Privacy Policy

This Privacy Policy (“Privacy Policy”) describes the data collection practices of Audere, a nonprofit corporation (“Audere”, “we” or “us”)  and how we collect, use, store, process, transfer and protect your personal information. This Privacy Policy applies to the information we collect through all websites maintained by Audere (collectively, “Websites”) as well as all applications (mobile or otherwise) or other software (collectively, “Apps”). This is inclusive of any messaging in connection with Websites or Apps and any other related services (collectively, the “Services”).

1. Consent

Please carefully review this Privacy Policy. By using Audere Websites, Apps or Services, you acknowledge and accept all of the terms and provisions described in this Privacy Policy. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy you should immediately discontinue use of our Services.

2. Use of Cookies

Audere’s websites use “cookies.” Cookies tell us which pages you’ve visited on our websites and help us understand web traffic. We use this information to improve our content and enhance our communications. If you want to disable cookies, you can set your preferences in your internet browser. Please note that if you fully disable cookies, then your experience using our websites may be impacted and functionality may be limited.  

Audere uses the following types of cookies:

  • Strictly Necessary Cookies: These cookies are essential for website use and to prevent cross-site request forgery (CSRF).

  • Performance Cookies: These cookies provide us with information regarding how you use our websites – such as identifying unique visitors and understanding page visits. We use these analytics to better understand user behavior and optimize our content. The information collected cannot be used to personally identify you. These cookies do not track your activity when you leave Audere websites.

3. Collection of information

Information you provide directly to us

i. Personally Identifiable Information. When you leverage Audere Services we may collect Personal Information, such as your address and contact information (e.g. phone number, email, name, etc.).

ii. Personal Health Information. Information regarding your illness conditions, other health-related information, photo captures relevant to medical conditions, and other information that you enter into a questionnaire or features while using our Services.

iii. Participant Care. When you contact the customer support team or correspond with us about our Services, we collect information to track and respond to your inquiry; investigate any breach of this Privacy Policy or applicable laws/regulations; and analyze and improve our Services.

Information that we collect automatically when you use our Services

i. Log and device information. We collect log information about your use of Audere Websites, including the type of browser you use, access times, pages viewed and your IP address. We collect information about the smartphone you use to access Audere Apps, including the hardware model, operating system and version, unique device identifiers and mobile network information.

ii. Web-Behavior Information collected through web tracking technology. We and our third party service providers use web tracking and similar technologies (such as web beacons, tags, scripts and device identifiers).

Information we collect from other sources

Audere may also obtain information from other sources and combine that with the information we collect through our Services. For example, for a service that enables consumer home tests, we may collect information from third party sources on the results of those home tests.

Under the Health Insurance Portability and Accountability Act (“HIPAA”), some of the health care information that Audere receives from its contracted health care providers as part of providing the Services to you may be considered “protected health information” or “PHI”. HIPAA provides specific protections for the privacy and security of PHI and restricts how Audere may use and disclose PHI. To the extent that Audere is a “Business Associate,” as defined by HIPAA, of a health care provider, Audere will enter into a Business Associate Agreement with said healthcare provider that governs Audere’s use and disclosure of PHI.

Other Types of Information

We continuously work to enhance our Services with new products, applications and features that may result in the collection of new and different types of information. We will update our Privacy Policy as needed.

4. How we use your information

We use the information we collect only in the ways that are described in this Privacy Policy.  All use of the information collected is based on your consent as a user. You may withdraw your consent for Audere to use your information at any time by contacting us at privacy@auderenow.org, however, the withdrawal of your consent will not affect the lawfulness of processing your information based on consent before its withdrawal.

To satisfy the purpose for which you provide information

We use the information we collect to provide our Services. These activities may include, among other things, using your information to:

i. communicate with you, and implement your requests;

ii. enable and enhance your use of Websites and Apps, including authenticating your visits and tracking your usage of our Services;

iii. contact you about your account, and any relevant information about our Services (e.g. policy changes, security updates or issues, etc.);

iv. monitor, detect, investigate and prevent prohibited or illegal behaviors on our Services, to combat security risks; and

v. carry out any other purpose described to you at the time the information was collected

To analyze and improve our Services

We use the information we collect to perform research & development activities, which may include, for example, conducting data analysis and research in order to develop new or improve existing products and services, and performing quality control activities.

To provide user support

When you contact us, we may use or request Personal Information, including Personal Health Information, as necessary to answer your questions, resolve disputes, and/or investigate and troubleshoot problems or complaints.

5. Sharing of Information

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction. In addition, you agree that we have the right to disclose personal information that we collect or you provide:

To third-party service providers

We share the information we collect with third party service providers, as necessary for them to satisfy the purposes for which you opted into use of Audere Services. Our service providers act on our behalf. Audere implements procedures and maintains contractual terms with each service provider to protect the confidentiality and security of your information. However, Audere cannot guarantee the confidentiality and security of your information due to the inherent risks associated with storing and transmitting data electronically. We will also disclose your PHI as necessary to enable us, as a Business Associate of a healthcare provider, to perform the Services. 

To sponsors of studies in which you have consented to participate  

If you are using an Audere Service in connection with a third-party sponsored study in which you have consented to participate, the information we collect may be used in such study in accordance with the terms of the study.

To aggregate information

We may share aggregate or de-identified information which cannot reasonably be used to identify you.

