AlphaNet, Inc. Privacy Notice
Last Revised: April 16, 2019
At AlphaNet, Inc. (referred to as “AlphaNet”, “it”, “we”, “us” or “our”) we are committed to the lawful, fair, and transparent collection and use of your personal data. We respect the privacy of our supporters, including subscribers, members of AlphaNet mailing lists, program participants, or visitors to alphanet.org, bfrg.alphanet.org, or professional.alphanet.org (the “Websites”). Therefore, we have established this Privacy Notice (“Notice”) to help you understand how we collect, use, store, share, and protect your personal data.
This Notice tells you about:
How you can access and control your data (for individuals residing in the EEA)
Who we are and how to contact us
AlphaNet is committed to providing resources to those diagnosed with Alpha-1 and funding research to find a cure. We are incorporated in Florida as a not-for-profit health management corporation and are registered with the IRS as a 501(c)(3) charitable organization.
With respect to the personal data collected by AlphaNet, AlphaNet is a controller for purposes of the General Data Protection Regulation (“GDPR”).
If you have questions about this Notice, please contact the AlphaNet Privacy Officer at:
AlphaNet Privacy Officer
3300 Ponce de Leon Boulevard
Coral Gables, Florida 33134
1 (800) 577-2638 x267
When this Notice applies
This Notice applies to personal data received by AlphaNet both online and offline, including through our Websites, deep links associated with our Websites, as well as any electronic, written, or oral communications.
The personal data we collect about you and how it is collected
We collect the following information in the following ways:
When voluntarily submitted
AlphaNet collects personal data that you voluntarily provide to us through your decision to create an account, become an AlphaNet Subscriber, participate in our Alpha-1 Disease Management and Prevention Program, our REACH program, or our Continuing Nursing Education Program. This may include your first and last name, date of birth, gender, phone number(s), email address, physical and/or mailing address, country of residence, information regarding your marketing preferences, your username and password, and an answer to a secret question for security purposes, which may reveal personal data.
The decision not to provide us with certain personal data may limit your ability to use some of the functions on our Websites, including the ability to create an account, register for programs and events, participate in the Continuing Nursing Education Program, or participate in certain activities such as to sign up for a newsletter, or apply for a job/volunteer position.
We also collect some sensitive data related to your health when you create an account with us. Specifically, we will ask you for your Alpha-1 status. We collect this information in order to provide you with the best and most tailored services possible.
When you become an AlphaNet subscriber, participate in our Alpha-1 Disease Management and Prevention Program, or our REACH Program, you are assigned an Alpha-1 Coordinator based on your geographic location (currently limited to the United States). Alpha-1 Coordinators provide a range of services, which may include but are not limited to things such as general support, education and assistance with augmentation therapy infusion issues and supplies, and information on research studies. Your Alpha-1 Coordinator will not ask you for sensitive data unless it is necessary to provide a one of our services. For example, we may collect your doctor’s name and contact information and your prescription information in order to service your Aralast, Glassia, Prolastin, or Zemaira supply and to maintain quality assurance. Your decision to use this service and provide us with this information is completely voluntary.
We will not ask you for sensitive data unless it necessary to provide you with the services you have signed up for and you should not provide sensitive data to us unless we specifically request it.
When you visit and navigate through our Websites, some data that is considered personal data is automatically collected. This includes the following:
Internet Protocol (IP) address: When you visit our Site, we may view the IP address of the device you use to connect to the Internet. We use this information to determine the general physical location of the device and understand from what geographic regions our website visitors come. We also may use this information to enhance our Site.
