Privacy policy

Effective

PatientsLikeMe (https://www.patientslikeme.com) (“Platform”) is a health data tracking and online health community that enables its members to share their data and experiences. The platform is operated by PatientsLikeMe, LLC (“PatientsLikeMe”). This Privacy Policy describes how the information collected from users of the Platform, including individuals who have registered to join (“Members”), may be used.

We reserve the right to modify this policy at any time, and without prior notice, by posting an amended Privacy Policy on the Platform. We will notify Members of changes we make to this Privacy Policy. We also encourage Members to review this policy periodically for any updates.

What is PatientsLikeMe.com?

PatientsLikeMe provides this platform for patients who want to:

Who Might View or Have Access to The Data We Collect?

If you become a Member of the Platform, there are four broad groups of people who might have access to your data.

The Community – This refers to your fellow Members on the platform. You can share your data through your profile and the various social components on the site. By sharing your data, others can learn from it. You can mark some data (such as a condition) to be reserved for your Personal View only and that will not be made visible to the Community.

PatientsLikeMe – We use the data you provide internally, both to improve our services and to conduct our own research.

Our Partners – PatientsLikeMe frequently partners with other institutions to conduct research and manage patient communities. These Partners could include, but are not limited to: universities, pharmaceutical companies, hospital systems, value-based care providers, insurance companies, regulatory bodies (including the US Food and Drug Administration (the FDA)), and other entities.

Vendors – We also contract with various service providers for business and technical services like email delivery, site hosting, marketing, advertising, help desk support, and others.

Details of how these different groups might access or use our data are provided below.

Privacy Settings

There are three privacy levels you may choose for participation on the Platform if you are a Member.

You choose one of these settings:

Public view: The data associated with your username and avatar image is viewable by both non-members and members of PatientsLikeMe; or

Community view: The data associated with your username and avatar image is only viewable on the Platform by other members of PatientsLikeMe; or

Personal view: Some data (as specified by you) will not be viewable on the Platform by anyone but you (For example, you may specify one or more conditions you are tracking should be hidden from your fellow members. Note that the PatientsLikeMe team can see this data when necessary, but other PatientsLikeMe members will not see it.)

Public profiles may be indexed or stored by Internet search engines (e.g., Google) or other independent sites, which means your information might come up in the search results by anyone on the Internet, even after you change to a different privacy level.

You can change your privacy level at any time. None of the privacy levels allows non-members of the community to contact you.

What Kind of Information We Collect

Identifying Data

Data that is identifying or potentially identifying is treated as “Identifying Data.” This data includes:

PatientsLikeMe may de-identify Identifying Data. This would include removing identifying information from free text entries like forum posts or comments. Once identifying information is removed, PatientsLikeMe no longer treats the data as Identifying Data.

PatientsLikeMe may aggregate or statistically analyze Identifying Data from more than one member, in which case such resulting aggregated or statistically analyzed data will not be treated as Identifying Data by PatientsLikeMe.

Non-Identifying Data

“Non-Identifying Data” is all information, except Identifying Data, that Members provide about themselves when using the Platform or in other communications with PatientsLikeMe. Examples of Non-Identifying Data that Members may submit include:

PatientsLikeMe may aggregate or statistically analyze data, including from more than one Member. The resulting aggregated or statistically analyzed data shall be treated as Non-Identifying Data by PatientsLikeMe.

Platform Use Data

We, our Partners, and our Vendors, use analytics code and may use web tracking technologies such as cookies and pixel tags to understand how Members use our platform and to improve products and services. Such collected data (“Platform Use Data”) can include the URL of the websites you visited before and after you visited our Platform, the type of browser you are using, your Internet Service Provider, what pages in our Platform you visit, what links you click on, date and time of your visit and duration, whether you open email communications we send to you, and whether you interact with advertising or content displayed on the site and third-party sites. The analytics code also collects information about you such as geolocation, age, gender, affinity categories, and interests, which can be used by PatientsLikeMe. You may be able to modify your browser settings to alter which web tracking technologies are permitted when you use the Platform, but this may limit your use of the Platform.

Platform Use Data is typically only used by PatientsLikeMe, and our Vendors. However, when de-identified it may be shared with our research Partners to help them understand how members use and benefit from the site.

Advertising

Some content or applications, including advertisements, on the PatientsLikeMe website are served by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies, alone or in conjunction with web beacons or other tracking technologies, to collect information about you when you use our website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices About How We Use and Disclose Your Information.

In line with the above, PatientsLikeMe currently works with Publisher First, Inc., d/b/a Freestar, to serve advertisements on our site. The Freestar privacy policy may be found here for your review.

How Data is Used and Shared

You should expect that every piece of Non-Identifying Data you submit on PatientsLikeMe.com may be shared with Partners.

Non-Identifying Data may be displayed to the Community on PatientsLikeMe.com, unless you specify that it be reserved for your Personal View and not to be displayed to the Community. This is controlled by the privacy settings you selected. (See the Privacy Settings section of this Privacy Policy above.)

Members are encouraged to share health information but should consider that the more information that is entered, the more likely it is that you could be located or identified.

How Identifying Data is Used

There are only 3 ways Identifying Data is shared with the community.

If you are using the Platform with a special account type other than the regular Patient account type, additional identifying information about you may be shared. For example:

We will never sell your identifying information for non-PatientsLikeMe advertising purposes.

PatientsLikeMe uses Identifying Data internally, as needed, for research, for maintenance and operation of the Platform, and to create better tools and more personalized experiences for you. We take steps to protect this Identifying Data and limit access to only those who need it for their job.

If we have a Member's permission, their e-mail address will be used by PatientsLikeMe to send them a variety of notifications, including private message notifications, newsletters, study invitations, and promotional content from PatientsLikeMe and some of our Partners. You may change this setting at signup, on your account page, or by clicking the unsubscribe link at the bottom of any email you receive from PatientsLikeMe. However, all Members receive administrative emails (e.g., password reset), which you cannot opt out of while you remain registered with the Platform.

Additionally, Identifying Data is not shared with or sold to Partners unless explicit consent is given. Specific instances where consent may be requested include:

PatientsLikeMe, in some instances, will allow Vendors to have access to Identifying Data for the purpose of operating or improving the Platform or other PatientsLikeMe activities and offerings (such as research studies and managed communities). PatientsLikeMe investigates all engaged Vendors to ensure that their security and privacy practices are compliant with relevant regulations and up to PatientsLikeMe standards. Specific examples where a Vendor may have access to Identifying Data include:

How Non-Identifying Data is Used

The Non-Identifying Data you add to your profile--except for data that you have marked for Personal View only--is displayed to the Community via your profile pages. (See the Privacy Settings section of this Privacy Policy above.)

Aggregated data (for example, counts of the number of Members with a certain condition or on a particular treatment) is not identifying and is displayed to the Community and shared with Partners. Data that a Member has marked as reserved to their Personal View may be included in such counts.

In addition to serving the individual needs of our Members, PatientsLikeMe and its Partners are interested in better understanding the patient experience and improving treatment options, information sharing, and health outcomes for everyone. For example, we may look at questions such as, “Do certain treatments work better for some types of people versus others?” PatientsLikeMe provides Non-Identifying Data, in individual and aggregate format, to Partners for use in scientific research, product development, managed communities, and market research. When selling this information, PatientsLikeMe removes Members’ Identifying Data (de-identification) to reduce the possibility of re-identification and contractually forbids Partners from trying to re-identify Members.

PatientsLikeMe may periodically ask Members to complete surveys about their experiences (including questions about products and services). Survey responses (possibly in combination with data from the Platform) are analyzed by PatientsLikeMe researchers. Insights from the analysis may be shared with and/or sold to Partners in a way that does not identify any respondent. Member participation in these surveys is not required and refusal to do so will not impact a Member’s experience with PatientsLikeMe.

PatientsLikeMe may report individual adverse event and drug safety information to regulatory Partners like the FDA, CDC, or other bodies (US and international) as well as directly to pharmaceutical and other Partners. When reporting such information, PatientsLikeMe does not provide Identifying Data, although we reserve the right to contact Members for follow-up at the request of agencies or Partners. In this context, the data that PatientsLikeMe reports may include free text or images on the forums or evaluations.

Finally, PatientsLikeMe may use Non-Identifying Data internally or send it to Vendors who assist with operating our services. For example, we may send treatment or condition information to an e-mail provider so that information can be included in messages we send to you. In addition, some Vendors may use Non-Identifying Data to improve their own products and services.

PatientsLikeMe, like other online communities, is a “public forum.” Be aware that Non-Identifying Data, in the right combinations, might be used by other Members of the community to identify you. For example, having a very rare disease might make it easier to identify somebody when gender and state of residence are also known.

For clarity, “public forum” in this context does NOT mean that the content and data are freely usable by third parties. Any uses outside of our Terms of Use and this Privacy Policy are prohibited.

How Platform Use Data is Used

We use Platform Use Data for several purposes:

Authentication: We use Platform Use Data stored in cookies on your computer to indicate that you have logged into your PatientsLikeMe account and to enable you to use certain portions of our Platform.

Understand Our Users: We use Platform Use Data to analyze trends, track users' movements around the Platform, and gather demographic information about our user base as a whole. This provides us with the ability to determine aggregate information about our user base and usage patterns. Understanding how people use our Platform allows us to make the Platform better for everybody. It may also be used by our Vendors to improve their products and services. We may use this information, possibly in coordination with one of our Partners, to do relevant analysis on user behavior or medical outcomes. We do not sell this usage data to third parties for advertising or marketing purposes. We sometimes provide our Partners with aggregated usage data of all individuals they have referred to our site. We will only provide your personally identifying or identifiable Platform Use Data to Partners with your express consent.

Administer Platform: We use Platform Use Data to help administer the Platform and Members’ use of the Platform. We may, in some circumstances, need to review this Platform Use Data in combination with specific Identifying Data to troubleshoot and resolve issues for individual users.

Advertising: We may use cookies or Platform Use Data to tailor advertisements about joining PatientsLikeMe, to promote certain advertiser content, participation opportunities, or to exclude you from notifications that are not relevant to you, including when you are visiting other sites or platforms. We may additionally use the information we have collected from you to enable us to display advertisements to our advertisers' target audiences. Even though we do not disclose your personal information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.

Choices About How We use and Disclose Your Information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

Tracking Technologies and Advertising: A cookie is a small data file stored by your browser that can be retrieved by sites at a later time. Personal cookie preferences may be managed by utilizing the PatientsLikeMe Cookie Manager, as described below:

Disclosure of Your Information for Third-Party Advertising: If you do not want us to share your personal information with unaffiliated or non-agent third parties for promotional purposes, you can opt-out by utilizing the PatientsLikeMe Cookie Manager, or by sending us an email with your request to privacy@patientslikeme.com.

Targeted Advertising: If you do not want us to use information that we collect or that you provide to us to deliver advertisements according to our advertisers' target-audience preferences, you can opt-out by utilizing the PatientsLikeMe Cookie Manager, or by sending us an email with your request to privacy@patientslikeme.com. For this opt-out to function, you must have your browser set to accept all browser cookies.

We do not control third parties' collection or use of your information to serve interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website.

Residents of certain states may have additional personal information rights and choices. Please see Your State Privacy Rights for more information.

Closing Your Account

You are free to stop using this service at any time.

Note: If you request deactivation or deletion, research that is already in progress or that was conducted prior to your request, will still include your data. This is important to support peer review of the research and replication of results — important parts of the scientific process. PatientsLikeMe keeps special archives of your data for this purpose in accordance with relevant US and EU/EEA/UK regulations.

Other Special Cases

There are instances, not covered above, where your Non-Identifying Data, Identifying Data, and Platform Use Data may be used and disclosed, including, but not limited to, the following:

Other Security Issues

PatientsLikeMe cannot guarantee the identity of any Members with whom you may interact in the course of using the Platform or who may have access to your displayed data. Additionally, we cannot guarantee the authenticity of any data that Members may provide about themselves.

PatientsLikeMe takes commercially reasonable technical precautions to help keep Member data secure, consistent with applicable EU, UK, and US laws. We take these precautions in an effort to protect your information against security breaches. However, this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of firewalls and secure server software. By using our Platform, you acknowledge that you understand and agree to assume these risks.

In the event of a breach, PatientsLikeMe will notify relevant regulatory authorities within 72 hours of becoming aware of the breach. We will notify affected Members as soon as possible after that.

Risks and Benefits

While our goal is to help patients improve health outcomes, there are no certain benefits to using this website. However, keeping track of personal well-being, treatments, and symptoms has been shown to be helpful in improving overall health.

There is a possibility that you may feel uncomfortable sharing information online. It is possible that you could be identified using information you elect to display on PatientsLikeMe (and/or in conjunction with other data sources). You could be discriminated against or experience repercussions as a result of the information you share. For example, it is possible that employers, insurance companies, or others may discriminate based on health information.

You should understand that anyone can register on PatientsLikeMe and view the data you have elected to share on the Platform.

In using the Platform, you are free to skip any non-required questions or data fields that make you feel uncomfortable.

The PatientsLikeMe health services hub aims to connect members to useful healthcare resources that may help them in managing their conditions. As a result, PatientsLikeMe may link to or refer to third party websites or services that we do not own or control. Any personal information you provide to them is provided directly to such third party and is subject to the third party’s privacy policy. The PatientsLikeMe Privacy Policy does not apply to other websites or services, and we are not responsible for the privacy practices or content of any websites or services not controlled by us, nor are we responsible for such third party’s use or misuse of your personal information. If you have any concerns, we urge you to review the terms of those other websites or services for more information about their applicable policies.

Questions about the Privacy Policy

If you have questions or comments about our Privacy Policy, please let us know, or contact us at:

PatientsLikeMe LLC
Attn: Privacy and Compliance Dept.
6 Liberty Square, Suite 2602
Boston, MA 02109

Privacy@Patientslikeme.com

Your State Privacy Rights

State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information.

California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia provide (now or in the future) their state residents with rights to:

The exact scope of these rights may vary by state. To exercise any of these rights please send us an email with your request to privacy@patientslikeme.com. To appeal a decision regarding a consumer rights request please send us an email with your notice of appeal to privacy@patientslikeme.com

California Online Privacy Protection Act Notice

On September 27, 2013, California enacted A.B. 370, amending the California Online Privacy Protection Act to require website operators like us to disclose how we respond to "Do Not Track Signals" and whether third parties collect personally identifiable information about users when they visit us.

California Civil Code Section 1798.83 also permits our members who are California residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@patientslikeme.com. Please note that we are only required to respond to one request per Member each year.

Governing Law and Platform Visitors from outside the United States

We and our servers are located in the United States and are subject to the applicable US local and national laws. These laws may not have equivalent privacy protection as those in your country of residence. When we share information about you with our various Partners, the data-sharing agreement includes data protection clauses. PatientsLikeMe, LLC adheres to the EU-U.S. DPF Principles with regard to personal data transferred from the European Union and the United Kingdom and the Swiss-U.S. DPF Principles with regard to personal data transferred from Switzerland. We also comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

Be aware that the European Court of Justice (ECJ) has determined that no data transferred to the United States can be adequately protected from the United States government and that the United States does not provide adequate judicial remedies against the United States government for invasions of Europeans’ privacy.

Those who choose to access the Platform do so on their own initiative and understanding that their use of the Platform and PatientLikeMe’s use of the Non-Identifying Data, Identifying Data, and Platform Use Data is subject to EU, UK, and US laws and regulations including the GDPR. If users choose to access or use the Platform, they consent to the use and disclosure of information (including GDPR "special category" data such as race, ethnicity, and data concerning health) in accordance with this Privacy Policy and subject to such laws. Transfer of data from residents of the EU/EEA/UK is done under this consent and also for the purpose of providing this service to those users, as allowed by Article 49 of the GDPR.

PatientsLikeMe, LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. PatientsLikeMe, LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. PatientsLikeMe, LLC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/s/

PatientsLikeMe LLC is subject to the regulatory and enforcement authority of the US Federal Trade Commission.

We acknowledge the right of EU, UK, and Swiss individuals to access their personal data under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. Individuals wishing to exercise this right may do so by contacting our community team.

We will also provide EU, UK, and Swiss individuals opt-out or opt-in choices before we share their data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, you may do so by contacting our Community team.
Pursuant to the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, PatientsLikeMe LLC is liable for the onward transfer of personal data to third parties unless we can prove we were not a party to the actions resulting in the damages.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, PatientsLikeMe, LLC commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact PatientsLikeMe, LLC at:
privacy@patientslikeme.com.

PatientsLikeMe, LLC complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. PatientsLikeMe, LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. PatientsLikeMe, LLC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/s/

PatientsLikeMe, LLC has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

General Data Protection Regulation (GDPR)

All individuals have rights regarding their data. The European Union’s (EU) General Data Protection Regulations (GDPR) describes these rights in law. They include:

In some cases, these rights might be restricted. Some examples would include where the information requested compromises the privacy of another individual or is the subject of legal proceedings or investigation. Additionally, processing that has already occurred cannot be undone. If you have questions or complaints about our handling of these rights, see the information at the end of this policy.

GDPR sets out a number of possible bases, three of which apply to PatientsLikeMe and the Platform:

GDPR Recourse For Individuals in the EEA

Our representative in the EU for GDPR purposes is Foley Hoag AARPI. If you are a resident of the EEA, you can contact our representative at:

Foley Hoag AARPI
153 rue du Faubourg Saint-Honoré
75008 Paris, France

If you are a resident of the European Union or the UK and have a complaint about our use or processing of your data, you have a right to lodge a complaint with a national Data Protection Authority. The UK and each European Union member nation has established its own Data Protection Authority; you can find out about the Data Protection Authority in your country.

History of Updates/Changes to Terms and Conditions of Use: