Children's Hospital of Philadelphia Foundation

Last Updated: January 15, 2025

General Information

Children's Hospital of Philadelphia, its successors and assigns, and all of its present and former affiliates (including the Children’s Hospital of Philadelphia Foundation) (collectively, “CHOP”) has created this Privacy Policy to disclose our information-gathering and dissemination practices for our websites (including https://www.chop.edu/), mobile applications, and digital assets offered by us (collectively, our “Services”). The Privacy Policy also describes our practices in connection with information that we collect through offline activities as detailed in this policy. The Privacy Policy should be reviewed in tandem with the Terms of Use, which also applies to the Services.

If you are a resident of a U.S. State or foreign jurisdiction, such as the EU, that provides additional rights concerning your personal information, please review certain disclosures concerning those jurisdictions in the section entitled  “Colorado, Delaware and New Jersey Residents” or “EU, UK and Switzerland Residents.”

Consent

PLEASE REVIEW THIS PRIVACY POLICY CAREFULLY. When you submit information to or through the Services, you consent to the collection and processing of your Personal Information as described in this Privacy Policy.

Where applicable under law, by using our Services and providing us with Personal Information (defined below), you agree to the practices described in this Privacy Policy and to the updates posted here from time to time. If you withdraw consent, you agree that despite withdrawal, CHOP may continue to use your Personal Information previously provided to use to the extent that we are legally or contractually obligated to do so and to the extent necessary to enforce any contractual obligations you may have to us. You also understand that by withdrawing your consent, we may no longer be able to provide you with Services previously available with consent. 

If you consented to receiving email or SMS/text message communications from CHOP, you will continue to do so unless you unsubscribe or opt-out. You may choose to opt out or unsubscribe from receiving future marketing email messages from us. Each marketing and Foundation email sent from us contains a link with instructions on how to remove yourself from our email list.  You may also opt-out of receiving SMS/text messages from us by following the opt-out instructions included in such text messages (e.g., replying STOP).

Information We Collect

Personal information. CHOP may collect Personal Information you provide about yourself or your child through your accessing of the Services and interactions with the Services, such as contacting us through the Services, responding to a survey about your experience with us (including but not limited to your experience using the Services), registering for an event, submitting donations, scheduling or cancelling an appointment, providing referral information, inquiring about or applying for employment opportunities, using the chat functionality on our Careers, MyCHOP, Poison Control and Center for Fetal Diagnosis and Treatment pages, inquiring about or completing continuing education, completing forms as part of the intake process, creating an account with us, or otherwise subscribing to one of our online publications or email newsletters.

CHOP may collect other information about your computer hardware and software, such as browser and device information or information collected through cookies, pixel tags, and other technologies in order to optimize user experience, as discussed in  Cookies and Other Technologies  below. If we are required to treat this information as Personal Information under applicable law, then we may use and disclose it for the purposes for which we use and disclose Personal Information as detailed in this Privacy Policy.

We also contract with our third-party vendors to provide publicly available information to enrich your Personal Information related to donations.

All of this Personal Information is detailed below.

Personal Information You Provide to Us:

In using our Services, you may provide us with Personal Information, including, without limitation, the list below. You may provide us with this Personal Information when you ask us to assist you in seeking general medical assistance.

Identifiers

First and last name, email address, name, home, or work address, and/or telephone number, date of birth, health-related concern, National Provider Identifier (NPI) number, social security number

Government Issued Documents

Driver’s license or passport information, or other documents that establish identity.

Protected Health Information

Protected Health Information (“PHI”) that constitutes health data protected by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA")
For information about how we use and protect your PHI please see our HIPAA Notice of Privacy Practices

Other Person’s Information

Emergency contact information of relatives or other person’s Personal Information

Financial Information

Credit card or other payment information, billing address, transaction history, and other financial documentation
Insurance information

Credentials/Account Log-In Information

Account username and log in credentials, including unique identifiers such as username and password

Comments and Opinions

Survey or content submissions
Reasons why you have selected or heard about our Services
When you contact us directly, by email, phone, mail, text, chat, when you post on message boards, blogs or complete an online form, we may record your comments and opinions

Marketing and Event Information

Participation and registration in events and seminars, opt-in marketing selection, and document or resource download references

Sensitive Personal Information

Such as language preferences, and general or specific health-related information

Job Applicant and Employee Information

Resume, occupation, work samples, benefits, competition requirements, educational history, certifications, protected classifications (e.g., age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, and veteran or military status) , or other information provided in applications for employment
This may also include information about your employing entity, business unit, manager and management reporting structure, job title, function and the nature of your duties and responsibilities, and non-publicly available education information

Communications

Preferences for communications and Services, chats, posts, or interactions and communications with us or our third-party providers

Preferences

Information derived from other Personal Information about you, which could include your preferences, interests, and other information used to personalize your experience
Preferences set for notifications, marketing communications and how our website is displayed

Consent

Additional information as otherwise described to you at the point of collection or pursuant to your consent

Other

Any other information you choose to directly provide to us in connection with your use of products or Services

You are responsible for ensuring the accuracy of the Personal Information you submit to us. Submitting inaccurate Personal Information or failing to maintain the accuracy of Personal Information that changes (for example, a change of email address) may disrupt your ability to use our Services, may affect the information you receive from us, and may impact our ability to contact you. You can update your Personal Information at any time by logging into and visiting your user account page, as applicable, or  contact us.

Personal Information We May Automatically Collect About You:

Our Services may automatically collect certain Personal Information. We may collect Personal Information automatically through your use of our Services, including the website, such as through the use of cookies, through security monitoring and recording at our offices and facilities, on phone calls, and through third parties. We use this information to help us design our Services to better suit our users’ needs and for other business purposes as described in this Privacy Policy.

This Personal Information may include:

System and Device Information

We collect information about the computer, tablet, smartphone, or other electronic device you use to connect to our Services.
Every computer on the Internet has a unique address called an Internet Protocol (“IP” Address). An IP Address is just like a telephone number in that it is a long string of numbers and/or letters. IP Addresses are automatically assigned to all Internet Users by their Internet Service Providers (“ISP”). However, since it would be difficult to remember everyone’s IP Address, the Internet allows you to type in an easy to remember name, i.e., a domain name or e-mail address which corresponds to the IP Address. When you use the Internet, your IP Address, as well as other information is automatically logged by web servers.
Along with your IP Address, we collect browser type and language; operating system; platform type; device type; software and hardware attributes; and unique device, advertising, and app identifiers.
Internet or other electronic network activity information, including browser and app logs, content you view or engage with, and app, browser, and device information.
Domain server from which you are using our Services.
Type of computer, web browsers, software, search engine used, operating system, or platform you use.
Mobile device information, including the type of device you use, operating system version, your device’s telephone number (if it has one), the device identifier (or “UDID”). This also includes behavior, use, and aggregated usage, performance data, and from where the application was downloaded.
Location information related to the IP address of devices used to access the Services, type of browser software, operating system, or mobile device in use, associated region or location data, Internet domain and service provider used, and referring/exit pages from which you linked to our Services.

Date and Time

Date and time of your visit or use of our Services.

Activity

Data identifying the website pages you visited prior to and after visiting our website or use of our Services.
Your movement and activity within the website, which is aggregated with other information.
For example, the website from which you came and the website to which you are going when you leave our website, how frequently you access the Services, the time you access the Services and how long you use them, whether you open emails or click the links contained in emails, whether you access the Services from multiple devices, interaction with email content, access times, error logs, and other similar information, and other actions you take on the Services. Information about files you download, domain names, landing pages, browsing activity, content or ads viewed and clicked, dates and times of access, pages viewed, forms you complete or partially complete, search terms, uploads or downloads, the URL that referred you to our Services.

Location Related Information

General (not precise) Location data

Social Media

Information provided by social networks connected to the Services, in accordance with your privacy settings on the social media platform. The connected social network may provide us with information such as your name, ID, profile picture, network, gender, username, user ID, email address, friend list, age or age range, language, country, friends list, follower list, photos, location, generated contact, and any other information you have agreed it can share or that the social network provides to us. It also includes information you provide to us directly through our Services on social media networking and blogging platforms (e.g., Facebook, Instagram, YouTube, and Twitter).
Inferences drawn from any of the information identified above reflecting your preferences and characteristics.

Personal Information We May Receive from Third Parties:

We may collect additional Personal Information about you from our affiliates, partners or vendors, third-party websites, social media platforms, such as, but not limited, to Facebook, Twitter, Instagram, LinkedIn (“Social Media Platforms”), and/or sources providing publicly-available information (e.g., from the U.S. Postal Service) to help us provide the Services to you, confirm, enhance, or supplement our existing information about you (e.g., with your consent, background checks for credit history), help prevent fraud, maintain security, and for fundraising and other business purposes.

Personal Information we may access about you, with your consent, may include, but is not limited to, your basic social media platform information and certain information about your activities on the social Media Platform. This information is used by CHOP for the operation of our Services, to maintain quality of the service, and to provide general statistics regarding the use of CHOP Services. Please keep in mind that when you provide Personal Information through CHOP public message boards or on a third-party website or platform (for example, via our applications), the information you provide may be separately collected by the third-party website or the social media platform. Note: CHOP does not read any of your private online communications.

We may also collect Personal Information to perform our Services, including billing, public filings, and other information available from third-party websites.

We also contract with third party vendors to provide publicly available information to enrich your personal information specifically related to donations.

The Personal Information we collect is covered by this Privacy Policy, and the information the third-party website or social media platform collects is subject to the third-party website or platform’s privacy practices. We encourage you to review the privacy statements of websites you choose to link to from CHOP so that you can understand how those websites collect, use, and share your Personal Information. CHOP is not responsible for the privacy statements or other content on websites outside of CHOP. You are responsible for reading those privacy statements on third party websites.

Cookies and Other Technology

The Services use “cookies” during a site visit. A cookie is a small file containing a string of characters that is sent to your computer when you visit a website or use an online service. When you visit CHOP’s websites or use the Services again, the cookie allows that website or online service to recognize your browser or device. Cookies may store unique identifiers, user preferences, and other information. We may use “session cookies” or “persistent cookies.” Session cookies are temporary and expire once you close your browser or once your session ends. Persistent cookies remain on your device for much longer or until you or your browser erase them. Persistent cookies have varying durations that are dependent on their expiration date. Cookies are used by the Services in the following ways:

Strictly necessary cookies – for usability purposes and to comply with subscription preferences that our visitors have given us. No personal identifying data is collected and the “cookie” is erased when the visit ends.
Analytical cookies and scripts – the Services uses analytical cookies and scripts to measure website use and performance, including possible recording of user sessions on the Services.  
Functional cookies – these cookies remember choices you make (e.g., the country you visit our Services from, your language and any changes you have made to text size or other parts of web pages that you can customize), to improve your experience of our Services and to make your visits and use more tailored and enjoyable. The information these cookies collect may be anonymized and cannot be used to track your browsing activity on other websites.
Tracking cookies – the Services and some of our third-party service providers may also use tracking “cookies” on a limited basis to measure the effectiveness of our advertising and to deliver targeted advertising to users who have visited specific pages of the Services.  For example, we may use Google Tag Manager, Google Ads, or Google Ad Grants on the Services’ donation pages for our fundraising purposes (e.g., to track constituents who interacted with our ads on external sites). To learn more about how Google uses data, visit Google’s Privacy Policy and Google’s page on “How Google uses data when you use our partners’ sites or apps.” You may download and install the Google Analytics Opt-out Browser Add-on for each web browser you use. Using the Google Analytics Opt-out Browser Add-on does not prevent the use of other analytics tools.  Where videos are embedded on the Services, some of our third-party service providers may also collect video viewing information and your device ID or other identifier.  You can turn off cookies in your browser preferences at any time without affecting performance of the Services if you wish to do so.

Web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to manage and delete cookies, visit www.allaboutcookies.org. To manage cookies on the Services, please visit our cookie preference tool. 

To find out how to manage cookies on popular browsers, please visit:

Google Chrome
Microsoft Edge
Mozilla Firefox
Microsoft Internet Explorer
Opera
Apple Safari

Some web browsers provide settings that allow a user to reject cookies or to alert a user when a cookie is placed on the user’s computer, tablet or mobile device. Most mobile devices also offer settings to reject mobile device identifiers. Although users are not required to accept cookies or mobile device identifiers, blocking or rejecting them may prevent access to some features available through the Services.

In addition to cookies, we may use the following data collection tools to provide you with a more consistent and personalized experience when interacting with us, to provide you with information about opportunities to donate to CHOP, and to remind you to complete any registrations or donations you may have started on the Services:

Log File Data. The Services may collect the IP address of website visitors, as well as aggregate information about site traffic and server load. We may use this Personal Information to maintain and improve the Services. We may also store IP addresses and host names for auditing and security purposes.
Pixels. We may utilize pixels both on certain aspects of the Services and in HTML-formatted email messages to you. These monitoring tools may be used for the purpose of, among other things, measuring the success of our marketing campaigns, compiling statistics about the Services’ usage, and tracking the activities of users of the Services and email recipients. For instance, we may use Meta Pixels, TradeDesk Tracking Tags, Bing Pixels on the Services’ donation pages to collect or receive Personal Information from such pages and elsewhere on the Internet to use this data to enable us to create targeted ads to provide you with information about opportunities to donate to CHOP, and to remind you to complete any registrations or donations you may have started on the Services and measure the effectiveness of our ads.
Flash Cookies. We may use local shared objects, also known as flash cookies, to store your preferences such as volume control or display content based upon what you view on our site to personalize your visit. Third parties, with whom we partner to provide certain features or to display advertising based upon your browsing activity to provide you with information about opportunities to donate to CHOP, and to remind you to complete any registrations or donations you may have started on the Services, use flash cookies to collect and store information. Flash cookies are different from browser cookies because of the amount and type of data stored and the method of storing this data. Cookie management tools provided by your browser will not remove flash cookies.

For flash cookies, you can access flash management tools from Adobe’s website. In addition, some, but not all, browsers provide the ability to remove local shared objects within cookie and privacy settings.

Web Beacons. Website pages may contain small electronic files or scripts known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages and for other related statistics (for example, recording the popularity of certain content and verifying system and server integrity). We also use these technical methods to analyze the traffic patterns, such as the frequency with which our users visit various parts of the Services. These technical methods may involve the transmission of information either directly to us or to a third party authorized by us to collect information on our behalf. Our Services may use retargeting pixels from Google, Facebook, and other ad networks to provide you with information about opportunities to donate to CHOP, and to remind you to complete any registrations or donations you may have started on the Services. We may also use web beacons in HTML emails that we send to determine whether the recipients have opened those emails and/or clicked on links in those emails.

Please note that third-party tracking technologies such as tracking cookies and pixels are not used on Chop.edu webpages focused primarily on patient care or on authenticated websites or apps.

How We Use Your Information

CHOP may collect and use your information through the Services:

To provide, operate and manage the Services;
To provide newsletters and other communications;
To communicate with you, including in response to the inquiries you make through the chat functionality on our Careers, MyCHOP, Poison Control and Center for Fetal Diagnosis and Treatment pages, about medical information in response to your inquiries and/or to share information about donations, employment opportunities, or CHOP’s Services you have requested;
If you are a health care provider, to communicate with you in response to your inquiries and/or to share information about CHOP’s Services;
To process your donations and event registration, including to notify you of your registration status and provide a receipt for the donation;
To process your employment application;
To connect you with and register you for continuing education courses and other education-related modules;
To schedule or cancel your appointments;
As part of the intake process;
To improve and personalize the Services, including to improve and personalize the performance, content, and layout of our web pages;
To help us engage with persons who may wish to donate to the CHOP foundation;
To serve targeted, personalized advertising to remind you to complete any registrations or donations you may have started on the Services, or to otherwise donate to CHOP, and to measure how effective our fundraising and/or marketing campaigns are;
To direct you to specific content based on the way you interacted with the website;
As otherwise disclosed at the time of collection or use;
To solicit feedback related to CHOP Services;
For customer service, security, to detect fraud or illegal activities, and for archival and backup purposes in connection with the provision of the Services;
To monitor and analyze trends, usage, and activities;
To comply with our legal obligations and exercise our legal rights; and/or
For any other purposes specified at the point of collection.

Sharing of Personal Information

CHOP may share your Personal Information collected through the Services in the following ways:

With Third-Party Service Providers Performing Services on Our Behalf. We may share your Personal Information with our service providers to perform the functions for which we engage them. For example, we may use third parties to host the Services or assist us in providing functionality on the Services (such as the chat functionality on our Careers, MyCHOP, Poison Control and Center for Fetal Diagnosis and Treatment pages), provide analytics on the Services, process your donations, serve targeted advertisements to remind you to complete any registrations or donations you may have started on the Services or to let you know about donation opportunities, send out our newsletters or email updates about the Services or send SMS/text messages to you. By using our Services, you authorize us to share information regarding your account and your use of our Services, including audiovisual viewing information, video titles and video descriptions with digital distributors and other online platforms to which you are connected. You understand that those digital distributors will use your Personal Information in accordance with their privacy notices and applicable terms and conditions and that CHOP will use your Personal Information in accordance with this Privacy Policy and the applicable Terms of Use.
With our Business Partners. We may share Personal Information with our business partners so CHOP and its business partners can provide you with information about causes and campaigns or products and services that may be of interest to you.
For Legal and Administrative Purposes. We also may share Personal Information that we collect from users as needed to enforce our rights, protect our property or protect the rights, property, or safety of others, or as needed to support external auditing, compliance, and corporate governance functions. We will disclose Personal Information as we deem necessary to respond to a subpoena, regulation, binding order of a data protection agency, legal process, governmental request or other legal or regulatory process. We may also share Personal Information as required to pursue available remedies or limit damages we may sustain, or to enforce or apply our Terms of Use, or to verify the identity of a user of our Services.
Changes of Control. We may transfer or assign information, including your Personal Information, in connection with a merger, acquisition, reorganization, liquidation, change in control, or other sale by or of us or any affiliated entity (in each case whether in whole or in part).
Safety and Security. We may share your Personal Information to protect the safety and security of our users and customers, to prevent fraud, abuse, or unauthorized activities, to protect the rights of property of us, third parties, you, or others, including enforcing the terms of our agreements.
Business Purposes. To fulfill our everyday business purposes.
With Your Consent. We may share Personal Information consistent with this Privacy Policy with your consent.
Lawful Purpose. For other purposes permitted by law.

How We Secure and Retain Your Personal Information

CHOP uses commercially reasonable security measures designed to help safeguard against unauthorized intrusion to the Services and the alteration, acquisition, or misuse of Personal Information. The measures we use are intended to provide a level of security appropriate to the risk of processing your Personal Information and to help ensure that your data is safe and secure. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. We do not guarantee that your Personal Information will not be misused by third parties. We are not responsible for the circumvention of any privacy settings or security features. You agree that we will not have any liability for misuse, access, acquisition, deletion, or disclosure of your Personal Information. If you have reason to believe that your interaction with us is no longer secure, please immediately contact us.

Use of the Services is subject to the Terms of Use. To the extent you provide Personal Information through the Services, you agree to the disclaimers and indemnification provisions set forth in the Terms of Use.

It is your responsibility to maintain the confidentiality of your log-in credentials and unique identifiers used to access the Services. You are also responsible for ensuring the accuracy of the Personal Information you submit to CHOP. Submitting inaccurate Personal Information or failing to maintain the accuracy of Personal Information that changes (for example, a change of email address) may disrupt your ability to use our Services, may affect the Services you receive from us, and may impact our ability to contact you.

Passwords

You are responsible for taking all reasonable steps to ensure that no unauthorized person shall have access to your CHOP passwords or accounts. It is your sole responsibility to: (1) control the dissemination and use of activation codes and passwords; (2) authorize, monitor, and control access to and use of your CHOP account and password; and (3) promptly inform us of any need to deactivate a password.

Data Retention and Disposal

CHOP will retain your Personal Information in a reasonably necessary manner that is needed to provide you with our Services in accordance with the purpose for which it was collected, processed, or for another disclosed purpose. CHOP will also retain and use your Personal Information as necessary to comply with our legal obligations, including any applicable rules on statute of limitations, any relevant litigation, or regulatory investigations, to enable us to defend or bring potential legal claims, resolve disputes, enforce our agreements, and in accordance with our routine recordkeeping that considers the duration of your use of our Services. We are under no obligation to store Personal Information indefinitely. We disclaim any liability arising out of, or related to, the disposal of your Personal Information.

Data Storage and Transfers

We operate in the United States and on a more limited basis around the world. Your Personal Information may be transferred to and processed in any country in which we provide Services or engage service providers or licensed independent contractors. These countries may be outside the United States and may have different data protection laws than in the United States.

Thus, we transfer your Personal Information to third parties as stated in this Privacy Policy, and some of these parties may be in countries other than your own, whose privacy and data protection laws may not be equivalent to those in your country of residence.

When we transfer your Personal Information to other countries, we apply appropriate safeguards to protect your Personal Information and comply with applicable laws. If you have questions about how we transfer your Personal Information, please contact us.

Security Reminder

Be aware that third party actors attempt to acquire Personal Information through some illegal actions such as phishing.  If you receive a call, text, email, or social media that you cannot verify is from CHOP asking for Personal Information, do not respond and do not share your Personal Information. If you have questions, call your CHOP provider using a phone number you know is legitimate, or contact us through MyCHOP.

User Choices

You may decide to subscribe to one of our short code mobile message programs (the “Program”) to receive SMS/text messages from CHOP. If you choose to opt-in and consent, such as by providing your telephone number to us and clicking submit online, we will collect information about your interactions with the SMS/text messages that we may send to you from time to time as part of the Program(s) in which you are enrolled.

By providing your telephone number and clicking submit online, you agree to this Privacy Policy, and authorize us to make or initiate fund-development calls, text messages and prerecorded voicemails to that phone number using an automated system. Your agreement is not a condition of purchasing any products, goods or services. Message & data rates may apply, and message frequency may vary.

CHOP does not sell information that we obtain from you through our Program, including personal information you submit to us online to consent and opt-in to the Program, and we do not share that information with non-affiliated third parties for any purpose other than to provide the services, and other information requested by you, or to fulfill our legal obligations.

You may opt out of receiving our newsletters, communications, or development appeals by following the unsubscribe instructions provided in any such messages (e.g., clicking unsubscribe in an email or replying STOP for SMS/text messages).

You may also unsubscribe by contacting us.

Please note that if you opt out of receiving our newsletters, this does not impact other transactional and administrative messages which you will continue to receive (such as emails relating to this Privacy Policy or emails or SMS/text messages responding to your inquiries).

Do Not Track

The Services do not currently take any action when it receives a Do Not Track request. Do Not Track is a privacy preference that you can set in your web browser to indicate that you do not want certain information about your webpage visits collected across websites when you have not interacted with that service on the page. For details, including how to turn on Do Not Track, visit www.donottrack.us.

Children's Privacy

The Services are intended for adults and young adults aged sixteen (16) and over. The Services are not intended for or designed to attract persons under the age of sixteen (16). We do not permit registration by, nor do we directly collect Personal Information from any person we know to be under the age of sixteen (16).

Links to Other Sites

This Privacy Policy applies only to your use of the Services. The Services contain links to other sites, including sites that may indicate a connection to or business relationship with us, including but not limited to Classy (used to receive and process donations to CHOP) and DonorDrive (used to facilitate registration for Foundation events). Similarly, the MyCHOP Mobile Application is operated by a third party, Epic Systems Corporation. We are not responsible for the privacy practices of such other sites or operators. You should read the privacy notices of each site you visit or mobile application you access to determine what Personal Information that site may be collecting about you.

California Residents

Under California Civil Code Section 1798.83, also known as California’s “Shine the Light” law, California residents with whom we have an established business relationship are entitled to request and receive, free of charge, once per calendar year, information about the customer information we shared, if any, with other businesses for their own direct marketing uses in the previous calendar year. To request a copy, please contact us. Please be aware that not all information sharing is covered by the “Shine the Light” law requirements and only information on covered sharing will be included in our response.

Colorado, Delaware and New Jersey Residents

This section of the Privacy Policy is supplemental and provides disclosures in addition to those made elsewhere in this Notice. This additional information is specific to Colorado, Delaware, and New Jersey residents. The categories of Personal Information we process about you is set forth in the sections entitled “Information We Collect” and “Cookies and Other Technology.” The purposes for processing such Personal Information are set forth in the section entitled “How We Use Your Information.” We share the Personal Information we process about you with the third parties set forth in the section titled “Sharing of Information.”

Under the Colorado Privacy Act (“CPA”), the Delaware Personal Data Privacy Act (“DPDPA”) and the New Jersey Privacy Act (“NJPA”), you may have the following data protection rights:

Confirm whether we are processing your Personal Information and access such Personal Information;
Correct inaccuracies in your Personal Information, taking into account the nature of the Personal Information and the purposes of the processing of your Personal Information;
Delete Personal Information provided by, or obtained about you;
Obtain a copy of your Personal Information we process, in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance; and
Opt out of the processing of Personal Information for purposes of:
Targeted advertising;
The sale of Personal Information; or
Profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.

Please note that we do not engage in profiling in furtherance of decisions that produce legal or similarly significant effects concerning you, as defined by the CPA, the DPDPA, or the NJPA.

You may exercise the rights set forth above by contacting us online, or by mail at Office of Compliance & Privacy, Roberts Center for Pediatric Research, 2716 South Street, 20th floor, Philadelphia, PA 19146 with “CPA Request” or “DPDPA Request” or “NJPA Request” on the subject line and in the body of your message.

In the event we deny your request, you may appeal our denial by contacting us in the same manner by which you submitted your request with “CPA Appeal” or “DPDPA Appeal” or “NJPA Appeal” on the subject line.

Our processing of your Personal Information via cookies and other technology as set forth in the section entitled “Cookies and Other Technology” may qualify as a “sale” and processing for targeted advertising purposes under the CPA, the DPDPA, and/or the NJPA. To opt out of certain sharing of Personal Information with our third-party analytics and digital advertising service providers, please Contact Us. Additional information about how to control cookies through your browser functionality is provided in the section entitled “Cookies and Other Technology.”

EU, UK, and Switzerland Residents

This section of the Privacy Policy is supplemental and provides disclosures in addition to those made elsewhere in this Notice. This additional information is specific to residents of the European Union (“EU”), the United Kingdom (“UK”), and Switzerland. CHOP acts as a controller with respect to “personal data” (used interchangeably in this section with “Personal Information” in the Notice) that it collects through the Services, as defined by the General Data Protection Regulation 2016/679 (“GDPR”), any national law of an EU member state adopted pursuant to the GDPR, the United Kingdom Data Protection Act of 2018, the UK’s General Data Protection Regulation (“UK GDPR”), and the Switzerland Federal Act on Data Protection (collectively, “Data Protection Laws”).

We collect the types of personal data referenced in this Notice and process and share such information to provide the Services to you. Our legal basis for processing your personal data includes one or more of the following:

Performance of Contract. We may use your information to perform our contractual services or prior to entering into an agreement with you. If you use the Services, we use your information to provide to you the features and functionality of the Services, including for customer service.
Legitimate Interest. We may use information for our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms. For instance, we may use your personal data to contact you and respond to your requests and inquiries, to administer our business, to identify prevent and detect fraud or to pursue or defend ourselves against legal claims.
Consent. We may use your personal data with your consent. In these instances, we will ask you to grant us consent to use your information. You are free to grant or deny permission. If you deny permission, we will not be able to process your information to conduct the activity to which the consent relates. For example, we will not be able to send you marketing materials that you request. You are also free to withdraw your consent at any time. A withdrawal of consent will not affect processing that has been completed during the time in which the consent was valid. If you have granted us consent to use your information, we will use it only for the purposes specified when we request your consent. This includes use for our marketing campaigns. If you sign up for our newsletter, you allow us to use your email address for marketing related to our Services. We will use your personal data to send you emails containing newsletters. You may unsubscribe from such emails at any time by following the link to unsubscribe at the bottom of our marketing emails. You may also contact us.
Public Interest or Official Authority. We may use your personal data for use in CHOP clinical trials as necessary for the performance of a task carried out in the public interest. The processing of personal data in the context of clinical trials can be considered necessary for the performance of a task carried out in the public interest when the conduct of clinical trials directly falls within the mandate, missions, and tasks vested in a public or private body by EU or national law.
Fulfillment of Legal Obligations. We may use your information to comply with our legal obligations. To comply with regulations, laws, or any authority requests, we may disclose your personal data to authorities or other officials or otherwise process your information pursuant to legal obligations we are subject to (e.g., retain certain information according to tax or commercial laws, respond to your requests to exercise your rights under Data Protection Laws).

Under Data Protection Laws, if you are an EU, UK, or Swiss resident, you may have the following privacy rights, which you may exercise by contacting us online, or by mail at Office of Compliance & Privacy, Roberts Center for Pediatric Research, 2716 South Street, 20th floor, Philadelphia, PA 19146 with “GDPR Request” on the subject line and in the body of your message:

Right of Access. You may have the right to obtain confirmation as to whether your personal data is being processed, as well as access to the personal data along with certain information, including the purposes of the processing, the categories of personal data concerned and the recipients or categories of recipients to whom the personal data have been or will be disclosed.
Right to Rectification. You may have the right to rectify your inaccurate personal data and to complete any incomplete personal data, including by means of providing a supplementary statement.
Right to Erasure or Right to be Forgotten. You may have the right to erase your personal data under certain circumstances.
Right to Restrict Processing. You may have the right to restrict our processing of your personal data under certain circumstances.
Right to Object. You may have right to object, on grounds relating to your particular situation, at any time to our processing of your personal data, which is based on public interest or our legitimate interests, including the profiling of data. In this case, we will stop processing your data, except for where we have compelling legal grounds for the processing which override your interests, rights and freedoms, or for the exercise or defense of possible legal claims. You also have a right to object to the processing of your personal data for direct marketing purposes.
Right to Data Portability. Under certain circumstances, you have the right to receive your personal data that you provided to us in a structured, commonly used and machine-readable format, and have the right to transmit such data to another controller without hindrance from us.
Right to Withdraw Consent. If you have provided us with your consent for the processing of your personal data, you may withdraw your consent at any time to stop any further processing.
Rights in Relation to Automated Decision-making and Profiling. You may have rights to not be subject to a decision based solely on automated processing, including profiling.
Right to Lodge a Complaint. You may have a right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates the Data Protection Laws. We would, however, appreciate the opportunity to address your concerns before you approach a data protection regulator, and would welcome you directing an inquiry first to us by contacting us.

Personal data we collect through and in connection with the Services is currently processed in the United States by us or by a party acting on our behalf. When you provide personal data to us through the Services, you consent to the transfer of your data to, and processing of your data in, the United States. The Services are currently hosted in the United States. We will transfer your personal data to the United States through the use of appropriate safeguards as required by Data Protection Laws.

As stated in the “How We Secure and Retain Your Personal Information” section above, we will retain personal data for so long as we, in our sole discretion, believe is necessary or appropriate: (a) to fulfill the purpose(s) for which such information was collected, or (b) to comply with applicable laws, contracts, or other rules or regulations. You may submit a request to delete your personal data by contacting us.

We employ reasonable technical and organizational security measures designed to help protect the security of information submitted through the Services. However, no electronic transmission over the Internet or information storage technology can be guaranteed as 100% secure. We are not responsible for any interception or interruption of any communications through the Internet or for changes to or losses of data. Users of the Services are responsible for maintaining the security of any password, user ID, or other form of authentication involved in obtaining access to password protected or secure areas of any of our Services. To protect us, you and your data, we may suspend your use of the Services, without notice if any breach of security is suspected. Access to and use of password protected and/or secure areas of the Services are restricted to authorized users only. Unauthorized access to such areas is prohibited.

Additional Disclosures Based on Where You Live

This section supplements our Privacy Policy and provides additional disclosures to only those residents of U.S. states or other jurisdictions that may provide additional data privacy rights. Unless otherwise stated at the time of collection, we are the data controller for the Personal Information we process for persons in the EU, UK, and Switzerland as it relates to our Services.

Right to Know/Access: The right to request that we disclose to you the Personal Information we collect, use, or disclose, and information about our data practices.
Right to Request Correction/Ratification: The right to request that we correct inaccurate Personal Information that we maintain about you.
Right to Request Deletion/Erasure: The right to request that we delete your Personal Information that we have collected from or about you.
Right to Opt Out/Withdraw Consent: The right to opt out of the sale or sharing of Personal Information or opting out of processing of your Personal Information obtained from your activities on nonaffiliated websites or online applications for the purposes of targeted advertising. You may also object to automated decision making.
Right to Object To, Limit Use and Disclosure/Restrict Processing. The right to limit the use and disclosure of Personal Information, including transfers of your information to other parties.
Right to Data Portability: The right to receive the Personal Information collected in a format easily understandable and in a usable format.
Right to Non-Discrimination: The right not to receive discriminatory treatment for exercising your privacy rights.

To exercise a privacy right, please contact Us or submit your consumer privacy request here.

Changes to this Privacy Policy

The last updated date of this Privacy Policy is set forth at the top of this webpage. We may change the Terms of Use of this Privacy Policy at any time by posting revisions on this webpage or by notifying you of any material changes. We encourage you to return to this webpage frequently so that you are aware of our current privacy practices. This Privacy Policy supersedes all previous versions and by accessing or using the Services, you agree to be bound by all of the terms and conditions of the Privacy Policy as posted on the Services at the time of your access or use.

Contact Information

If you have any questions about this Privacy Policy, please contact us.