Helping you manage your psoriatic arthritis

Privacy Policy

Last Updated: March 7, 2022

This is the privacy policy (“Privacy Policy”) for the Group for Research and Assessment of Psoriasis and Psoriatic Arthritis, a tax-exempt 501(c)(3) organization in the United States (“GRAPPA US”), and its affiliate non-profit organization in the European Union, the Stichting Group for Research and Assessment of Psoriasis and Psoriatic Arthritis EU (“GRAPPA EU”) (collectively, "GRAPPA," "us," "we," or "our"). The purpose of this Privacy Policy is to describe how GRAPPA collects, uses, and shares certain types of information through our various online interfaces, which includes our organization’s websites at https://www.grappanetwork.org and https://informatree.org/, the subdomains applicable to each (collectively referred to herein as the "Site"), and our mobile application (available through Google Play and the Apple Store) (collectively referred to herein as the “Application”).

This Privacy Policy sets forth the terms between GRAPPA and visitors and users of the Site and/or the Application, as well as members of GRAPPA, (collectively “you” or “your”) regarding the collection, use, and sharing of information from or about you through the Site and/or the Application.

Please read this Privacy Policy carefully before using our Site or the Application. If you are a visitor from the European Economic Area, Switzerland, and/or the United Kingdom, you may be entitled to additional rights regarding your privacy and personal data in addition to the rights provided below. Please refer to the section titled “Rights of Site Users in the European Union” below.

DEFINITION OF PERSONAL DATA

As used in this Privacy Policy, "Personal Data" means information that can be used to identify you under applicable data privacy laws. The term “Personal Data” can include information such as your name, address, telephone number, and e-mail address, but can also include indirect identifiers such as your IP address or device identifier.

The term “Personal Data” does not include aggregate information, which is data we collect about the use of the Site or categories of such users unless it is linked with your other Personal Data. Such aggregate data is not subject to the terms of this Privacy Policy.

WHEN WE COLLECT DATA

Some functions of the Site and the Application can be used without requiring that you provide any information that would personally identify you.

At this time, we do not collect any Personal Data through the Application. Any data that you enter into the Application will not be retained within the Application, and will immediately be deleted as soon as your session is closed. As the developer of the Application, however, GRAPPA may receive certain data sets from Google Play and the Apple Store, comprising non-personally identifiable aggregated user data about the persons who download the Application. Because this data cannot be de-aggregated, used to identify you, or otherwise linked back to you, we do not treat such data as Personal Data.

In order to access certain features and benefits on our Site, you may need to submit, or we may collect, certain Personal Data from you. We use varying methods to collect Personal Data on the Site. Some types of Personal Data are collected through automated technologies, while others are provided directly by users of the Site. We discuss these methods below in the section titled “Data That We Collect”.

DATA THAT WE COLLECT

From time to time, you may provide various types of information about yourself to us through the Site. Our purposes for using or otherwise processing Personal Data are described in the section titled “Our Uses of Personal Data” below.

Except as set forth in this Privacy Policy, or with your consent, GRAPPA will not disclose any of your Personal Data to any third parties. In the interest of clarity: for organizational purposes, GRAPPA US may, from time to time, share information about organization members and users of the Site with GRAPPA EU, and vice versa. Any Personal Data shared between GRAPPA US and GRAPPA EU will be treated according to the terms of this Privacy Policy.

Generally, you may provide us with two categories of data: User Data and Site Usage Data. The types of information that you may provide in each category, along with the technologies that we use to collect such information, are generally described in the sub-sections below:

User Data

“User Data” is the Personal Data that you provide to us directly when you sign up to receive informational e-mails from us, register for a membership account, provide your curriculum vitae as part of the membership application process, update or change information for your account, apply for project grant applications through our Site, send us e-mail messages, and/or otherwise participate in other services on our Site.

Any User Data that we receive about you is provided directly by you, or on your behalf, on a voluntary basis. We describe the most common types of User Data that you may expect to provide below:

From time to time, we may also collect additional Personal Data when you or others provide your curriculum vitae in the membership process, or provide content to be posted on the Site. We may use such data for any of the foregoing items (account registration, communications, and notifications), as well as to assess our resources, projects, and opportunities for members.

Unless expressly requested, you should not provide any Personal Data or other information of a personal or sensitive nature, whether relating to you or another person, either by posting such information on the Site or by providing such information through your communications to us.

Site Usage Data

When users come to our Site, we automatically track and collect information about those visits in our server logs from the user’s browser or device. This information is known as “Site Usage Data”. Information that we automatically collect may include Personal Data such as the user’s IP address, geolocation data, device identification, browser type, and operating system, as well as the referring or exit pages, the page(s) requested, and cookie information. Based on the user’s IP address, we may be able to obtain further Personal Data about the user, such as the identity of their internet service provider and the geographic location of their point of connectivity. Other types of information that we collect as Site Usage Data includes aggregate data such as the pages of our Site that were visited, the order in which those pages were visited, when they were visited, and which hyperlinks were "clicked” on our Site. We do not treat Site Usage Data as Personal Data if it falls within the category of aggregate data.

Please see the next sub-header in this section (Cookie Policy) for a description of the technologies that we use to automatically collect Site Usage Data.

Cookie Policy

We collect the information described in the sub-section titled “Site Usage Data” by using certain technologies known as ‘cookies’ or ‘web beacons’. A cookie is a piece of data that is stored on your hard drive and records your preferences and other data about your visit to the Site. Web beacons are small, invisible graphic images that allow the collection of certain information and monitor user activity on the Site.

We may use cookies, web beacons, frames, server log analyses, and similar technologies to customize your experience with our Site. A full list of the visitor information that we collect through such technologies is provided here. We do not currently enable Google Analytics; however, in the event that we do so in the future, cookies enabled by Google Analytics may apply to your session on the Site.

Many internet browsers will allow you to erase cookies from your hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. However, if you block cookies on our Site, some portions of the Site may not function as intended.

Generally, all cookie and/or web beacon data is treated and used in the aggregate. We use such aggregate data for purposes such as customizing our users' visits to our Site, and helping us to understand trends and user needs so that we can improve the Site. Because aggregate data does not identify you and cannot be traced back to you, it is not subject to this Privacy Policy unless it is internally linked to your Personal Data. If we link or combine any of the aggregate data that we collect from you with any of your Personal Data, we will treat such linked aggregate data in the same way that we treat the rest of your Personal Data until the aggregate data is no longer linked to Personal Data.

OUR USES OF PERSONAL DATA

In general, we use Personal Data that we collect from you to process your requests, to facilitate your use and our administration and operation of the Site, to provide you with information or services you request, to inform you about events, services, research, and projects we think will be of interest to you, and to learn more about and improve the Site and for the purpose for which information was provided. Some of the ways in which we may use the information that we collect include:

Please note that our Site is not designed to respond to "do not track" requests from browsers.

SHARING OF PERSONAL DATA

GRAPPA does not sell or rent Personal Data to third parties, and does not share Personal Data with third parties except as described in this Privacy Policy, as revised from time to time:

In such cases, we reserve the right to raise or waive any legal objection or right available to us at our discretion.

PROTECTING PERSONAL DATA

We strive to protect your Personal Data while it is under our control. Your account information is accessible online only through the use of a password. For more information regarding the security of the Site, please click here.

To help protect the confidentiality of your Personal Data, you must keep your password confidential and not disclose it to any other person. You are responsible for all uses of the Site by any person using your password. Please advise us immediately if you believe your password has been compromised or misused.

YOUR RESPONSIBILITIES; OPTING OUT OF COMMUNICATIONS

You are responsible for verifying the accuracy of the Personal Data you submit to GRAPPA and ensuring that any Personal Data that you provide is kept up to date for the purposes for which you provide it. Inaccurate information may affect your ability to use the Site, the information you receive when using the Site, and our ability to contact you. For example, your e-mail address should be kept current because that is one of the primary methods that we use to communicate with you.

We only send e-mails to persons who have provided their e-mail addresses directly to us and who have consented to receive communications from us. If you do not wish to receive e-mails from GRAPPA, you may opt out by logging in to your account settings online and updating your contact preferences.

Please note, even if you opt out of receiving promotional e-mails from GRAPPA, you may still receive relationship e-mails from us, including responses to e-mails that you sent to us prior to opting out, notices of updates or changes to our policies and procedures, or other messages relating to your account, your membership in GRAPPA, and/or your use of the Site.

Additionally, because our system for processing opt-out requests is not automatic, your request may not be processed immediately. You may continue to receive some communications from us during the processing period.

SPECIAL NOTICES

Regarding Use of the Site by Children

The Site is not designed for use by children under the age of 16, nor do we knowingly collect any Personal Data from children under the age of 16.

Regarding Links to Other Websites

From time to time, we may provide links to third-party websites on the Site. Reasons that we may link to third-party websites include (without limitation): to provide you with additional research resources, training modules and seminar recordings that are hosted off-site, and as part of our agreements with our corporate supporters. Any such links from the Site to third-party websites are provided for your convenience. Personal information you provide on the linked pages is provided directly to that third party and is not subject to this Privacy Policy. Please review the third party’s privacy policy to better understand its privacy practices.

Regarding Our Exemption from the California Consumer Privacy Act

As a non-profit organization, GRAPPA does not constitute a “business”, as the term is defined under the California Consumer Privacy Act (“CCPA”) or its successor the California Privacy Rights Act (“CPRA”). GRAPPA is not required to respond to consumer requests provided under the CCPA or the CPRA. Users of the Site in California are entitled to all of the rights granted to users in this Privacy Policy, apart from those expressly stated as rights specific to users in the European Union.

RIGHTS OF SITE USERS IN THE EUROPEAN UNION

This section provides details about the Personal Data we collect about users of the European Economic Area, Switzerland, and/or the United Kingdom, (collectively the “EU”), and the rights afforded to them regarding the processing of their Personal Data under the EU General Data Protection Regulation (“GDPR”)

Personal information. For details about the Personal Data we collect, please see the section titled “Data That We Collect” above.

Lawful grounds. If you reside in the EU, we rely on the following lawful grounds to collect, store, use, and otherwise process your Personal Data:

Transfer to the United States. While we have offices based in the Netherlands, GRAPPA’s headquarters is located in the United States. As such, we will transfer your Personal Data for processing in the United States from time to time. We make the transfer to the United States in the absence of an adequacy decision (after July 16, 2020) because it is necessary for the performance of a contract with you, or with your explicit consent. We take appropriate measures to provide adequate protection for the transfer and processing of your Personal Data in the United States.

Individual rights and requests. If you are a resident of the European Union, you may send data subject requests to privacy@grappanetwork.org to take any of the following actions:

Please specify the nature of your request and the information that is the subject of your request. We may require you to submit additional information necessary to verify your identity and status as an EU data subject. We will respond to your request directly within 30 days.

Note, however, that if we are processing your personal data based upon the lawful ground of your consent, you have the right to withdraw your consent for such processing at any time without affecting the lawfulness of the processing based on consent before it is withdrawn.

Retention. We retain your Personal Data for as long as necessary for the purpose in which it was collected to either perform a contract, or for our or a third party’s legitimate interest, or for the purpose for which you consented.

CHANGES TO THIS POLICY

We may revise and update this Privacy Policy at any time. If we make such revisions, we will provide notice that changes have been made by posting the revised Privacy Policy on the Site and updating the revision date at the top of the Privacy Policy. We encourage you to review our Privacy Policy whenever you visit the Site to make sure that you understand how your Personal Data is being treated.

CONTACT US

Your privacy is important to us. If you have any questions, concerns, or complaints regarding our Privacy Policy or practices, please contact us using the information provided below.

We will endeavor to respond to your complaint, inquiry, or information request to the extent possible, in a timely and efficient manner.