How we use your personal data
We may use your personal data for the purposes listed below. For purposes of the GDPR, we have also identified our legal basis for each specified use where applicable:
- To allow us to deliver the type of content and services that you request (based on your consent, which you may revoke at any time);
- To allow us to send you crucial information such as information related to emergency preparedness and what to do in the event of natural disaster such as a wildfire (necessary for our legitimate interests in providing the best services and resources possible);
- To assign you an AlphaNet Coordinator (based on your consent, which you may revoke at any time);
- To provide your AlphaNet Coordinator with your name and contact information, in order for the Coordinator to contact you (based on your consent, which you may revoke at any time);
- To provide your AlphaNet Coordinator with certain personal data in order to provide health management services such as your Alpha-1 diagnosis, your doctor’s name and contact information, your insurance information, and your prescription information in order to assist where possible with facilitating the delivery of your infusion and infusion supplies of Aralast, Glassia, Prolastin, or Zemaira and to maintain quality assurance (based on your consent, which you may revoke at any time);
- To send you important information regarding our relationship with you, including information about our Websites, changes to this Notice, our terms, conditions, and policies, and other administrative information (necessary for our legitimate interests in order to run our business; necessary for the performance of a contract with you; necessary to comply with a legal obligation);
- To provide you with informational and marketing materials related to AlphaNet’s news, events, and services (based on your consent, which you may revoke at any time);
- For business purposes, such as data analysis, audits, record keeping, developing new products or services, enhancing the Websites, improving our services and internal systems, identifying usage trends on the Websites, and optimizing your experience on the Websites (necessary for our legitimate interests in order to run our business, provide administration and IT services, network security, to prevent fraud);
- To comply with applicable law, court order, subpoena, dispute resolution process, or legal process served on us (necessary to comply with legal oblations);
- To defend any legal action or threatened legal action without consideration for whether such legal action or threated legal action is eventually determined to be with or without merit (necessary for our legitimate interest in defending against a legal action);
- For those participating in AlphaNet’s Continuing Nursing Education Programs, available only U.S. registered nurses, to register you for the course and document and verify your completion as required by the accrediting agency.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you would like an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at email@example.com.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Managing your marketing preferences
Periodically, we may send you marketing information to let you know about new services from AlphaNet. At any time, you may withdraw your consent to be contacted for marketing purposes by (1) adjusting your marketing preferences in your profile, (2) by following the opt-out instructions on any marketing message sent to you, or (3) by contacting us at any time.
Disclosures and transfers of your personal data
We share your personal data with our AlphaNet Coordinators in order to provide the services you ask us to provide. AlphaNet Coordinators can only access the personal data for their assigned subscribers. AlphaNet Coordinators may also access the person data for subscribers assigned to another Coordinator when that Coordinator is temporarily unavailable due to circumstances such as sick leave or vacation. In such a case, the Coordinator temporarily assigned to a subscriber will have access to the subscriber’s personal data only for the duration of the temporary assignment.
We may share your personal data with certain service providers in order to service your Prolastin supply and maintain quality assurance. Specifically, this exchange is with Eversana.
We may also share your personal data to comply with legal requests where disclosure is required or permitted by law, regulatory requirements, tax, accounting or reporting requirements such as, for example, to provide documentation on funding sources in connection with a review or audit of our compliance with U.S.C. Sec. 501(c)(3).
We do not share personal data between AlphaNet, Inc. and any of our partners at the Alpha-1 Foundation, Grifols, CSL Behring, and Shire. However, we may share anonymous data with third parties, which removes such data from the scope of data protections laws.
The security of your personal data
Our employees have been trained to protect your personal data. To that end, we’ve established physical, technical, and procedural safeguards to protect your personal data. Security measures in place are expected to protect against the loss, misuse and alteration of the information under our control. In addition, we limit access to your personal data to those AlphaNet Coordinators and other third parties who have a business need to know. They will only process your personal data on our instructions.
Note that because the transmission of data over the Internet is not completely secure, we cannot guarantee that your data is secure when you transmit information to us through our Websites and you acknowledge that you make such transfers at your own risk.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements, such as, for example, to provide documentation on funding sources in connection with a review or audit of our compliance with U.S.C. Sec. 501(c)(3).
We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
When it is no longer reasonably necessary to retain your personal data, we will either delete or anonymize your personal data or, if this is not possible, we will securely store your personal data and isolate it from any further use until deletion is possible. We may dispose of any data in our discretion without notice, subject to applicable law.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
How you can access and control your data (for individuals residing in the EEA)
Individuals residing in the EEA are afforded special rights pursuant to the GDPR. The rights are as follows:
- The right to access data – We will determine whether we are processing any of your personal data and if so, provide you a copy of that information.
