Privacy policy

Effective

PatientsLikeMe (https://www.patientslikeme.com) and WomenLikeMe (https://womenlikeme.com/) (“Platforms”) are health data tracking and online health communities that enable its members to share their data and experiences. The platforms are operated by PatientsLikeMe, LLC (“PatientsLikeMe”). This Privacy Policy describes how the information collected from users of the Platforms, including individuals who have registered to join (“Members”), may be used. Where references are made to PatientsLikeMe throughout this policy, this includes WomenLikeMe.

We reserve the right to modify this policy at any time, and without prior notice, by posting an amended Privacy Policy on the Platform. We will notify Members of changes we make to this Privacy Policy. We also encourage Members to review this policy periodically for any updates.

What is PatientsLikeMe.com?

PatientsLikeMe provides this platform for patients who want to:

Who Might View or Have Access to The Data We Collect?

If you become a Member of the Platform, there are four broad groups of people who might have access to your data.

The Community – This refers to your fellow Members on the platform. You can share your data through your profile and the various social components on the site. By sharing your data, others can learn from it. You can mark some data (such as a condition) to be reserved for your Personal View only and that will not be made visible to the Community.

PatientsLikeMe – We use the data you provide internally, both to improve our services and to conduct our own research.

Our Partners – PatientsLikeMe frequently partners with other institutions to conduct research and manage patient communities. These Partners could include, but are not limited to: universities, pharmaceutical companies, hospital systems, value-based care providers, insurance companies, regulatory bodies (including the US Food and Drug Administration (the FDA)), and other entities.

Vendors – We also contract with various service providers for business and technical services like email delivery, site hosting, marketing, advertising, help desk support, and others.

Details of how these different groups might access or use our data are provided below.

Privacy Settings

There are three privacy levels you may choose for participation on the Platform if you are a Member.

You choose one of these settings:

Public view: The data associated with your username and avatar image is viewable by both non-members and members of PatientsLikeMe; or

Community view: The data associated with your username and avatar image is only viewable on the Platform by other members of PatientsLikeMe; or

Personal view: Some data (as specified by you) will not be viewable on the Platform by anyone but you (For example, you may specify one or more conditions you are tracking should be hidden from your fellow members. Note that the PatientsLikeMe team can see this data when necessary, but other PatientsLikeMe members will not see it.)

Public profiles may be indexed or stored by Internet search engines (e.g., Google) or other independent sites, which means your information might come up in the search results by anyone on the Internet, even after you change to a different privacy level.

You can change your privacy level at any time. None of the privacy levels allows non-members of the community to contact you.

What Kind of Information We Collect

Identifying Data

Data that is identifying or potentially identifying is treated as “Identifying Data.” This data includes:

PatientsLikeMe may de-identify Identifying Data. Once identifying information is removed, PatientsLikeMe no longer treats the data as Identifying Data.

PatientsLikeMe may aggregate or statistically analyze Identifying Data from more than one member, in which case such resulting aggregated or statistically analyzed data will not be treated as Identifying Data by PatientsLikeMe.

Non-Identifying Data

“Non-Identifying Data” is all information, except Identifying Data, that Members provide about themselves when using the Platform or in other communications with PatientsLikeMe. Examples of Non-Identifying Data that Members may submit include:

PatientsLikeMe may aggregate or statistically analyze data, including from more than one Member. The resulting aggregated or statistically analyzed data shall be treated as Non-Identifying Data by PatientsLikeMe.

How Data is Used and Shared

You should expect that every piece of Non-Identifying Data you submit on PatientsLikeMe.com may be shared with Partners.

Non-Identifying Data may be displayed to the Community on PatientsLikeMe.com, unless you specify that it be reserved for your Personal View and not to be displayed to the Community. This is controlled by the privacy settings you selected. (See the Privacy Settings section of this Privacy Policy above.)

Members are encouraged to share health information but should consider that the more information that is entered, the more likely it is that you could be located or identified.

How Identifying Data is Used

There are only 3 ways Identifying Data is shared with the community.

