Privacy Notice
CF Peer Connect (Global) Privacy Notice
Privacy Statement
The Cystic Fibrosis Foundation (CFF) is committed to protecting your privacy. This Privacy Statement explains the types of personal information we may collect from website visitors and other individuals with whom we interact, whether online or offline, why we collect it, and with whom we may share it. It also describes how we protect your personal information and how you can contact us with any questions.
Our Mission
CFF is a nonprofit organization whose mission is to cure cystic fibrosis (CF) and to provide all people with the disease the opportunity to lead full, productive lives by funding research and drug development, promoting individualized treatment, and ensuring access to high-quality, specialized care.
The information you provide helps us to deliver patient-centered programs and continue our work to improve the quality of life for those with CF. We value the input of our community and are committed to ensuring that we are utilizing the personal information that we receive as stated in this Privacy Statement, in furtherance of our mission.
What We Do That May Involve Personal Information
What's in the Scope of this Privacy Statement
The following services are among those CFF is currently providing or may provide to website visitors, members of the public, patients and families who contact us, donors, those who attend our events, grant applicants and recipients, those who register at (“the Site”), and others. 
We may:
  • provide public information about CF, including educational resources about CF
  • provide CF patients and families with insurance, financial, legal, and other resources
  • help connect the CF community through CFF platforms that foster communications and mentoring between CF patients, families, caregivers and/or researchers who want to interact with others via blogs, forums, or events
  • help patients find clinical trials
  • help patients find accredited care centers
  • conduct surveys of visitors to CFF and potential users of CFF services
  • engage in fundraising through avenues including website, email, mail, and other solicitations
  • enable individuals to sign up for events, like Great Strides and other fundraising events
  • collect personal information, such as name, address, phone, email address, credit card number/banking information, health information and other descriptive information for those who make donations to CFF
  • append or update information about individuals from public or commercially-available sources such as U.S. Postal Change of Address data or local or state government records. We may combine this information with other personal information we have collected.
  • communicate with volunteers.
What's Not in the Scope of this Privacy Statement
  • The CFF Patient Registry. For more than 50 years, CFF has been collecting and analyzing information that CF patients choose to submit to the CFF Patient Registry. Registry data is used to produce reports on the health outcomes of CF patients receiving care at CFF-accredited care centers, create CF care guidelines,  guide quality improvement initiatives, and help researchers study CF treatments and outcomes and design CF clinical trials. Patients execute various forms (such as Informed Consents and HIPAA authorizations) to submit their data into the Registry, and the use and disclosure of their Registry information is governed by those forms and laws regarding clinical research.
  • Employment-related information. Information provided regarding potential employment opportunities is not covered by this Privacy Statement, even if you submit it electronically or through the Site.
  • Services we provide to clinicians. CFF provides certain services to CF clinicians and care centers intended to help them improve clinical care. Any patient health information we receive or process in providing these services to care centers is subject not to this Privacy Statement but to a federal medical privacy law called HIPAA (Health Insurance Portability and Accountability Act).
Information You Provide to CFF and Your Choices
Personal Information
You are welcome to make use of the educational content on the Site without providing any personal information.  However, you may choose to provide us with personal information via the Site. For example, if you choose to register for a CFF account in order to make donations, get involved as a volunteer, attend events, request information, apply for a grant, or similar activities, you will need to provide certain personal information such as name, address, telephone number, email address, health information or other descriptive information.
If you choose to use a credit card or PayPal account to make donations or pay to attend events, you will need to submit your credit card or PayPal data through the Site. (If you prefer, you can send a check instead of donating online.) 
If you submit your personal information to register, make a donation, volunteer, send us questions and/or otherwise interact with us, we may later send you donation solicitations or follow-up communications related to CF or CF-related developments, events, or updates.  If you wish to stop these communications, please see the section below titled “How to Unsubscribe from CFF Communications.”
Some of the fundraising sections of our Site make it convenient for you to solicit donations to CFF from your own friends and contacts. If you choose, you can provide name and contact information for your contacts you want to email to ask for donations. CFF (or CFF's vendor) will retain your friends' contact information for your convenience for your own future fundraising efforts, but CFF will not seek contact or donations from your contacts unless they actually become donors themselves.
We use personal information about individuals, as well as anonymous, statistical information derived from personal data, to improve, measure, or expand our services and for administrative and operational functions. We will use personal information only for purposes consistent with this Privacy Statement.
Sometimes CFF may wish to share the stories of those within our community publicly in order to help others. Before we share your personal information, however, for this purpose or any other purpose not described in this Privacy Statement, we will obtain your consent. 
Special Provisions Related to Fundraising
In addition to what is described elsewhere in this Privacy Statement, CFF has some provisions applicable to personal information connected to fundraising operations. These are:
  • CFF does not knowingly contact or solicit donations from individuals under 18 years of age.  However, that may be occasionally unavoidable if an outside source gave us information but did not collect or append age information to its lists.
  • CFF may collect donors’ personal information such as names, company names, titles, addresses, phone numbers, email addresses, payment information (like credit card data), health information, etc. through online or offline communications.
  • CFF uses personal information about donors to respond to inquiries, process donations, issue receipts, help decide who will receive future solicitations, organize fundraising events, assess the effectiveness of CFF fundraising or services, inform donors of new activities and services, and similar activities.
  • See “How to Unsubscribe from CFF Communications” to learn how to adjust or terminate solicitation messages.
  • It is our policy to honor any no-solicitation request as quickly as possible. We are legally required to internally retain records related to donations made, so we cannot delete your name upon request.  Instead, we flag records internally so that we can honor no-solicitation requests by suppressing mailings.
Information You Share Through the Site
Our Site may create opportunities for you to share information with others through message boards, blogs, apps, etc.  Please remember any information you disclose in these areas becomes public information. Therefore, please exercise discretion in deciding what information to post or share.
Nonpersonal Information We Collect
Like other websites, we collect non-personal web usage information about visitors to our site. This may include information about your browser type, geographic location, IP address, and pages you visit. We may use web beacons in email or other communications with you to assure proper operations of the Site or analyze our effectiveness, such as determining if a message to you was delivered or opened. We may also use cookies, web beacons, and/or third-party web analytic tools to analyze website traffic.
Cookies are small text files or data placed by your web browser on your hard drive to store information that allow a website to recognize whether a certain computer or device has been used to visit the site in the past. Cookies enable websites to keep track of online patterns and preferences and make the personalization of web experiences possible. We may make use of session-based and/or “persistent or memory based” cookies, which remain on your computer's hard drive until you delete them. You can adjust your browser settings to remove or block cookies, although if you do so, it may not be possible to utilize all of our services if you reject cookies. If you visit our site, you have consented to our use of cookies, as described in this Privacy Statement.

A web beacon is a graphic on a web page or in an email that gathers non-personal web log information about pages visited or emails opened. We use web analytics services, such as Google Analytics, to record non-personal data such as browser type, operating system, the date and time of a visit, where visitors came from, the pages visited on this website, the time spent viewing site, where visitors went when they left the site, and return visits to the site. Please see here to learn more about how Google Analytics collects and processes data and to learn how to opt out of cookies set by Google Analytics.

We may aggregate this non-personally identifiable data to better understand how visitors use our site, and to help manage, maintain, and report on use of our website.
We may store IP addresses for fraud detection and prevention purposes.
California “Do Not Track” Disclosure
California recently enacted a law requiring websites to explain certain online practices regarding tracking of visitors. 
Some web browsers have a “Do Not Track” feature that lets a user have the browser notify websites that the user does not want to have his or her online activities tracked. CFF's website currently does not respond to such browser-initiated signals. Regarding any potential external tracking, please consult external website policies regarding their tracking practices and their responses to Do Not Track signals.
Social Plug-in Data
The Site may use interfaces with social media sites like Facebook, Google+, LinkedIn, Twitter, or others. If you chose to “like” or share information from the CFF Site through these services, you should review their privacy policies. If you are a member of a social media site, the interfaces may allow the social media site to connect your Site visit to your personally identifiable information.

Personal Information We May Share

If you provide personal information to us via the Site, we may share it with service providers who assist us in activities such as technology or communications management. These providers are not authorized to use or disclose the information except as necessary to perform services on our behalf or to comply with legal requirements.
We might share personal information if we were to sell, assign, license, or transfer all or a portion of our organization or its assets, in which case we would make commercially reasonable efforts to contractually require the recipient to treat the information in accordance with this Privacy Statement. We might also disclose information about you (i) if required by law, subpoena, court order, or legal process, (ii) to law enforcement or other government authorities, or (iii) if we believe disclosure is necessary or appropriate to prevent serious physical harm or in connection with an investigation of or legal action involving illegal or fraudulent activity or conduct that violates our Terms of Agreement.
Protecting Personal Information
We are committed to maintaining the security of personal information. Although it is not possible to guarantee that security measures employed will be fully sufficient to protect personal information, we use appropriate administrative, technical, and physical security measures intended to protect against loss, misuse, improper access, disclosure, alteration, or destruction of personal information. If we share personal information with third parties to provide services to us, we will contractually require them to employ appropriate security measures to protect it. 
If you register with CFF for any services that require a username and password, we encourage you to take strong precautions to protect these credentials. While we strive to protect your personal information, we cannot ensure or warrant the security of any information you transmit to us or receive from us. This is especially true for information you transmit to us via email. We review our data security arrangements regularly.
Links to Other Sites
We may provide links to other websites for your convenience and information, but we do not operate these websites and are not responsible for their privacy practices or content. Please contact those websites directly if you have any questions about their practices.
This Site is intended for use by adults. If you are between the ages of 13 and 18 years old, you may use this Site only if: (i) your use has been approved by your parent or legal guardian, (ii) you use the Site under his or her supervision, and (iii) he or she has agreed to the Terms (and any additional registration agreements, if applicable) on your behalf.
If you are the parent of a minor, you may use the Site and agree to the Terms on behalf of the minor. By doing so, you warrant that you have the legal capacity to act on the minor's behalf and you agree that the provisions of the Terms (and any additional registration agreements, if applicable) that are applicable to you are equally applicable to the minor.
Under no circumstances may a minor under the age of 13 use the Site.
International Data Transfers
We may transfer your personal information to our offices or service providers in various countries, including to jurisdictions not deemed “adequate” by European Union governmental bodies. If you submit your personal information to the Site, you are consenting to the international transfer of the information.
Changing and Accessing your Information
If you would like to access or change information you have submitted to us, you may be able to update it through the registration process. If you are unable to do so, please email us at or write to us at Cystic Fibrosis Foundation, 4550 Montgomery Avenue, Suite 1100 N, Bethesda, MD 20814, ATTN: Compliance.
If you would like to request the deletion of personal information you have previously submitted to CFF, please email us at or write to us at Cystic Fibrosis Foundation, 4550 Montgomery Avenue, Suite 1100 N, Bethesda, MD 20814, ATTN: Compliance. Subject to applicable law and best practices, we will make commercially reasonable efforts to delete or suppress your personal information. Please be advised that we are required by law to retain certain records, such as donation and other records.

How to Unsubscribe from CFF Communications

If you do not wish to receive further emails, postal mail, or other communications from CFF, you may use the unsubscribe mechanism described in the communication you received, call us at 800-344-4823, email us at, or write to us at Cystic Fibrosis Foundation, 4550 Montgomery Avenue, Suite 1100 N, Bethesda, MD 20814, ATTN: Communications. 
It is our policy to honor any no-solicitation request as quickly as possible. We are legally required to internally retain records related to donations made, so we cannot delete your name upon request.  Instead, we flag records internally so we can honor no-solicitation requests by suppressing messages as requested.
We encourage donors who wish to have their names removed from CFF's and other mailing lists to contact the Direct Marketing Association (DMA) to enroll in the DMA's program to help control the mailings they will receive.
Changes to this Notice
We may update this Privacy Statement at any time and, if so, we will post the new effective date below. We expect that most changes will only be editorial in nature or reflect changes in the services we provide. However, in the unlikely event that we would ever make material changes that would permit us to share your information more broadly than we have previously described, we would post a prominent announcement on this site and/or ask for your consent. 
Your continued use of the Site after the effective date of the new Privacy Statement constitutes your consent to the new Privacy Statement.
The prior version of this Privacy Statement is available here.  
Contact Us
Cystic Fibrosis Foundation welcomes your comments. If you have any questions or comments about our Privacy Statement or our information practices, please contact us at or write to us at Cystic Fibrosis Foundation, 4550 Montgomery Avenue, Suite 1100 N, Bethesda, MD 20814, ATTN: Compliance.
Effective Date
The effective date of this Privacy Statement is September 22, 2017

Chronus Privacy Notice
Last Updated: June 18, 2020
Chronus LLC and its affiliates (“we” or “our”) partner with companies and organizations (collectively “Organizations”) to provide mentoring software on the Chronus mentoring platform (the “Services”) to individual users (“you”) at the instruction of their Organizations.
At Chronus, we value your privacy. This Privacy Notice (“Notice”) sets out how your personal information may be collected or used by us in order to provide the Services. We recognize that privacy is an ongoing responsibility, and as such, we may update this Notice from time to time as we undertake new privacy practices.
The Services may include links, integrations or references to non-Chronus websites, services, materials, or entities (collectively “Third-Party Services”). This Privacy Notice does not apply to Third-Party Services. Third-Party Services are subject to their own privacy policies and you are encouraged to review such policies prior to use of any Third-Party Services.
Role of Chronus: With respect to the Services, Chronus is a “data processor” or “service provider” under applicable privacy laws. This means that when you use our Services, we are processing (using) your personal information at the instruction of your Organization, who determines the means and purposes of processing your personal information as the “data controller” or “business”. This Notice sets out our standard privacy practices for the Services. As the “data controller”, your Organization may instruct us to treat your personal information differently than described in this general Notice. Please reach out to your Organization for more information.
How we Process your Personal Information: We collect your personal information from your Organization or directly from you. In order to provide the Services to you, we generally collect personal identifiers (such as your name, email and IP address) along with any additional personal information requested by your Organization or voluntarily provided by you or your Organization. We may also “passively” collect your personal information using various technologies, such as cookies, web beacons, and navigational data collection (clickstream, log files, server logs, etc.). We will only process your personal information for the purposes of providing you with the Services (including for the purposes of building, improving and securing our Services), or as otherwise instructed by you, your Organization or as required by applicable law.
We do not sell your personal information to anyone and only share it with those third parties who are facilitating the provision and support of the Services on our behalf (“subprocessor(s)”) or as otherwise requested by you. We require our subprocessors to comply with all laws applicable to the security and processing of your personal information. We may also disclose your personal information to governmental agencies and other third parties when required to do so by law. Unless otherwise instructed by your Organization, we (including our subprocessors) may process your personal information globally. Similarly, we (including our subprocessors) may transfer your personal information from the EEA to another country outside the EEA. We will comply with all applicable law relating to the processing and international transfer of personal information.
Security and Data Retention: To help protect the privacy of your personal information, we maintain appropriate and industry standard physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your personal information. Where required by applicable law, we keep your personal information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain your personal information depends on the purposes for which we collected and used your personal information and/or the laws applicable to your personal information.
COPPA Requirements: We do not direct or knowingly advertise the Services to individuals under the age of thirteen.
Data Subject Requests, Questions and Complaints: You may have additional “data subject rights” under applicable laws (such rights may include, but are not limited to, the right to access and rectify your personal information, the right to request additional details about how we use your information, the right to request that we delete, make portable or stop processing your personal information, the right to contact your data protection supervisory authority and the right not to receive discriminatory treatment from us based on your election to to exercise your applicable data subject rights). Your Organization is responsible for exercising these rights (should they apply). Please contact your Organization if you wish to learn more.
If you have any other questions or concerns related to how your Organization is processing your personal information, please contact your Organization. If you have questions or concerns related to how we at Chronus process your personal information, please contact us at: