe instructions provided in any such messages (e.g., clicking unsubscribe in an email or replying STOP for SMS/text messages).
You may also unsubscribe by contacting us.
Please note that if you opt out of receiving our newsletters, this does not impact other transactional and administrative messages which you will continue to receive (such as emails relating to this Privacy Policy or emails or SMS/text messages responding to your inquiries).
The Services do not currently take any action when it receives a Do Not Track request. Do Not Track is a privacy preference that you can set in your web browser to indicate that you do not want certain information about your webpage visits collected across websites when you have not interacted with that service on the page. For details, including how to turn on Do Not Track, visit www.donottrack.us.
The Services are intended for adults and young adults aged sixteen (16) and over. The Services are not intended for or designed to attract persons under the age of sixteen (16). We do not permit registration by, nor do we directly collect Personal Information from any person we know to be under the age of sixteen (16).
This Privacy Policy applies only to your use of the Services. The Services contain links to other sites, including sites that may indicate a connection to or business relationship with us, including but not limited to Classy (used to receive and process donations to CHOP) and DonorDrive (used to facilitate registration for Foundation events). Similarly, the MyCHOP Mobile Application is operated by a third party, Epic Systems Corporation. We are not responsible for the privacy practices of such other sites or operators. You should read the privacy notices of each site you visit or mobile application you access to determine what Personal Information that site may be collecting about you.
Under California Civil Code Section 1798.83, also known as California’s “Shine the Light” law, California residents with whom we have an established business relationship are entitled to request and receive, free of charge, once per calendar year, information about the customer information we shared, if any, with other businesses for their own direct marketing uses in the previous calendar year. To request a copy, please contact us. Please be aware that not all information sharing is covered by the “Shine the Light” law requirements and only information on covered sharing will be included in our response.
This section of the Privacy Policy is supplemental and provides disclosures in addition to those made elsewhere in this Notice. This additional information is specific to Colorado, Delaware, and New Jersey residents. The categories of Personal Information we process about you is set forth in the sections entitled “Information We Collect” and “Cookies and Other Technology.” The purposes for processing such Personal Information are set forth in the section entitled “How We Use Your Information.” We share the Personal Information we process about you with the third parties set forth in the section titled “Sharing of Information.”
Under the Colorado Privacy Act (“CPA”), the Delaware Personal Data Privacy Act (“DPDPA”) and the New Jersey Privacy Act (“NJPA”), you may have the following data protection rights:
Please note that we do not engage in profiling in furtherance of decisions that produce legal or similarly significant effects concerning you, as defined by the CPA, the DPDPA, or the NJPA.
You may exercise the rights set forth above by contacting us online, or by mail at Office of Compliance & Privacy, Roberts Center for Pediatric Research, 2716 South Street, 20th floor, Philadelphia, PA 19146 with “CPA Request” or “DPDPA Request” or “NJPA Request” on the subject line and in the body of your message.
In the event we deny your request, you may appeal our denial by contacting us in the same manner by which you submitted your request with “CPA Appeal” or “DPDPA Appeal” or “NJPA Appeal” on the subject line.
Our processing of your Personal Information via cookies and other technology as set forth in the section entitled “Cookies and Other Technology” may qualify as a “sale” and processing for targeted advertising purposes under the CPA, the DPDPA, and/or the NJPA. To opt out of certain sharing of Personal Information with our third-party analytics and digital advertising service providers, please Contact Us. Additional information about how to control cookies through your browser functionality is provided in the section entitled “Cookies and Other Technology.”
This section of the Privacy Policy is supplemental and provides disclosures in addition to those made elsewhere in this Notice. This additional information is specific to residents of the European Union (“EU”), the United Kingdom (“UK”), and Switzerland. CHOP acts as a controller with respect to “personal data” (used interchangeably in this section with “Personal Information” in the Notice) that it collects through the Services, as defined by the General Data Protection Regulation 2016/679 (“GDPR”), any national law of an EU member state adopted pursuant to the GDPR, the United Kingdom Data Protection Act of 2018, the UK’s General Data Protection Regulation (“UK GDPR”), and the Switzerland Federal Act on Data Protection (collectively, “Data Protection Laws”).
We collect the types of personal data referenced in this Notice and process and share such information to provide the Services to you. Our legal basis for processing your personal data includes one or more of the following:
Under Data Protection Laws, if you are an EU, UK, or Swiss resident, you may have the following privacy rights, which you may exercise by contacting us online, or by mail at Office of Compliance & Privacy, Roberts Center for Pediatric Research, 2716 South Street, 20th floor, Philadelphia, PA 19146 with “GDPR Request” on the subject line and in the body of your message:
Personal data we collect through and in connection with the Services is currently processed in the United States by us or by a party acting on our behalf. When you provide personal data to us through the Services, you consent to the transfer of your data to, and processing of your data in, the United States. The Services are currently hosted in the United States. We will transfer your personal data to the United States through the use of appropriate safeguards as required by Data Protection Laws.
As stated in the “How We Secure and Retain Your Personal Information” section above, we will retain personal data for so long as we, in our sole discretion, believe is necessary or appropriate: (a) to fulfill the purpose(s) for which such information was collected, or (b) to comply with applicable laws, contracts, or other rules or regulations. You may submit a request to delete your personal data by contacting us.
We employ reasonable technical and organizational security measures designed to help protect the security of information submitted through the Services. However, no electronic transmission over the Internet or information storage technology can be guaranteed as 100% secure. We are not responsible for any interception or interruption of any communications through the Internet or for changes to or losses of data. Users of the Services are responsible for maintaining the security of any password, user ID, or other form of authentication involved in obtaining access to password protected or secure areas of any of our Services. To protect us, you and your data, we may suspend your use of the Services, without notice if any breach of security is suspected. Access to and use of password protected and/or secure areas of the Services are restricted to authorized users only. Unauthorized access to such areas is prohibited.
This section supplements our Privacy Policy and provides additional disclosures to only those residents of U.S. states or other jurisdictions that may provide additional data privacy rights. Unless otherwise stated at the time of collection, we are the data controller for the Personal Information we process for persons in the EU, UK, and Switzerland as it relates to our Services.
To exercise a privacy right, please contact Us or submit your consumer privacy request here.
The last updated date of this Privacy Policy is set forth at the top of this webpage. We may change the Terms of Use of this Privacy Policy at any time by posting revisions on this webpage or by notifying you of any material changes. We encourage you to return to this webpage frequently so that you are aware of our current privacy practices. This Privacy Policy supersedes all previous versions and by accessing or using the Services, you agree to be bound by all of the terms and conditions of the Privacy Policy as posted on the Services at the time of your access or use.
If you have any questions about this Privacy Policy, please contact us.