Privacy Policy

Updated September 16, 2021

NPF's Commitment to Privacy

The National Psoriasis Foundation (NPF, “our,” or “we”) respects the privacy of each individual who contacts us. We are grateful for your support and the critical role you play in helping us continue our valuable work. To protect your privacy, we provide this Privacy Notice (“Privacy Notice”) explaining our information practices and the choices you can make about the way your information is collected and used when you engage with NPF or visit the NPF Websites where this Privacy Notice is linked (“NPF Websites”). This Privacy Notice applies to information collected by NPF both online and offline.

Acceptance of These Terms

When you provide information to NPF or use the NPF Websites you are indicating your understanding and acceptance of the terms of this Privacy Notice. If you do not agree with all the terms herein, do not provide your information to NPF or use the NPF Websites or services

Changes to Privacy Notice

NPF may change this Privacy Notice at any time, at its discretion. If we change our Privacy Notice, we will post those changes here so that you will always know what information we gather, how we might use that information, and to whom we will disclose it.

Collection and Use of Personal Information

What is Personal Information?

Personal Information means any information relating to a natural person who can be identified by reference to an identifier such as a name, an identification/account number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

Non-Personal Information means information that is about you, but does not identify you specifically. If you do nothing during your visit to the NPF Website but browse, read pages, or view content, we will gather and store Information about your visit that does not identify you personally.

Below are specific examples of the types of Information we collect:

Contact Information. We may request that you provide contact information, such as your name, address, e-mail address, and telephone number.
Donor and Purchaser Information. We may request that you provide your credit card number, contact information, and other billing information when you make donations or purchases.
Demographic Information. We may collect demographic information such as your age, career, preferences, gender, educational degrees, ethnic background, interests, and psoriatic disease affiliation. Sometimes, we may collect a combination of information types. Examples of areas of the NPF Websites where we may collect personal or combined personal and demographic information are pages where you can donate to the NPF, sign up to be a member (professional or general), register for a program or event, or purchase a product.
Technical Information. We also may gather certain Non-Personal Information about your use of the NPF Websites, such as what areas you visit and what services you access. Moreover, there is information about your computer hardware and software that we may collect. This information can include, without limitation, your IP address, browser type, domain names, access times, and referring website addresses. Some of this information is collected through the use of cookies (described below).

Use of Personal Information

The Personal Information collected may be used by NPF for the purpose of providing you with the content you request, operating and improving the NPF Websites, providing a positive user experience, accepting your donations, and delivering the products and services that we offer.

We may also use the Personal Information we gather to inform you of other products or services available from the NPF or to contact you about your opinion of current products and services or potential new products and services that may be offered. We may use your contact information in order to send you e-mail, postal mail, or other communications regarding updates at the NPF, such as newsletters, psoriatic disease information, event and programmatic information, and additional listings which may be of interest to you.

We may also use it to send you information about third-party products and services that match your interests and preferences, if you opt in for this communication. The nature and frequency of these messages will vary depending upon the information we have about you. In addition, at the time of registration for certain services, you have the option to elect to receive additional communications, information, newsletters, and promotions relating to topics that may be of special interest to you.

If in the future we intend to process your Personal Information for a purpose other than that for which it was collected, we will provide you with information regarding that purpose and any other relevant information including the option to opt out.

We do not provide your name and address or email to outside parties, except as described here.

Residents of the European Economic Area (“EEA”)

If you are located in the EEA, you may have certain rights under European law with respect to your Personal Information described below.

Controller of Personal Information. NPF is the Controller of your Personal Information. NPF’s primary place of business is 6600 SW 92nd Ave., Suite 300, Portland, OR 97223.

Processing. The following table provides information required by the GDPR relating to our use of your Personal Information:

Personal Information	Legal Basis for Processing
Contact information, including name, address, e-mail address, and telephone number.	Your consent to collection and use. Also as necessary for the performance of a contract.
Purchaser information, including credit card number, contact information, and billing information.	Your consent to collection and use. Also as necessary for the performance of a contract.
Demographic information, including age, preferences, gender, educational degrees, ethnic background, interests, and psoriatic disease specific information.	Your consent to collection and use. Also as necessary for the performance of a contract. And for the legitimate interests of NPF in analyzing this data for purposes related to NPF’s activities and mission.
Technical information, including your IP address, browser type, domain names, access times, and referring website addresses.	NPF’s legitimate interest in authenticating subscribers and optimizing website performance.

