Privacy Policy
Privacy Statement
The Cystic Fibrosis Foundation (CFF) is committed to protecting your privacy. This Privacy Statement explains the types of personal information we may collect from website visitors and other individuals with whom we interact, whether online or offline, why we collect it, and with whom we may share it. It also describes how we protect your personal information and how you can contact us with any questions.
 
Our Mission
CFF is a nonprofit organization whose mission is to cure cystic fibrosis (CF) and to provide all people with the disease the opportunity to lead full, productive lives by funding research and drug development, promoting individualized treatment, and ensuring access to high-quality, specialized care.
The information you provide helps us to deliver patient-centered programs and continue our work to improve the quality of life for those with CF. We value the input of our community and are committed to ensuring that we are utilizing the personal information that we receive as stated in this Privacy Statement, in furtherance of our mission.
What We Do That May Involve Personal Information
What's in the Scope of this Privacy Statement
The following services are among those CFF is currently providing or may provide to website visitors, members of the public, patients and families who contact us, donors, those who attend our events, grant applicants and recipients, those who register at www.cff.org (“the Site”), and others. 
We may:
  • provide public information about CF, including educational resources about CF
  • provide CF patients and families with insurance, financial, legal, and other resources
  • help connect the CF community through CFF platforms that foster communications and mentoring between CF patients, families, caregivers and/or researchers who want to interact with others via blogs, forums, or events
  • help patients find clinical trials
  • help patients find accredited care centers
  • conduct surveys of visitors to CFF and potential users of CFF services
  • engage in fundraising through avenues including website, email, mail, and other solicitations
  • enable individuals to sign up for events, like Great Strides and other fundraising events
  • collect personal information, such as name, address, phone, email address, credit card number/banking information, health information and other descriptive information for those who make donations to CFF
  • append or update information about individuals from public or commercially-available sources such as U.S. Postal Change of Address data or local or state government records. We may combine this information with other personal information we have collected.
  • communicate with volunteers.
What's Not in the Scope of this Privacy Statement
  • The CFF Patient Registry. For more than 50 years, CFF has been collecting and analyzing information that CF patients choose to submit to the CFF Patient Registry. Registry data is used to produce reports on the health outcomes of CF patients receiving care at CFF-accredited care centers, create CF care guidelines,  guide quality improvement initiatives, and help researchers study CF treatments and outcomes and design CF clinical trials. Patients execute various forms (such as Informed Consents and HIPAA authorizations) to submit their data into the Registry, and the use and disclosure of their Registry information is governed by those forms and laws regarding clinical research.
  • Employment-related information. Information provided regarding potential employment opportunities is not covered by this Privacy Statement, even if you submit it electronically or through the Site.
  • Services we provide to clinicians. CFF provides certain services to CF clinicians and care centers intended to help them improve clinical care. Any patient health information we receive or process in providing these services to care centers is subject not to this Privacy Statement but to a federal medical privacy law called HIPAA (Health Insurance Portability and Accountability Act).
Information You Provide to CFF and Your Choices
Personal Information
You are welcome to make use of the educational content on the Site without providing any personal information.  However, you may choose to provide us with personal information via the Site. For example, if you choose to register for a CFF account in order to make donations, get involved as a volunteer, attend events, request information, apply for a grant, or similar activities, you will need to provide certain personal information such as name, address, telephone number, email address, health information or other descriptive information.
If you choose to use a credit card or PayPal account to make donations or pay to attend events, you will need to submit your credit card or PayPal data through the Site. (If you prefer, you can send a check instead of donating online.) 
If you submit your personal information to register, make a donation, volunteer, send us questions and/or otherwise interact with us, we may later send you donation solicitations or follow-up communications related to CF or CF-related developments, events, or updates.  If you wish to stop these communications, please see the section below titled “How to Unsubscribe from CFF Communications.”
Some of the fundraising sections of our Site make it convenient for you to solicit donations to CFF from your own friends and contacts. If you choose, you can provide name and contact information for your contacts you want to email to ask for donations. CFF (or CFF's vendor) will retain your friends' contact information for your convenience for your own future fundraising efforts, but CFF will not seek contact or donations from your contacts unless they actually become donors themselves.
We use personal information about individuals, as well as anonymous, statistical information derived from personal data, to improve, measure, or expand our services and for administrative and operational functions. We will use personal information only for purposes consistent with this Privacy Statement.
Sometimes CFF may wish to share the stories of those within our community publicly in order to help others. Before we share your personal information, however, for this purpose or any other purpose not described in this Privacy Statement, we will obtain your consent. 
Special Provisions Related to Fundraising
In addition to what is described elsewhere in this Privacy Statement, CFF has some provisions applicable to personal information connected to fundraising operations. These are:
  • CFF does not knowingly contact or solicit donations from individuals under 18 years of age.  However, that may be occasionally unavoidable if an outside source gave us information but did not collect or append age information to its lists.
  • CFF may collect donors’ personal information such as names, company names, titles, addresses, phone numbers, email addresses, payment information (like credit card data), health information, etc. through online or offline communications.
  • CFF uses personal information about donors to respond to inquiries, process donations, issue receipts, help decide who will receive future solicitations, organize fundraising events, assess the effectiveness of CFF fundraising or services, inform donors of new activities and services, and similar activities.
  • See “How to Unsubscribe from CFF Communications” to learn how to adjust or terminate solicitation messages.
  • It is our policy to honor any no-solicitation request as quickly as possible. We are legally required to internally retain records related to donations made, so we cannot delete your name upon request.  Instead, we flag records internally so that we can honor no-solicitation requests by suppressing mailings.
Information You Share Through the Site
Our Site may create opportunities for you to share information with others through message boards, blogs, apps, etc.  Please remember any information you disclose in these areas becomes public information. Therefore, please exercise discretion in deciding what information to post or share.
Nonpersonal Information We Collect
Like other websites, we collect non-personal web usage information about visitors to our site. This may include information about your browser type, geographic location, IP address, and pages you visit. We may use web beacons in email or other communications with you to assure proper operations of the Site or analyze our effectiveness, such as determining if a message to you was delivered or opened. We may also use cookies, web beacons, and/or third-party web analytic tools to analyze website traffic.
Cookies are small text files or data placed by your web browser on your hard drive to store information that allow a website to recognize whether a certain computer or device has been used to visit the site in the past. Cookies enable websites to keep track of online patterns and preferences and make the personalization of web experiences possible. We may make use of session-based and/or “persistent or memory based” cookies, which remain on your computer's hard drive until you delete them. You can adjust your browser settings to remove or block cookies, although if you do so, it may not be possible to utilize all of our services if you reject cookies. If you visit our site, you have consented to our use of cookies, as described in this Privacy Statement.

A web beacon is a graphic on a web page or in an email that gathers non-personal web log information about pages visited or emails opened. We use web analytics services, such as Google Analytics, to record non-personal data such as browser type, operating system, the date and time of a visit, where visitors came from, the pages visited on this website, the time spent viewing site, where visitors went when they left the site, and return visits to the site. Please see here to learn more about how Google Analytics collects and processes data and to learn how to opt out of cookies set by Google Analytics.

We may aggregate this non-personally identifiable data to better understand how visitors use our site, and to help manage, maintain, and report on use of our website.
We may store IP addresses for fraud detection and prevention purposes.
California “Do Not Track” Disclosure
California recently enacted a law requiring websites to explain certain online practices regarding tracking of visitors. 
Some web browsers have a “Do Not Track” feature that lets a user have the browser notify websites that the user does not want to have his or her online activities tracked. CFF's website currently does not respond to such browser-initiated signals. Regarding any potential external tracking, please consult external website policies regarding their tracking practices and their responses to Do Not Track signals.
Social Plug-in Data
The Site may use interfaces with social media sites like Facebook, Google+, LinkedIn, Twitter, or others. If you chose to “like” or share information from the CFF Site through these services, you should review their privacy policies. If you are a member of a social media site, the interfaces may allow the social media site to connect your Site visit to your personally identifiable information.

Personal Information We May Share

If you provide personal information to us via the Site, we may share it with service providers who assist us in activities such as technology or communications management. These providers are not authorized to use or disclose the information except as necessary to perform services on our behalf or to comply with legal requirements.
We might share personal information if we were to sell, assign, license, or transfer all or a portion of our organization or its assets, in which case we would make commercially reasonable efforts to contractually require the recipient to treat the information in accordance with this Privacy Statement. We might also disclose information about you (i) if required by law, subpoena, court order, or legal process, (ii) to law enforcement or other government authorities, or (iii) if we believe disclosure is necessary or appropriate to prevent serious physical harm or in connection with an investigation of or legal action involving illegal or fraudulent activity or conduct that violates our Terms of Agreement.
Protecting Personal Information
We are committed to maintaining the security of personal information. Although it is not possible to guarantee that security measures employed will be fully sufficient to protect personal information, we use appropriate administrative, technical, and physical security measures intended to protect against loss, misuse, improper access, disclosure, alteration, or destruction of personal information. If we share personal information with third parties to provide services to us, we will contractually require them to employ appropriate security measures to protect it. 
If you register with CFF for any services that require a username and password, we encourage you to take strong precautions to protect these credentials. While we strive to protect your personal information, we cannot ensure or warrant the security of any information you transmit to us or receive from us. This is especially true for information you transmit to us via email. We review our data security arrangements regularly.
Links to Other Sites
We may provide links to other websites for your convenience and information, but we do not operate these websites and are not responsible for their privacy practices or content. Please contact those websites directly if you have any questions about their practices.
Children
This Site is intended for use by adults. If you are between the ages of 13 and 18 years old, you may use this Site only if: (i) your use has been approved by your parent or legal guardian, (ii) you use the Site under his or her supervision, and (iii) he or she has agreed to the Terms (and any additional registration agreements, if applicable) on your behalf.
If you are the parent of a minor, you may use the Site and agree to the Terms on behalf of the minor. By doing so, you warrant that you have the legal capacity to act on the minor's behalf and you agree that the provisions of the Terms (and any additional registration agreements, if applicable) that are applicable to you are equally applicable to the minor.
Under no circumstances may a minor under the age of 13 use the Site.
International Data Transfers
We may transfer your personal information to our offices or service providers in various countries, including to jurisdictions not deemed “adequate” by European Union governmental bodies. If you submit your personal information to the Site, you are consenting to the international transfer of the information.
Changing and Accessing your Information
If you would like to access or change information you have submitted to us, you may be able to update it through the registration process. If you are unable to do so, please email us at info@cff.org or write to us at Cystic Fibrosis Foundation, 4550 Montgomery Avenue, Suite 1100 N, Bethesda, MD 20814, ATTN: Compliance.
If you would like to request the deletion of personal information you have previously submitted to CFF, please email us at info@cff.org or write to us at Cystic Fibrosis Foundation, 4550 Montgomery Avenue, Suite 1100 N, Bethesda, MD 20814, ATTN: Compliance. Subject to applicable law and best practices, we will make commercially reasonable efforts to delete or suppress your personal information. Please be advised that we are required by law to retain certain records, such as donation and other records.

How to Unsubscribe from CFF Communications

If you do not wish to receive further emails, postal mail, or other communications from CFF, you may use the unsubscribe mechanism described in the communication you received, call us at 800-344-4823, email us at info@cff.org, or write to us at Cystic Fibrosis Foundation, 4550 Montgomery Avenue, Suite 1100 N, Bethesda, MD 20814, ATTN: Communications. 
It is our policy to honor any no-solicitation request as quickly as possible. We are legally required to internally retain records related to donations made, so we cannot delete your name upon request.  Instead, we flag records internally so we can honor no-solicitation requests by suppressing messages as requested.
We encourage donors who wish to have their names removed from CFF's and other mailing lists to contact the Direct Marketing Association (DMA) to enroll in the DMA's program to help control the mailings they will receive.
Changes to this Notice
We may update this Privacy Statement at any time and, if so, we will post the new effective date below. We expect that most changes will only be editorial in nature or reflect changes in the services we provide. However, in the unlikely event that we would ever make material changes that would permit us to share your information more broadly than we have previously described, we would post a prominent announcement on this site and/or ask for your consent. 
Your continued use of the Site after the effective date of the new Privacy Statement constitutes your consent to the new Privacy Statement.
The prior version of this Privacy Statement is available here.  
Contact Us
Cystic Fibrosis Foundation welcomes your comments. If you have any questions or comments about our Privacy Statement or our information practices, please contact us at info@cff.org or write to us at Cystic Fibrosis Foundation, 4550 Montgomery Avenue, Suite 1100 N, Bethesda, MD 20814, ATTN: Compliance.
Effective Date
The effective date of this Privacy Statement is September 22, 2017