GDPR Privacy Notice
This Privacy Notice applies to individuals (“you”) who are covered by the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), and outlines the policies of Fairfax Cryobank, Inc. (“we” or “us”) for the collection, use and disclosure of personal information that identifies you in connection with your use of our products and services, including those offered through our websites, emails and mobile applications (collectively, the "Sites”). This notice does not apply to individuals who do not reside in the European Economic Area, or to aggregate, anonymous or other non-personally identifiable information about any individual.
Types of Personal Information We Collect
Data you give us
You do not have to provide personal information in order to visit and browse our Sites, or to receive general information from Client Services. We record Client Services telephone calls, online chats and email communications for quality assurance, employee training and our own protection, so if you volunteer personal information through one of those channels, we may collect and use it for those purposes.
We collect your personal information, such as your name, address, email address, telephone numbers, credit card information and the name and address of your physician, when you provide it during a voluntary or mandatory registration process or when you order our products and services. We strive to collect only the information necessary to perform our contracts with you, to communicate with you about our business relationship, to comply with our regulatory obligations and to confirm your identity if you request information about your own account. When we collect payment information from you, we will only use it to facilitate payment for our products and services.
You do not have to agree to receive marketing communications from us in order to purchase our products or services. You can opt out of receiving marketing emails as explained below.
We have social media accounts with companies like Facebook, Instagram and Twitter. If you interact with those accounts, or access our Sites through your social media accounts, your personal information may be visible to others.
Data we collect passively
As you interact with our Sites, we may automatically collect information on your computer and Internet connection, such as the IP address of your computer and/or Internet service provider, the date and time you access a Site, the Internet address of websites from which you link to a Site, the computer technology you are using and your movements and preferences on our Sites. We use technology that many other websites employ, including without limitation cookies, server logs other similar technologies. We may also use analytics services providers such as Google.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive. We use different types of cookies for different reasons. Some cookies are required for the operation of our Sites, and enable you to chat with Client Services, log into secure areas of our website, use a shopping cart or download donor information. Some cookies record your visits to our Sites, pages you have visited and links you have followed, to let us know how many people visit our Sites and how they use them. Some cookies allow us to recognize you when you return to our Sites, so that we can personalize content for you and remember your preferences, such as choice of language.
How We May Use Your Personal Data
The most common use we will make of your personal data is to provide you with information you have requested, and products and services you have ordered from us. These and other likely uses of your personal data are set forth below, along with the legal bases for such uses:
|Processing to which you have affirmatively consented||Your consent||Notifying you that your waitlisted donor has vials available; providing Fairfax FaceMatchÔ services|
|Responding to your inquiries||Our legitimate business interests; to enter into contracts with you||Identifying you when you contact us; routine client services|
|Fulfilling your orders for products and services||To perform our contracts with you||Verifying orders; emailing you donor information and photos; shipping orders|
|Communicating with you about our business relationship||To perform our contracts with you||Notifying you about donor medical updates or the status of your storage account; confirming your identity when you request information about your own account|
|Recording your cycle outcomes||To comply with our legal obligations; our legitimate business interests||Satisfying licensure requirements for tissue banking record retention; monitoring specimen quality|
|Identifying the specific donor specimens we have distributed to you||To comply with our legal obligations; our legitimate business interests||Many jurisdictions require us to maintain “traceability,” meaning we can match each donor specimen with its recipient, and vice versa, in case of a recall or adverse event|
|Maintaining the birth registry for children conceived with ID Option donor sperm||To perform our contracts with you||Providing accurate information to your donor-conceived child when they request their ID Option donor’s identity|
|Sending you marketing materials||Our legitimate business interests||Promoting our business and increasing sales|
|Compiling and analyzing statistics on how people use our Sites||Our legitimate business interests||Improving the content and ease-of-use of our Sites, informing our marketing strategy and growing our business|
|Auditing and monitoring our records and systems||Our legitimate business interests; to comply with our legal obligations||To support our internal quality assurance program; to train our employees; to carry out our compliance program|
|Testing, troubleshooting, maintaining and upgrading our Sites and internal IT systems||Our legitimate business interests||Improving our Sites and systems, ensuring data security and preventing fraud|
How We May Share Your Personal Data
We will share your name, address, donor number, specimen prep type and specimen quality information with your clinic, in order to coordinate shipping and to track specimen quality and safety. If required by law in your jurisdiction, we will also provide your clinic with your donor’s identifying information.
We may grant access to your information to affiliated and unaffiliated service providers and third parties who have a business reason to access it, such as website hosting service providers, payment processors, attorneys, accountants, common carriers and individuals or companies that conduct, manage or otherwise handle our marketing and promotional campaigns. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We may also share your information in the course of regulatory inspections, to respond to law enforcement requests, court orders or other legal process or to enforce our contracts, protect our assets and other legitimate business interests, collect past-due accounts and respond to comments or complaints made on social media or other public forums.
We do not sell or rent personal data; however, we may share or transfer your information in connection with a prospective or actual sale, merger, transfer or other reorganization of all or parts of our business.
Except as specifically set forth above, we do not transfer personal data to third countries.
How Long We Keep Your Personal Data
We are required by regulation in several different jurisdictions to maintain tissue banking records for as long as 30 years, including information that identifies donors and recipients.
How We Protect Your Personal Data
We employ reasonable technical, administrative and physical safeguards to protect the confidentiality and security of your personal information. We use industry-recognized technical safeguards, such as firewalls, and have adopted and implemented security procedures to protect your information from loss, misuse or unauthorized alteration.
You should keep in mind, however, that no Internet transmission is ever completely secure or error-free. In particular, e- mail sent to or from the Sites may not be secure.
Your Rights to Access, Correct and Remove Your Personal Data
Under certain circumstances, and subject to certain exceptions, you have rights under the GDPR in relation to your personal information. This may include the following rights:
- To obtain a copy of your personal information that we process;
- To correct your personal information, if it is inaccurate or incomplete;
- To have us delete your personal information;
- To restrict processing of your personal information;
- To request the transfer of your personal information to another party;
- To object to the processing of your personal information, including for direct marketing; and
- To withdraw consent you have previously given, although this will not affect any lawful processing carried out before the withdrawal.
Your Right to Complain
If you believe that the processing of your personal data infringes the GDPR, you have a right to file a complaint with a supervisory authority in the European Union country where you live or work, or where you consider that data protection rules have been breached.
How to Exercise Your Rights
If you wish to exercise any of the rights set out above, please contact us using the details in our “Contacting Us” section below. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You may modify your communication preferences and/or opt-out from specific communications at any time by notifying us via email to firstname.lastname@example.org.
Notification of Changes
Fairfax Cryobank, Inc.
Attention: Privacy Officer
3015 Williams Drive, Suite 110
Fairfax, VA 22031
U.S. Telephone in English: 703-698-3976 or 800-338-8407
En Español- 1800-338-8407 Presione el #1
Clients in the United Kingdom, toll free: 0800 404 9186
Clients in Spain: +34 931845772
Effective Date: June 15, 2018