- Right to correct inaccurate data – If you find that the personal data we are processing about you is incorrect, please let us know how it should be corrected. To the extent we have shared your personal data, we will take steps to inform recipients of the correction unless it is impossible or involves a disproportionate effort. If applicable, and upon your request, we will also tell you with whom we have shared your personal data so you may contact them directly.
- Right to delete information – In some limited circumstances, you can ask us to delete the personal data we store about you. To the extent we have shared your personal data, we will take steps to inform recipients of your request when it is possible. If applicable, and upon your request, we will also tell you with whom we have shared your personal data so you may contact them directly.
- Right to data portability – When you have provided personal data directly to us, and we process that information on the basis of consent or the performance of a contract, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine readable format. Where it is technically feasible and subject to the same limitations, you have the right to request that your data be transmitted to another controller.
- Right to object – You have the absolute right to object to our processing of your personal data for marketing purposes. You also have a right to object to our processing of your personal data if that processing is based on legitimate interest grounds, unless we can demonstrate compelling grounds to continue processing or if we need to continue processing for the establishment, exercise or defense of a legal claim.
- Right to restrict processing – You have the right to restrict the processing of your personal data in some circumstances such as while we are verifying the accuracy of your personal data when you have contested it, while we are determining whether we have compelling grounds to continue processing after you have made an objection pursuant to your right to object, or where your information has been processed unlawfully, but you do not want your information to be deleted. Your right to restrict processing will not affect our ability to store your personal data.
- Right to withdraw consent – If we rely on your consent as our basis for processing your personal data, you have the right to withdraw your consent at any time.
- Right to lodge a complaint with a supervisory authority – You have the right to lodge a complaint with the supervisory authority located in the Member State that is the location of your habitual residence, place of work, or place of the alleged infringement.
Note that AlphaNet does not engage in automated individual decision-making and profiling.
If you would like to submit a request in accordance with the rights above, please contact us at firstname.lastname@example.org.
Information about minors
Our Websites are not intended for use by persons under the age of 18. Children under 18 are not authorized to become an AlphaNet subscriber, sign up for an event or program, or otherwise provide any personal data without consent from a parent or legal guardian. We do not knowingly collect information from individuals in this age group without the requisite consent. We reserve the right to delete any information identified as having been improperly provided by persons under the age of 18 at our discretion.
Changes to this Notice and your duty to inform of us of changes
We may make changes to this Notice from time to time. Our most current Notice will appear on this page and our archived versions can be found here. If we make material changes to this Notice, we notify you via email using the most recent email address we have on file for you. If you do not agree to changes that we may make, please do not continue to provide us with any personal data.
It is important that the personal data we hold about you is accurate, current, and complete. You represent and warrant to us that all information you provide to us is accurate and complete, so it is important that keep us informed if your personal data changes during your relationship with us.
Do Not Track Signals
We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
Your Cookie Preferences
You have choices when it comes to cookies. You can decide whether to allow cookies by toggling the cookie settings in your browser. You can also opt out of Google Analytics cookies. For specific information about how to do so, please visit https://tools.google.com/dlpage/gaoptout.
Note that if you disable cookies in your browser settings, some functionalities of our Websites may be limited.
You can learn how to access and control these settings through the “Help” feature of your specific browser(s). You may also visit www.aboutcookies.org, which is a helpful resource for learning to access and control cookie settings for a variety of different browsers. You will also find information about how to delete cookies, FAQs, and other general cookie information.
Controller is the person or organization who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed.
Deep Link means a hyperlink that links to specific content on a website other than the website’s home page. For example, https://www.alphanet.org/who-is-alphanet/ rather than https://www.alphanet.org.
IP Address stands for Internet Protocol address and is an identifying number that is associated with a specific computer or computer network.
Personal Data means any information about an individual from which that persona can be identified. It does not include data where the identity has been removed (anonymous data).
Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact against you (both positive and negative) and your rights. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Sensitive data includes information regarding an individual’s racial or ethnic origin, religious or philosophical beliefs, trade union membership, or data concerning physical or mental health, genetic or biometric data, or sexuality.
Original effective date May 1, 2001; updated 2004, 2006, 2008, 2016, 2018, 2019.