Website Privacy and Data Collection/Storage Policies
The Rare Collective has a legitimate interest in collecting personally identifiable data (including, but not necessarily limited to, your name, address, telephone number, and email address) when you voluntarily submit such information to us for the purposes of business inquiries, accessing website content, to register for certain events, or other purposes.
Your Rights Related to the Information We Collect and Store About You
You have, at any time, the right to access your personal data stored by the Rare Collective, to have the data rectified, completed, blocked or deleted and you may at any time withdraw your consent to the storage, processing and use of your data with effect for the future. Further, your consent is optional and voluntary. Denying consent does not have any negative consequences for you other than you will not be able to participate in a given webinar, event or provide you information as outlined in the section How Used. More specifically;
- You have the right to request disclosure of our collection and sales practices in connection with your data, including the categories of personal information collected, the source of the information, the use of the information and, if the information was disclosed or sold to third-parties, the categories of personal information disclosed or sold to third-parties and the categories of third-parties to whom such information was disclosed or sold;
- You have the right to request a copy of the specific personal information collected during the 12 months before your request (together with right #1, a “personal information request”);
- You have the right to have such information deleted (with exceptions);
- You have the right to request that your personal information not be sold to third-parties, if applicable; and
- You have the right not to be discriminated against because you exercised any of these rights.
If you wish to exercise one or more of your rights above, you may contact our Data Protection Officer at firstname.lastname@example.org or at (651) 994-0510. Please note you may only make personal information requests twice in a 12-month period, that we will need to collect information from you so we can verify your identity, and that we will respond within 30 days of receiving your personal information request.
The Rare Collective maintains the personal information that you voluntarily submit in an electronic database. The Rare Collective may use this information as a means to contact you to obtain additional information, register your participation in a meeting or event, provide you with information that you have requested, or additional information which the Rare Collective believes may be of interest to you.
Any personally identifiable data collected by the Rare Collective may be used by the Rare Collective, or by a third-party individual or its agent, for processing, communications, logistics, and for other purposes as appropriate. Personally identifiable information will be shared on a need-to-know basis and agents of the Rare Collective who have access to this information are required to protect this information in a manner that is consistent with this Privacy Notice. Additionally, agents will not use this information for any purpose other than to carry out the services they are performing for the Rare Collective or its members.
The Rare Collective processes and stores encrypted data on its third-party servers (WP Engine) in the United States of America (the “U.S.”) and will therefore transfer personal data within the U.S.. The Rare Collective may transfer data to the encrypted servers of its member companies in order to conduct its business. This data will be encrypted both in transit and at rest. For additional information about protections offered by WP Engine, please see their Security Environment document at https://wpengine.com/support/wp-engines-security-environment/.
The Rare Collective may use agents to access, collect, record, process and use personal data as required for, and in compliance with, the purpose of each project. Agents will perform such activities exclusively upon, and in strict compliance with, The Rare Collective’s written policies and the terms of appropriate consents. Upon request, we will provide you with the names and addresses of such agents.
While the Rare Collective makes every reasonable effort to stay current with the latest security standards to protect the information it collects, please be aware there is always some risk involved when submitting data over the internet. Although we will put every possible effort in securing out properties we cannot always guarantee that our RSVP sites, survey site, website and servers are 100% safe from illegal tampering or “hacking.” Any data transmitted over the internet may be at risk, however, once it is received at the Rare Collective and entered into our database, any data you have submitted has the same protection that the Rare Collective extends to its own confidential information. All of our input forms asking for PII data will be protected by modern security standards.
Due to the nature of pharmaceutical market research, unless your consent is retracted and you request to have your personal data deleted, The Rare Collective will keep personal data stored securely indefinitely.
Details of retention periods for your personal data can be obtained by contacting our Data Privacy Officer at INSERT EMAIL ADDRESS. The Rare Collective destroys or de-identifies personal data that is no longer needed using secure methods. If you revoke your consent or request erasure of your personal data, we will delete your personal data typically within 15 business days, but in no case greater than one month.
The Rare Collective and the European Union’s General Data Protection Regulation (GDPR)
GDPR (Regulation EU2016/679), or the General Data Protection Regulation, establishes EU standards to protect the personal data of natural persons, while ensuring free movement of information between Member States.
Under GDPR, a “controller” is the organization directing how the data will be used. This may be the Rare Collective or its members. A “processor” is the organization that processes data at the direction of the “controller”, for example, to register for an event. This may be the Rare Collective, its members, or service providers.
The Rare Collective has legitimate interests and consent as legal bases for processing personal data of EU citizens. Consistent with GDPR, the Rare Collective has established reasonable technical, administrative and procedural measures to ensure data protection, even though storage and processing of data is conducted in the US. The section How Used describes the Rare Collective’s processing activities.
The processing of personal data by the Rare Collective is lawful, fair, and along with data use is implicitly outlined at affirmative consent for a given project – and all prospective participants have the right to decline participation if they desire.
The Rare Collective and the California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act of 2018 (CCPA) went into effect on January 1, 2020. The CCPA applies to businesses, including the Rare Collective, that collect personal information of “consumers.” The Act defines a “consumer” as “a natural person who is a California resident, as defined in Section 17014 of Title 18 of the California Code of Regulations. . .”, and grants “consumers” five new rights respecting their personal information. These rights are reflected in the section Your Rights Related to Information We Collect and Store About You.
“Sale” is defined by CCPA to mean “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information to another business or a third party for monetary or other valuable consideration.” (Cal. Civ. Code § 1798.140(t)(1). Please be aware that the Rare Collective does not sell your personal information.
- Under the code, a sale does not occur where data is disclosed to a “service provider.” Several requirements need to be met for this exception to apply: (1.) the transfer must be necessary to perform a task that has a “business purpose”; (2.) the transfer must take place “pursuant to a written contract” that prohibits the service provider from “selling, retaining, using, or disclosing the personal information”; (3.) the business has provided compliant notice to consumers of the fact that it intends to share with service providers; and (4.) the service provider does not further “collect, sell, or use” the personal information of the consumer except as necessary to perform the “business purpose.” Personal information the Rare Collective shares with third-party service providers meets the aforementioned requirements, and are consequently not “sales”;
- Under the code, a sale does not occur when a consumer intentionally directs or uses a business to disclose the consumer’s personal information. This seems to be the equivalent of controller-to-controller transfers with consent of the data subject under EU data protection law. The Rare Collective only shares personal information with non-service provider third-parties at the explicit consent of consumers; and
Again, the Rare Collective does not sell personal information as per CCPA.
We use a technology called cookies on our website to improve our service and to track the pages visited. Using cookies to track page visits helps us analyze our site usage more accurately.
We may track the total number of visitors to our website, the number of visitors to each page of our website, the sequence or duration of visitors to each page, IP addresses, and the domain names of our users Internet Services Providers, and we may analyze these data for trends and statistics in the aggregate, but such information will be in aggregate form only and it will not contain personally identifiable data. Aggregate information is not linked to any personally identifiable information that can identify any individual.
Links to Third-Party Sites
When we refer to ourselves as “we” or “Rare Collective”, we mean the Rare Collective, LLC. As a convenience to our visitors, our sites currently contain links to a number of other (non- Rare Collective) sites that we believe may offer useful information but are not owned or controlled by the Rare Collective. Such links do not constitute an endorsement by the Rare Collective of those other websites, the content displayed therein, or the persons or entities associated therewith. The Rare Collective is not responsible for how these properties operate or treat your personal data, so we recommend that you read the privacy policies and terms associated with these third-party properties carefully as the Privacy Notice presented here does not apply to those sites. You should contact those sites directly for information on their privacy policies, confidentiality agreements, and data collection/distribution procedures.
Complete Agreement and the Privacy and Data Collection and Storage Policies, and Website Use Notice
The Rare Collective website is not directed to minor individuals who are under the age of thirteen (or under a higher age if permitted by the laws of their residence), and we request that they not provide personal data through this website. If it comes to our attention that we have collected personal data from a minor, we may delete this information without notice.
How to contact us:
If you have any questions, comments or concerns about how your personal information is handled on this Website, you may contact us at News@RareCollective.com.
If at any time you wish to stop receiving emails or other communications from us, or if you have submitted personally identifiable information through this website and would like to have that information deleted from our records, please notify us.
You may also request that we correct or amend your personal data by contacting us by email at News@RareCollective.com.