In addition to the chart above, NPF may also process your Personal Information on one or more of the following legal bases:

where we have a legitimate interest, as described in this Privacy Notice (see “Use of Personal Information” above);
as necessary to comply with relevant law and legal obligations, including to respond to lawful requests and orders; or
with your consent.

Your Rights. Subject to applicable law, you may have the right to:

ask whether we hold Personal Information about you and request copies of such Personal Information and information about how it is processed;
request that inaccurate Personal Information is corrected;
request deletion of Personal Information that is no longer necessary for the purposes underlying the processing, processed based on withdrawn consent, or processed in non-compliance with applicable legal requirements;
request us to restrict the processing of Personal Information where the processing is inappropriate;
object to the processing of Personal Information;
request portability of Personal Information that you have provided to us (which does not include information derived from the collected information), where the processing of such Personal Information is based on consent or a contract with you and is carried out by automated means; and
lodge a complaint with the appropriate data protection authorities.

You can exercise your rights of access, rectification, erasure, restriction, objection, and data portability by contacting us at getinfo@psoriasis.org and including “GDPR Request” in the subject line.

When you consent to our processing of your Personal Information for a specified purpose, you may withdraw your consent at any time, and we will stop any further processing of your Personal Information for that purpose.

The categories of Personal Information that NPF collects are identified in the “Collection and Use of Personal Information” section. Additional information about how long NPF will retain your Personal Information and how it shares your Personal Information is found in the “Retention of Personal Information” and “Sharing of Personal Information” sections.

Retention of Personal Information

We will retain the Personal Information we gather about you for as long as necessary to fulfill our contracts with you and to fulfill the other purposes described in this Privacy Notice. We retain indefinitely certain anonymized information we gather about visitors or subscribers for the legitimate purpose of performing website analytics and providing use of the NPF Websites to all visitors in an efficient, practical, and relevant way.

Sharing of Personal Information

We do not share or disclose your Personal Information to third parties except as set forth below:

Personal Information	Purpose for Sharing
Technical information	With NPF business partners for the legitimate purpose of understanding usage patterns for NPF Websites and those of our partners.
Technical information	With web hosting and other technical service providers for the legitimate purpose of hosting our web servers and ensuring information security for our networks.
Contact information	With consultants and vendors for the legitimate purpose of providing customer support and marketing assistance.
Contact information	With credit card processors for the legitimate purpose of processing credit card transactions in connection with the donor’s and subscriber’s contract with the NPF websites.
Contact information	With our business partners, with your consent, for the legitimate purpose of providing you with products or services tailored to your interests and preferences.

In addition, we disclose Personal Information if legally required to do so, if requested to do so by a governmental entity, or if we believe in good faith that such action is necessary to: (a) conform to legal requirements or comply with legal process; (b) protect the rights or property of NPF; (c) prevent a crime or protect national security; or (d) protect the personal safety of users or the public.

In the event NPF becomes the subject of a bankruptcy proceeding, whether voluntary or involuntary, the NPF or its trustee in bankruptcy may sell, license, or otherwise dispose of the information retained by NPF in a transaction approved by the bankruptcy court as is legally required.

In the event NPF is or may be acquired in whole or part by a third party by way of merger, consolidation, or purchase, we may disclose and transfer Information to the third party and any prospective acquirer.

The NPF may also share aggregated anonymous information about visitors to NPF Websites with its clients, partners, and other third parties so that they may understand the kinds of visitors to the NPF Websites and how those visitors use the site.

Personal Information You Post

If you post any Personal Information in public and/or social network areas of the NPF Websites, e.g., in online community forums or chat rooms, the Personal Information disclosed may be displayed to other users of these services and may be collected and used by others over whom we have no control. NPF is not responsible for the use made by third parties of Personal Information you post or otherwise make available in public areas of the NPF Websites and communities. If you remove Personal Information that you have made public on NPF Websites and communities, copies may remain viewable in cached and archived pages of the NPF Websites or if others have copied or saved that Personal Information.

Opt-In and Opt-Out Choices

The registration forms and other sections of the NPF Website where we collect your Personal Information provide you with relevant opt-in and opt-out choices regarding promotional activity and other communications with you. To access your Personal Information and our opt-in/opt-out online preferences, and to determine your preferences, you may contact getinfo@psoriasis.org.

E-mail

Emails to Donors, Participants, Subscribers, Members, and Users Who Request Information. Recipients may opt-in for first- or third-party informational emails or opt-out of all email communications, except transactional emails, such as a donation receipts and event/program specific information that the email recipient has registered for, by using the unsubscribe instructions at the bottom of any e-mail message.

E-mail to Users who have submitted a Request for Information. Individuals who have requested specific information from NPF are agreeing that NPF may contact them by e-mail in exchange for these free services.

You can request that we do not share your Personal Information by e-mailing us at getinfo@psoriasis.org. If you use more than one e-mail address or postal address, please identify each one. We will share such Personal Information when we believe release is appropriate to comply with the law, enforce our rights, or protect the safety of our constituents or others.

Text

If you have provided your phone number to NPF and consented to receiving text messages from NPF at the phone number provided, you may receive text messages from NPF in connection with services offered, events, or donation opportunities. You understand that:

You are not required to grant consent as a condition of using the services offered by NPF;
You may opt-out of these text messages at any time;
Message and data rates may apply; and
If your contact information changes, you should notify NPF by emailing getinfo@psoriasis.org.

Links to Other Sites

The NPF Websites may provide links to other World Wide Web sites or resources. You acknowledge and agree that NPF has no control over such sites and resources and is not responsible for the availability of such external sites or resources, and does not endorse and is not responsible or liable for any materials, advertising, products, or other materials on or available from such sites or resources or those sites’ data collection or privacy policies. You further acknowledge and agree that NPF shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such materials or goods available on or through any such site or resource or those sites data collection or privacy policies.

Monitoring of Information and Cookies

We monitor customer traffic patterns and site usage to help us develop the design and layout of NPF’s website. We may also use the information we collect to occasionally notify you about important changes to the websites, new services or features offered by NPF, and special offers and information we think you will find valuable. If you would rather not receive this information, please contact us through one of the channels identified in "How to Correct or Update Information" (below).

Google Analytics is used to analyze traffic to the NPF Websites. Google Analytics does not maintain individual profiles for visitors, nor does Google Analytics collect data that might identify the individual visitor. Google Analytics only collects aggregate data. Click here for more information about the Google Analytics privacy policy.

We collect Information, by way of a cookie, to help us evaluate how our sites are being used. A cookie is a small uniquely identifiable text file that is stored on your machine. A cookie collects Information that is used for statistical purposes and does not identify you in any way.

Most web browsers automatically accept cookies, but you can change your browser settings to prevent that. Even without accepting cookies, you can still use most of the features throughout the NPF Websites.

Protecting Personal Information

We provide reasonable technical, administrative, and physical controls to secure the confidentiality, integrity, and availability of Personal Information. Unfortunately, the internet is not completely secure. Although we are working to protect your Personal Information, we cannot guarantee the security of your information either in transmission or when stored. NPF utilizes advanced technologies, policies, and practices that prevent, detect and monitor unauthorized access or misuse of resources. The organization implements layered security controls (Firewalls, IPS/IDS, encrypted DNS, email filtering, VPN, web filtering, anti-virus, anti-malware) to help identify, prevent, detect, and respond to security incidents. Personal Information on donors, volunteers, event participants and other constituents is recorded in a secure database. Our database vendor protects Personal Information according to the following security standards and certifications: NIST CSF, PCI DSS, ISO27001, SOC 1, SOC 1 type 2, and others. . Access to stored NPF information is restricted to NPF staff on a need-to-know basis. No Personal Information is made publicly available at any point. If you have any questions about security on the NPF Websites, you may contact us at getinfo@psoriasis.org.

Payment Processing

All credit transactions conducted on the NPF Websites occur in a secure area of the NPF Websites to protect you from any loss, misuse, or alteration of information collected. When you make a donation, subscribe or place an order online at any of the NPF Websites, your credit card information is protected through the use of encryption of web content using Transport Layer Security. NPF is compliant with PCI-DSS standards for the collection, storage, and processing of credit card information.

Association Policies Regarding Disclosure of Personal Information

NPF, like many other non-profit organizations, occasionally makes available only our contributor names and postal addresses to companies, predominantly other non-profit organizations. NPF will only share or sell the Personal Information of its donors when the donor has given NPF specific permission to do so by checking the opt-in box on online and offline forms.

Names/addresses are provided on a one-time basis; therefore, these companies will not have continued access to your name and address unless you respond to them directly, which you are not required to do.

NPF may provide aggregate statistics about our customers, sales, traffic patterns, and related site information to reputable third-party vendors, but these statistics will include no Personal Information.

Our Commitment to Children's Privacy

NPF produces websites, including psoriasis.org/our-spot as well as the "Youth" section of NPF's website (collectively, hereinafter, "Youth Sites"), that are intended for use by children, including those under the age of thirteen, and the adults in their lives. Protecting the privacy of children is especially important, and for this reason we have adopted certain policies and procedures to help do so.

Personal Information about children is not collected for marketing purposes, and it is only disclosed to third parties when necessary (i.e., to respond to a court order or subpoena, to protect the safety of the child, to protect the security and integrity of our website, etc.). Additionally, we do not allow third-party companies to advertise to Our Spot users. We intend to keep the Youth Sites free from direct advertising.

Contact Us

If you have questions or wish to send us comments about our protection of children’s privacy, please send an e-mail with your questions or comments to ourspot@psoriasis.org or write us:

Our Spot
c/o National Psoriasis Foundation
Attention: Outreach Department
6600 SW 92nd Ave., Suite 300
Portland, OR 97223-7195
USA

Online Community

For many years, NPF has sponsored an online community to support individuals living with psoriasis and psoriatic arthritis engaging with one another. Today, Twill Care (formerly Kopa™) is the official online community of the National Psoriasis Foundation. Individuals who register on http://care.twill.health/psoriasis agree to the privacy notice set forth by Twill. The Twill privacy notice can be found here.

NPF does not endorse or accept any responsibility for the content of external websites. For more information see our complete terms of use.

Citizen Pscientist

Citizen Pscientist is NPF’s global participant research network. Participants in Citizen Pscientist contribute their data to a research database that is de-identified for crowd-sourced analysis on the website. This data may also be de-identified and shared in an aggregate manner with researchers and other strategic partners. Individuals who register for Citizen Pscientist agree to the Privacy Notice set forth by NPF.

NPF Participant Surveys

NPF is committed to learning about how the disease impacts lives and advocating for those affected. To do so, we periodically conduct studies to learn more about everyday living with psoriasis and psoriatic disease. Please be assured that your individual responses will be kept confidential. We use this information to provide people who are living with psoriatic disease with programs and services to help them manage their condition. Results from a survey may also be published in magazines, on-line, in scientific journals, shared with partners, or presented at scientific meetings. In such cases, again be assured that respondent identities will remain strictly confidential. Potential risks from completing a survey may include the unlikely possibility that a breach of data confidentiality may occur. However, this risk is minimal. Participation in our surveys is voluntary, and refusal to participate will not impact your ability to access NPF’s services. If you choose to participate in NPF’s surveys, you may discontinue participation at any time.

Notification Guidelines

NPF does not send unsolicited commercial communications to individuals with whom they do not have consent/permission or a pre-existing or current business relationship. NPF provides all notified recipients with a clear, easy and effective method to unsubscribe to any and all online communications.

How to Correct or Update Personal Information

Here are the options for changing and modifying Personal Information previously provided.

Email getinfo@psoriasis.org or send a letter to:

National Psoriasis Foundation
ATTN: Data Privacy Department
6600 SW 92nd Ave., Suite 300
Portland, OR 97223

Your California Privacy Rights

California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of the Website that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us at the email or physical address included below.

Where to Address Your Questions or Complaints

NPF welcomes your questions, comments, and concerns about this Privacy Notice, the practices of the Association, and your dealings with the NPF Website. Please email us at getinfo@psoriasis.org, or if you are a member, at membership@psoriasis.org. Alternatively, you can write to us at:

National Psoriasis Foundation
ATTN: Data Privacy Department
6600 SW 92nd Ave., Suite 300
Portland, OR 97223

Approved by NPF Board of Directors on September 10, 2021.