As required by law

Under certain circumstances your Personal Information may be subject to processing pursuant to laws, regulations, judicial or other government subpoenas, warrants, or orders. We will preserve and disclose any and all information to law enforcement agencies or others if required to do so by law or in the good faith belief that such preservation or disclosure is reasonably necessary to: (a) comply with legal or regulatory process (such as a judicial proceeding, court order, or government inquiry) or obligations that we may owe pursuant to ethical and other professional rules, laws, and regulations; (b) enforce our rights under the EULA and other policies; (c) respond to claims that any content violates the rights of third parties; or (d) protect the rights, property, or personal safety of Audere, their respective employees, users, clients, and the public. 

To help with public health issues

Audere may use and disclose health information about you to local, state and/or federal public health authorities to prevent the spread of disease and/or to prevent/reduce a serious threat to anyone's health or safety.

In support of business transactions

In the event that Audere goes through a business transition such as a merger, acquisition by another company, or sale of all or a portion of its assets, your Personal Information will likely be among the assets transferred. In such a case, your information would remain subject to the promises made in any pre-existing Privacy Statement.

6. Security measures

Audere takes reasonable physical, technical, and administrative measures to prevent unauthorized access to or disclosure of your information, to maintain data accuracy, to ensure the appropriate use of information, and otherwise safeguard the information we collect. NO DATA TRANSMISSION OVER THE INTERNET OR ANY WIRELESS NETWORK CAN BE GUARANTEED TO BE PERFECTLY SECURED. AS A RESULT, WHILE WE STRIVE TO PROTECT YOUR PERSONAL INFORMATION USING COMMERCIALLY AVAILABLE AND INDUSTRY STANDARD TECHNOLOGY, WE CANNOT ENSURE OR GUARANTEE THE SECURITY OF ANY INFORMATION YOU TRANSMIT TO US, AND YOU DO SO AT YOUR OWN RISK.

  • We produce secure applications by design. We incorporate explicit security reviews in the software development lifecycle, quality assurance testing and operational deployment.

  • De-identification/Pseudonymization. If data is shared with partners, Personally Identifiable Information is stripped from Personal Health Information and is shared as de-identified information. All de-identified information is referenced using a randomly generated ID. 

  • Encryption. We use industry standard security measures to encrypt all Personally Identifiable Information and Personal Health Information both at rest and in transit.

  • Separation of Environments. We ensure test, production, and research environments (as needed to satisfy the purpose for which you provide information) are separated and access to each environment is restricted.

  • Limiting access to essential personnel. We limit access to Personal Information to authorized personnel, based on job function and role. Our access controls include multi-factor authentication.

  • Detecting threats and managing vulnerabilities. We have a vulnerability disclosure program (https://auderenow.org/security), and also have vulnerability scanning in our codebase using automated tools that detect new vulnerabilities that we then patch.

  • Managing third party service providers.  We require service providers to implement and maintain accepted industry standard administrative, physical and technical safeguards to protect Personal Information.

Your Responsibility. Audere cannot secure Personal Information that you release on your own or that you request us to release.

7. Children's privacy

We are committed to protecting the privacy of children as well as adults. Audere Services are NOT designed for, intended to attract, or directed toward children under the age of 18.  We will not knowingly collect information from any child under the age of 18. We ask that minors (under the age of 18) not use Audere Services. If a child under the age of 18 has provided us with information, a parent or guardian of that child may contact us and request that such information be deleted from our records.

8. Linked websites

We provide links to third party websites operated by organizations not affiliated with us. We do not disclose your information to organizations operating such linked third party websites. We do not review or endorse, and are not responsible for the privacy practices of these organizations. We encourage you to read the privacy statements of each and every website that you visit. This Privacy Statement applies solely to information collected by us and our service providers on our behalf.

9. Information for Customers in Designated Countries

Section 8 only applies to individuals located in the European Economic Area (“EEA”), United Kingdom, or Switzerland (the “Designated Countries”).  We aim to take reasonable steps to allow you to correct, amend, delete or limit the use of your personal data.

If you wish to be informed about what personal data we hold about you and if you want it to be removed from our systems, please contact us at privacy@auderenow.org.

In certain circumstances, you have the following data protection rights:

The right to access, update or delete the information we have on you. This can be done by contacting us at privacy@auderenow.org.

The right of rectification. You may have your information corrected if it is inaccurate or incomplete.

The right to object. You have the right to ask us to discontinue our processing of your personal data.

The right of restriction. You are entitled to request that we restrict the processing of your personal information.

The right to withdraw consent. This involves withdrawing your consent at any time where we previously relied on it to process your personal information.

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your personal data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

The rights described above may be limited by local laws. Further, your right of access and deletion is not absolute and may not be available if fulfillment of such right would, among other things:

    • cause interference with execution and enforcement of the law and legal private rights (such as in the case of the investigation or detection of legal claims or the right to a fair trial);

    • breach or prejudice the rights of confidentiality and security of others;

    • prejudice security or grievance investigations, corporate reorganizations, future and ongoing negotiations with third parties, the compliance with regulatory requirements relating to economic and financial management; or

    • otherwise violate the interests of others or where the burden or cost of providing access would be disproportionate.

Complaints. If you believe that we have infringed your rights, we encourage you to contact us so that we can try to address your concerns or dispute informally. 

10. Privacy Notice for California Residents

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of the Audere Website and Audere Services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.  Audere does not disclose any personal information to third parties for their direct marketing purposes.

11. Changes to this Privacy Statement

Audere may amend this Privacy Policy to reflect changes in the law, our organizations, our Services, our data collection use and practices, or advances in technology. Our use of the information we collect is subject to the Privacy Policy in effect at the time such information is used. Depending on the type of change, we may notify you of the change by posting on this page or by email. Please carefully review any changes made to this Privacy Policy.

12. Contact us

If you have questions about this Privacy Policy, or wish to submit a complaint, please email us at privacy@auderenow.org.

Effective date: March 9, 2020