If you are using the Platform with a special account type other than the regular Patient account type, additional identifying information about you may be shared. For example:

We will never sell your identifying information for non-PatientsLikeMe advertising purposes

PatientsLikeMe uses Identifying Data internally, as needed, for research, for maintenance and operation of the Platform, and to create better tools and more personalized experiences for you. We take steps to protect this Identifying Data and limit access to only those who need it for their job.

If we have a Member's permission, their e-mail address will be used by PatientsLikeMe to send them a variety of notifications, including private message notifications, newsletters, study invitations, and promotional content from PatientsLikeMe and some of our Partners. You may change this setting at signup, on your account page, or by clicking the unsubscribe link at the bottom of any email you receive from PatientsLikeMe. However, all Members receive administrative emails (e.g., password reset), which you cannot opt out of while you remain registered with the Platform.

Additionally, Identifying Data is not shared with or sold to Partners unless explicit consent is given. Specific instances where consent may be requested include:

PatientsLikeMe, in some instances, will allow Vendors to have access to Identifying Data for the purpose of operating or improving the Platform or other PatientsLikeMe activities and offerings (such as research studies and managed communities). PatientsLikeMe investigates all engaged Vendors to ensure that their security and privacy practices are compliant with relevant regulations and up to PatientsLikeMe standards. Specific examples where a Vendor may have access to Identifying Data include:

How Non-Identifying Data is Used

The Non-Identifying Data you add to your profile--except for data that you have marked for Personal View only--is displayed to the Community via your profile pages. (See the Privacy Settings section of this Privacy Policy above.)

Aggregated data (for example, counts of the number of Members with a certain condition or on a particular treatment) is not identifying and is displayed to the Community and shared with Partners. Data that a Member has marked as reserved to their Personal View may be included in such counts.

In addition to serving the individual needs of our Members, PatientsLikeMe and its Partners are interested in better understanding the patient experience and improving treatment options, information sharing, and health outcomes for everyone. For example, we may look at questions such as, “Do certain treatments work better for some types of people versus others?” PatientsLikeMe provides Non-Identifying Data, in individual and aggregate format, to Partners for use in scientific research, product development, managed communities, and market research. When selling this information, PatientsLikeMe removes Members’ Identifying Data (de-identification) to reduce the possibility of re-identification and contractually forbids Partners from trying to re-identify Members.

PatientsLikeMe may periodically ask Members to complete surveys about their experiences (including questions about products and services). Survey responses (possibly in combination with data from the Platform) are analyzed by PatientsLikeMe researchers. Insights from the analysis may be shared with and/or sold to Partners in a way that does not identify any respondent. Member participation in these surveys is not required and refusal to do so will not impact a Member’s experience with PatientsLikeMe.

PatientsLikeMe may report individual adverse event and drug safety information to regulatory Partners like the FDA, CDC, or other bodies (US and international) as well as directly to pharmaceutical and other Partners. When reporting such information, PatientsLikeMe does not provide Identifying Data, although we reserve the right to contact Members for follow-up at the request of agencies or Partners. In this context, the data that PatientsLikeMe reports may include Free Text Entries or images on the forums or evaluations.

Finally, PatientsLikeMe may use Non-Identifying Data internally or send it to Vendors who assist with operating our services. For example, we may send treatment or condition information to an e-mail provider so that information can be included in messages we send to you. In addition, some Vendors may use Non-Identifying Data to improve their own products and services.

PatientsLikeMe, like other online communities, is a “public forum.” Be aware that Non-Identifying Data, in the right combinations, might be used by other Members of the community to identify you. For example, having a very rare disease might make it easier to identify somebody when gender and state of residence are also known.

For clarity, “public forum” in this context does NOT mean that the content and data are freely usable by third parties. Any uses outside of our Terms of Use and this Privacy Policy are prohibited.

Closing Your Account

You are free to stop using this service at any time.

Note: If you request deactivation or deletion, research that is already in progress or that was conducted prior to your request, will still include your data. This is important to support peer review of the research and replication of results — important parts of the scientific process. PatientsLikeMe keeps special archives of your data for this purpose in accordance with relevant US and EU/EEA/UK regulations.

Other Special Cases

There are instances, not covered above, where your Non-Identifying Data, Identifying Data, and Platform Use Data may be used and disclosed, including, but not limited to, the following:

Other Security Issues

PatientsLikeMe cannot guarantee the identity of any Members with whom you may interact in the course of using the Platform or who may have access to your displayed data. Additionally, we cannot guarantee the authenticity of any data that Members may provide about themselves.

PatientsLikeMe takes commercially reasonable technical precautions to help keep Member data secure, consistent with applicable EU, UK, and US laws. We take these precautions in an effort to protect your information against security breaches. However, this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of firewalls and secure server software. By using our Platform, you acknowledge that you understand and agree to assume these risks.

In the event of a breach, PatientsLikeMe will notify relevant regulatory authorities within 72 hours of becoming aware of the breach. We will notify affected Members as soon as possible after that.

Risks and Benefits

While our goal is to help patients improve health outcomes, there are no certain benefits to using this website. However, keeping track of personal well-being, treatments, and symptoms has been shown to be helpful in improving overall health.

There is a possibility that you may feel uncomfortable sharing information online. It is possible that you could be identified using information you elect to display on PatientsLikeMe (and/or in conjunction with other data sources). You could be discriminated against or experience repercussions as a result of the information you share. For example, it is possible that employers, insurance companies, or others may discriminate based on health information.

You should understand that anyone can register on PatientsLikeMe and view the data you have elected to share on the Platform.

In using the Platform, you are free to skip any non-required questions or data fields that make you feel uncomfortable.

Cookies and Tracking Technologies

We, our Partners, and our Vendors, use analytics code and may use web tracking technologies such as cookies and pixel tags to understand how Members use our platforms and to improve products and services. Such collected data (“Platform Use Data”) can include the URL of the websites you visited before and after you visited our Platform, the type of browser you are using, your Internet Service Provider, what pages in our Platforms you visit, what links you click on, date and time of your visit and duration, whether you open email communications we send to you, and whether you interact with advertising or content displayed on the site and third-party sites. The analytics code also collects information about you such as geolocation, age, gender, affinity categories, and interests, which can be used by PatientsLikeMe. You may be able to modify your browser settings to alter which web tracking technologies are permitted when you use the Platform, but this may limit your use of the Platform.
Platform Use Data is typically only used by PatientsLikeMe, and our Vendors. However, when de-identified it may be shared with our research Partners to help them understand how members use and benefit from the site.

What types of cookies are on our Platforms and why?

We use the following types of cookies on our Platforms:
Always Active (Strictly Necessary) Cookies: These cookies are essential for you to browse our Platforms and use its intended functionality, including accessing secure areas of the Platforms, moving items to the shopping cart before making a purchase, helping to ensure security, and to log interactions with our cookie banner. These cookies cannot be opted out of.
Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Platforms. They help us to know which pages are the most and least popular and see how visitors move around the Platforms. If you do not allow these cookies, we will not know when you have visited our site and will not be able to monitor its performance using data provided by your visit.
Functional Cookies: These cookies enable the Platforms to provide enhanced functionality. They may be set by us or by third-party service providers whose services we have added to our pages. If you disable these cookies, the Platforms may lose certain non-essential aspects of its functionality.
Sales Cross-Context Behavioral Marketing Cookies: These cookies may be set on Platforms by advertising and marketing service providers. They may be used by those companies to build a profile of users' interests and show relevant adverts on other sites. If you consent to these Cookies, you may experience targeted advertising.
Social Media Cookies: These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

Other definitions:

First Party Cookies – These are cookies that are directly generated by the PatientsLikeMe Platforms you visit.
Third Party Cookies – These are cookies that are created by Platforms other than the PatientsLikeMe Platforms and are mainly used for tracking and online-advertising purposes.
Session Cookies– These are cookies that are removed when a user closes the web browser.
Persistent Cookies– These are cookies that have an expiration date for a set period of time.

How to opt in or out of cookies

The first time you visit our Platforms, a cookie banner will be displayed, providing you with information about the use of cookies on our Platforms, and options for how to opt in or opt out of certain cookies. This opting in or opting out can be done using our cookie preference center, which is accessed through this cookie banner. This preference center is also accessible from the cookie icon, which is located in the bottom left-hand corner of the Platforms. You can opt in or out of certain categories of optional (non-essential cookies e.g., “Targeting Cookies” as described above), by turning the toggle on or off for these in the cookie preference center.

You can clear cookies set on our Platforms from previous web browsing sessions. Below are instructions on how to do this on the main browsers:
● Google Chrome
● Apple Safari
● Mozilla Firefox
● Internet Explorer
● You can also set your internet browser to disable or block cookies. If cookies are disabled, then some of the content on our Platforms will also be disabled or may not be displayed correctly. For more information on how to disable cookies in your internet browser, please go to www.aboutcookies.org or www.youronlinechoices.com.

Global Privacy Control

Global Privacy Control (GPC) is a specification designed to allow Internet users to notify businesses of their privacy preferences, such as whether or not they want their personal information to be sold or shared. It consists of a setting or extension in the user’s browser or mobile device and acts as a mechanism that Websites/Platforms can use to indicate they support the specification.
GPC is available for an increasing number of browsers and browser extensions, listed here. If you want to use GPC, you can download and enable it via a participating browser or browser extension. More information about downloading GPC is available here.
At PatientsLikeMe, we support and honor a Website user’s GPC request.

Do Not Track

Note that we do not currently respond to web browser “Do Not Track” signals that provide a method to opt out of the collection of information about online activities over time and across third-party Websites/Platforms or online services because, among other reasons, there is no common definition of such signals and no industry-accepted standards for how such signals should be interpreted.

Google Analytics

We use Google Analytics to better understand your use of our Platforms and Services. Google Analytics collects information such as how often users visit our Platforms, what pages are visited, and what other sites may have been used prior to visiting. Google uses the data collected to track and examine Platform usage, to prepare reports on its activities and share them with other Google services, and to contextualize and personalize the ads of its own advertising network. More information about how Google Analytics collects and processes data can be found at https://policies.google.com/technologies/partner-sites.

Google’s ability to use and share information collected by Google Analytics about your visits to the Platforms is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can also opt out of and manage your preferences for Google’s use of personalized advertising and related cookies by visiting Google’s Ad Settings, and Google Analytics also offers an opt-out mechanism for the web available at https://tools.google.com/dlpage/gaoptout.

More Information

If you have any questions regarding our use of cookies, please contact us at the below email address: privacy@patientslikeme.com.

Advertising

Some content or applications, including advertisements, on the PatientsLikeMe website are served by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies, alone or in conjunction with web beacons or other tracking technologies, to collect information about you when you use our website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.
We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the provider responsible directly.

The PatientsLikeMe health services hub aims to connect members to useful healthcare resources that may help them in managing their conditions. As a result, PatientsLikeMe may link to or refer to third party websites or services that we do not own or control. Any personal information you provide to them is provided directly to such third party and is subject to the third party’s privacy policy. The PatientsLikeMe Privacy Policy does not apply to other websites or services, and we are not responsible for the privacy practices or content of any websites or services not controlled by us, nor are we responsible for such third party’s use or misuse of your personal information. If you have any concerns, we urge you to review the terms of those other websites or services for more information about their applicable policies.

Questions about the Privacy Policy

If you have questions or comments about our Privacy Policy, please let us know, or contact us at:

PatientsLikeMe LLC
Attn: Privacy and Compliance Dept.
2300 Windy Ridge PKWY, SE STE, 850S,
Atlanta, Georgia, 30339-5665

privacy@patientslikeme.com

Your State Privacy Rights

State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information.

California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia provide (now or in the future) their state residents with rights to:

The exact scope of these rights may vary by state. To exercise any of these rights please send us an email with your request to privacy@patientslikeme.com. To appeal a decision regarding a consumer rights request please send us an email with your notice of appeal to privacy@patientslikeme.com

California Online Privacy Protection Act Notice

On September 27, 2013, California enacted A.B. 370, amending the California Online Privacy Protection Act to require website operators like us to disclose how we respond to "Do Not Track Signals" and whether third parties collect personally identifiable information about users when they visit us.

California Civil Code Section 1798.83 also permits our members who are California residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@patientslikeme.com. Please note that we are only required to respond to one request per Member each year.

Governing Law and Platform Visitors from outside the United States

We and our servers are located in the United States and are subject to the applicable US local and national laws. These laws may not have equivalent privacy protection as those in your country of residence. When we share information about you with our various Partners, the data-sharing agreement includes data protection clauses. PatientsLikeMe, LLC adheres to the EU-U.S. DPF Principles with regard to personal data transferred from the European Union and the United Kingdom and the Swiss-U.S. DPF Principles with regard to personal data transferred from Switzerland. We also comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

Be aware that the European Court of Justice (ECJ) has determined that no data transferred to the United States can be adequately protected from the United States government and that the United States does not provide adequate judicial remedies against the United States government for invasions of Europeans’ privacy.

Those who choose to access the Platform do so on their own initiative and understanding that their use of the Platform and PatientLikeMe’s use of the Non-Identifying Data, Identifying Data, and Platform Use Data is subject to EU, UK, and US laws and regulations including the GDPR. If users choose to access or use the Platform, they consent to the use and disclosure of information (including GDPR "special category" data such as race, ethnicity, and data concerning health) in accordance with this Privacy Policy and subject to such laws. Transfer of data from residents of the EU/EEA/UK is done under this consent and also for the purpose of providing this service to those users, as allowed by Article 49 of the GDPR.

PatientsLikeMe, LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. PatientsLikeMe, LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. PatientsLikeMe, LLC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/s/

PatientsLikeMe LLC is subject to the regulatory and enforcement authority of the US Federal Trade Commission.

We acknowledge the right of EU, UK, and Swiss individuals to access their personal data under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. Individuals wishing to exercise this right may do so by contacting our community team.

We will also provide EU, UK, and Swiss individuals opt-out or opt-in choices before we share their data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, you may do so by contacting our Community team.Pursuant to the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, PatientsLikeMe LLC is liable for the onward transfer of personal data to third parties unless we can prove we were not a party to the actions resulting in the damages.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, PatientsLikeMe, LLC commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact PatientsLikeMe, LLC at:privacy@patientslikeme.com.

PatientsLikeMe, LLC complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. PatientsLikeMe, LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. PatientsLikeMe, LLC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/s/

PatientsLikeMe, LLC has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

General Data Protection Regulation (GDPR)

All individuals have rights regarding their data. The European Union’s (EU) General Data Protection Regulations (GDPR) describes these rights in law. They include:

In some cases, these rights might be restricted. Some examples would include where the information requested compromises the privacy of another individual or is the subject of legal proceedings or investigation. Additionally, processing that has already occurred cannot be undone. If you have questions or complaints about our handling of these rights, see the information at the end of this policy.

GDPR sets out a number of possible bases, three of which apply to PatientsLikeMe and the Platform:

GDPR Recourse For Individuals in the EEA

Our representative in the EU for GDPR purposes is Foley Hoag AARPI. If you are a resident of the EEA, you can contact our representative at:

support@patientslikeme.com

OR

Foley Hoag AARPI
153 rue du Faubourg Saint-Honoré
75008 Paris, France

If you are a resident of the European Union or the UK and have a complaint about our use or processing of your data, you have a right to lodge a complaint with a national Data Protection Authority. The UK and each European Union member nation has established its own Data Protection Authority; you can find out about the Data Protection Authority in your country.

History of Updates/Changes to Terms and Conditions of Use: