the breasties privacy statement

Last Updated: August 22, 2024
The Breasties (“The Breasties,” “we,” “our,” or “us”) is the first all-inclusive nonprofit organization creating an international community for survivors, previvors, thrivers, and carevivors impacted by breast and gynecological cancers. We are on a mission to empower through connection, free events and trusted resources, and to fund cancer research. We do not knowingly attempt to solicit or receive information from children.
This Privacy Statement explains how The Breasties collects, uses, and shares information about you. This Privacy Statement applies when you use our websites (including www.thebreasties.org), mobile applications, and other online products and services that link to this Privacy Statement, communicate with us, engage with us on social media or at our live events, or otherwise interact with us (collectively, our “Services”). 
Disclosure Regarding the Supplemental Consumer Health Data Privacy Statement. For information on our processing of “consumer health data” that is subject to the Washington My Health My Data Act or Nevada Senate Bill 370, please see Annex A – Supplemental Consumer Health Data Privacy Statement.
1. UPDATES TO THIS PRIVACY STATEMENT2. PERSONAL INFORMATION WE COLLECT3. HOW WE USE PERSONAL INFORMATION4. HOW WE DISCLOSE PERSONAL INFORMATION5. THIRD PARTY LINKS, CONTENT, AND EMBEDS6. YOUR PRIVACY CHOICES AND RIGHTS7. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION8. RETENTION OF PERSONAL INFORMATION10. SUPPLEMENTAL NOTICE FOR EU/UK GDPR11. CHILDREN’S PERSONAL INFORMATION12. THIRD-PARTY WEBSITES/APPLICATIONS13. CONTACT US
ANNEX A – SUPPLEMENTAL CONSUMER HEALTH DATA PRIVACY STATEMENT

1. UPDATES TO THIS PRIVACY STATEMENT

We may update this Privacy Statement from time to time in our sole discretion. If we do, we’ll let you know by posting the updated Privacy Statement on our website, and/or we may also send other communications. 

2. PERSONAL INFORMATION WE COLLECT

We collect personal information you provide to us, personal information we collect automatically when you use the Services, and personal information from third-party sources, as described below.

A. Personal Information You Provide to Us Directly

● We may collect personal information that you provide to us. For example, you share information directly with us when you fill out a form, submit or post content (including photographs, videos, and voice recordings) through our Services, communicate with us via third-party platforms, request customer support, or make a donation. 
The types of personal information we may collect from you include your name, display name, username, email address, business information, your content, your avatar image, photos, videos, posts, responses, and any other information you choose to provide such as your sexual orientation or meal and/or accommodation preferences including any dietary restrictions or accessibility requirements. 
In some cases, we may also collect information you provide about others, such as when you share links or posts with others, make a donation in honor or memory of another person, or purchase merchandise as a gift for someone.
Specific examples of personal information we receive directly from you include:
• Account Information. We may collect personal information in connection with the creation or administration of your account. This personal information may include, but is not limited to, your name, email address, postal address, phone number, health status, photo, avatar image, and other information you store with your account such as your health status, sexual orientation, gender identity or expression, and dietary needs.
• Purchases. We may collect personal information and details associated with your purchases, including payment information. Any payments made via our Services are processed by third-party payment processors. We do not directly collect or store any payment card information entered through our Services, but we may receive information associated with your payment card information (e.g., your billing details).
• Your Communications with Us. We, and our service providers, may collect the information you communicate to us, such as through email or a web chat tool.  
• Surveys. We may contact you to participate in surveys. If you decide to participate, we may collect personal information from you in connection with the survey.
• Interactive Features. We and others who use our Services may collect personal information that you submit or make available through our interactive features (e.g., videos and livestreams that you upload to our Services, messaging features, commenting functionalities, forums, blogs, and social media pages). Any information you provide using the public sharing features of the Services (including the videos and livestreams) will be considered “public.”
• Sweepstakes or Contests. We may collect personal information you provide for any sweepstakes or contests that we offer. In some jurisdictions, we are required to publicly share information of sweepstakes and contest winners.
• Publications, Conferences, and Other Events. We may collect personal information from individuals when we publish newsletters and other publications, attend or host conferences and other events. Please note, many of our events, conferences, publications and newsletters are co-sponsored by The Breasties and our trusted partners. This means when you register and/or participate in a co-sponsored offering, you will be providing your information to both The Breasties and the applicable co-sponsor.
• Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities. • Job Applications. If you apply for a job with us, we will collect any personal information you provide in connection with your application, such as your contact information and CV. 

B. Personal Information Collected Automatically 

We may collect personal information automatically when you use the Services. 
• Device Information. We may collect personal information about your device, such as your Internet protocol (IP) address, user settings, cookie identifiers, other unique identifiers, browser or device information, Internet service provider, and location information (including, as applicable, approximate location derived from IP address and precise geo-location information). 
• Usage Information. We may collect personal information about your use of the Services, such as the pages you visit, items that you search for, the types of content you interact with, information about the links you click and/or share, follow users, comment on posts, the frequency and duration of your activities, and other information about how you use the Services.
• Transactional Information: We may collect personal information when you make a donation or purchase merchandise, we collect information about the transaction, such as subscription details, donation amount, purchase price, and the date of the transaction.
• Cookie Notice (and Other Technologies). We, as well as third parties, may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect personal information through your use of the Services. 
o Cookies. Cookies are small text files stored in device browsers.
o Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects personal information about use of or engagement with the Services. The use of a pixel tag allows us to record, for example, that a user has visited, a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.
See “Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.

C. Personal Information Collected from Third Parties

We may collect personal information about you from third parties. Examples of these third parties include: 
• Third-Party Services. If you access or interact with the Services using a Third-Party Service (defined below), we may collect personal information about you from that Third-Party Service that you have made available via your privacy settings. 
• Other Third Parties. We also obtain information from other sources and users. For example, we may collect information about you from our affiliated entities (such as our website or newsletter providers), trusted partners (such as payment processors and merchandise providers), donation sites, internet services, advertising networks, government entities, operating systems and platforms, employment recruiters, personal and professional references, background check providers, social networks and data analytics providers. Additionally, if you create or log into your account through a third-party platform (such as Apple, Facebook, Google, LinkedIn, or Twitter), we will have access to certain information from that platform, such as your name, lists of friends or followers, birthday, and profile picture, in accordance with the authorization procedures determined by such platform.
• Information We Derive. We may derive information or draw inferences about you based on the information we collect. For example, we may make inferences about your location based on your IP address or infer reading preferences based on your reading history.

3. HOW WE USE PERSONAL INFORMATION

We use personal information for a variety of business purposes, including to provide the Services, for administrative purposes, and to provide you with marketing materials, as described below. Users are solely responsible for the content of messages they post on The Breasties’ forums, such as chat rooms and bulletin boards. Users should be aware that when they voluntarily disclose personal information (e.g., username, e-mail address, phone number) on the bulletin boards or in the chat areas, that information can be collected and used by others and may result in unsolicited messages from other people. You are responsible for the personal information you choose to submit in these instances. Please take care when using these features. 

A. Provide the Services

We use personal information to fulfill our contract with you and provide the Services, such as:

• Managing your information;
• Providing access to certain areas, functionalities, and features of the Services;
• Answering requests for support;
• Communicating with you;
• Sharing personal information with third parties as needed to provide the Services;
• Processing your financial information and other payment methods for products and Services purchased;
• Processing applications if you apply for a job we post on our Services; and
• Allowing you to register for events and publications.

B. Administrative Purposes

We use personal information for various administrative purposes, such as:

• Pursuing our legitimate interests such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention;
• Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;
• Carrying out analytics;
• Measuring interest and engagement in the Services;
• Improving, upgrading, or enhancing the Services;
• Developing new products and services;
• Creating de-identified and/or aggregated information. If we create or receive de-identified information, we will not attempt to reidentify such information, unless permitted by, or required to comply with, applicable laws;
• Ensuring internal quality control and safety;
• Authenticating and verifying individual identities, including requests to exercise your rights under this Privacy Statement;
• Debugging to identify and repair errors with the Services;
• Auditing relating to interactions, transactions, and other compliance activities;
• Enforcing our agreements and policies; and
• Carrying out activities that are required to comply with our legal obligations.

C. Marketing

We may use personal information to tailor and provide you with marketing and other content. We may provide you with these materials as permitted by applicable law. 
California Shine the Light: If you are a California resident, you may annually submit a request to us to find out whether we have shared your personal information with third parties for the third parties’ direct marketing purposes. If you would like to submit such a request, please “Contact Us.”
If you have any questions about our marketing practices, you may contact us at any time as set forth in “Contact Us” below. 

D. With Your Consent or Direction 

We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information, with your consent, or as otherwise directed by you.

E. Automated Decision Making

We do not engage in automated decision making or profiling. 

4. HOW WE DISCLOSE PERSONAL INFORMATION

We disclose personal information to third parties for a variety of business purposes including to provide the Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below. Examples of how we disclose personal information include, but are not limited to:

• We share personal information with your consent or at your direction.
• If you submit a product review or post content in another public area of our Services, we share this information publicly on our Services.
• If you choose to use integrations we offer on our Services, such as sharing your location through our Google Maps integration, we may share certain information with the integration partners.
• We share personal information to employment recruiters, background check providers, personal and professional references and others as appropriate to the employment recruitment, evaluation, and hiring process.
• We also share aggregated or de-identified information that cannot reasonably be used to identify you.

A. Disclosures to Provide the Services

We may disclose any of the personal information we collect to the categories of third parties described below.

• Service Providers. We may disclose personal information to third-party service providers to assist us with the provision of the Services. This may include, but is not limited to, service providers that provide us with hosting, customer service, analytics, marketing services, IT support, and related services. In addition, personal information and chat communications may be disclosed to service providers that help provide our communication features.
Some of the service providers we may use include:

o Google Analytics. For more information about how Google uses your personal information, please visit Google Analytics’ Privacy Policy. To learn more about how to opt-out of Google Analytics’ use of your personal information, please click here.

• Other Users With Whom You Share or Interact. We share personal information with other users of the Services. For example, if you use our Services to publish content, post comments, or send private notes, certain information about you will be visible to others, such as your name, photo, other account information you may provide, and information about your activities on our Services (e.g., recent posts and responses).

• Third-Party Services You Share or Interact With. The Services may link to or allow you to interface, interact, share information with, direct us to share information with, access and/or use third-party websites, applications, services, products, and technology (each a “Third-Party Service”).

Any personal information shared with a Third-Party Service will be subject to the Third- Party Service’s privacy policy. We are not responsible for the processing of personal information by Third-Party Services.

• Business Partners. We may share your personal information with business partners to provide you with a product or service you have requested. We may also share your personal information with business partners with whom we jointly offer products or services.

Once your personal information is shared with our business partner, it will also be subject to our business partner’s privacy policy. We are not responsible for the processing of personal information by our business partners.

• Affiliates. We may share your personal information with our current and future parents, affiliates, and subsidiaries and other entities under common control and ownership.

• Advertising Partners. We may share your personal information with third-party advertising partners. These third-party advertising partners may set Technologies and other tracking tools on our Services to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as “interest-based advertising”, “personalized advertising”, or “targeted advertising.”

Some of the advertising Technologies we may use include:

o Facebook Connect. For more information about Facebook’s use of your personal information, please visit Facebook’s Data Policy. To learn more about how to opt-out of Facebook’s use of your information, please click here while logged in to your Facebook account.
o Google. For more information about Google’s use of your personal information, please visit Google’s Data Policy. To learn more about how to opt-out of Google’s use of your information, please click here. 
o Instagram. For more information about Instagram’s use of your personal information, please visit Instagram’s Data Policy. To learn more about how to opt-out of Instagram’s use of your information, please click here while logged in to your Instagram account
o TikTok. For more information about TikTok’s use of your personal information, please visit TikTok’s Data Policy. To learn more about how to opt-out of TikTok’s use of your information, please click here.

However, we will not use or disclose to third parties personal information gathered in the health context for advertising, marketing, or other use-based data mining purposes.

B. Disclosures to Protect Us or Others

We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

C. Disclosure in the Event of Merger, Sale, or Other Asset Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, purchase or sale of assets, transition of service to another provider, or other similar corporate transaction, your personal information may be disclosed, sold, or transferred as part of such a transaction.

The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk. 

5. THIRD PARTY LINKS, CONTENT, AND EMBEDS

A. Third-Party Links and ContentWe may provide links to or embed videos hosted by third-party websites, services, and applications, such as YouTube, that are not operated or controlled by The Breasties. This Privacy Statement does not apply to third-party services, and we cannot take responsibility for the content, privacy policies, or practices of third-party services. We encourage you to review the privacy policies of any third-party service before providing any information to or through them. The Services may include an activity feed, social media buttons and widgets, such as the Facebook "Like" button or the "Share This" button. Your interactions with these features are governed by the privacy policy of the third-party service that provides the feature.
B. Embeds
The Breasties does not host some of the content displayed on our Services. Users may post content that is hosted by a third party but is embedded in our pages (an “Embed”). When you interact with an Embed, it can send information about your interaction to the hosting third party just as if you were visiting the third party’s site directly. For example, when you load a post page with a YouTube video Embed and watch the video, YouTube receives information about your activity, such as your IP address and how much of the video you watch. The Breasties does not control what information third parties collect through Embeds or what they do with the information. This Privacy Statement does not apply to information collected through Embeds. The privacy policy belonging to the third party hosting the Embed applies to any information the Embed collects, and we recommend you review that policy before interacting with the Embed.

6. YOUR PRIVACY CHOICES AND RIGHTS

A. Your Privacy Choices. The privacy choices you may have about your personal information are described below. 
• Account Management and Deletion. Account holders can manage and delete their personal information processed by Breasties by either navigating to the Settings or by sending an email to gro.seitsaerbeht%40olleh with “Account Deletion” in the subject line. Please note if you choose to delete your account, we may continue to retain certain information about you as required by law or for our legitimate business purposes including, but not limited to:
o Exercise our legitimate business interests, such as fraud detection and prevention and enhancing safety against malicious, deceptive, fraudulent or illegal activity, and/or to prosecute those responsible for such activity;o Establish, exercise, or defend legal claims, or comply with applicable law;o Perform our contract to which you are a party or in order to take steps at your request prior to entering into a contract;o Perform a task carried out in the public interest or in the exercise of official authority vested in The Breasties;o Identify, debug, and/or repair errors that impair intended functionality;o Exercise free speech and ensure the right of others to exercise their free speech or another right provided by law;o Complete a transaction and/or provide a good or service requested by you or reasonably anticipated by you within the context of the business relationship, or to otherwise perform the contract;o Protect your vital interests or the vital interests of others; ando As otherwise permitted under applicable law. 
• Email Communications. If you receive an unwanted email from us, you can use the unsubscribe functionality found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails. We may also send you certain non-promotional communications regarding us and the Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to this Privacy Statement).
• Text Messages. If you receive an unwanted text/SMS message from us, you may opt out of receiving future text messages from us by following the instructions in the text message you have received from us or by otherwise contacting us as set forth in “Contact Us” below.
• Mobile Devices. We may send you push notifications through our mobile application. You may opt out from receiving these push notifications by changing the settings on your mobile device. With your consent, we may also collect precise location-based information via our mobile application. You may opt out of this collection by changing the settings on your mobile device. To request deletion of your account, please use the standard deletion functionality available via the Services or contact us using the information set forth in “Contact Us” below. 
• Do Not Track signals and Global Privacy Control. Certain web browsers and other programs may transmit “do-not-track” “opt-out” signals, also called a Global Privacy Control (or “GPC”) signal (we refer to these as “GPC Signals”), to websites with which the browser communicates. In most cases you will need to change your web browser’s settings or add an application to your web browser to enable your browser to send a GPC Signal. Our websites will recognize GPC Signals for website users differently, based on the location of the user when they access our websites. For users that access our websites from U.S. states that have laws requiring recognition of GPC Signals, we will recognize and apply the GPC Signal to inactivate all the cookies for that website, except for cookies that are necessary for the website to operate. Additionally, if you are accessing our websites from one of these states, you can determine if your browser GPC Signal has been recognized by clicking on the “Do Not Sell or Share My Personal Information” link in the footer of the website and checking that appropriate cookies have been turned off. For users from states not currently requiring recognition of the GPC Signal, our website servers may recognize and apply the GPC Signal for only advertising and social media cookies but will not apply the GPC Signal to functional or performance cookies. You can always check and adjust your cookie settings by going to the “Do Not Sell or Share My Personal Information” link in the footer of this website.
Some web browsers incorporate other "do-not-track" (“DNT”) or similar features that signals to websites with which the browser communicates that a visitor does not want to have their online activity tracked. As of the Effective Date, not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, we along with many other digital service operators do not respond to all DNT signals. We recognize GPC signals as required under certain state privacy laws, but we do not currently recognize other DNT signals. For more information about the Global Privacy Control, please visit https://globalprivacycontrol.org.
• Cookies. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, the Services may not work properly. 
Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of certain tracking on some mobile applications by following the instructions for Android, iOS, and others.
The online advertising industry also provides mechanisms that may allow you to opt out of receiving targeted ads from organizations that participate in self-regulatory programs. To learn more, visit the Network Advertising Initiative, the Digital Advertising Alliance, and the European Digital Advertising Alliance. 
Please note you must separately opt out in each browser and on each device. 
B. Your Privacy Rights. In accordance with applicable law, you may have the right to:
• Right to Information. You may have the right to be informed about what personal information is collected and by whom, how it is processed, with whom it is shared, and how to exercise applicable rights in a clear and easily accessible format;
• Right of Access. You may have the right to confirm with The Breasties whether it is processing your personal information and to access such information; additionally, you may have the right to obtain details regarding the processing activities performed on your personal information;
• Right to Rectification. You may have the right to correct inaccurate personal information processed by The Breasties;
• Right to Erasure. You may have the right to have your personal information erased; this is not an absolute right and may only apply when certain legal conditions are met;
• Right to Object. You may have the right to object to the processing of your personal information, in certain circumstances as allowed by applicable law, including when your data is used for profiling and direct marketing practices; 
• Right of Restriction. If you challenge the lawfulness or accuracy of the processing, you may have the right to restrict the processing of your personal information until you receive the relevant information that may either lead to lifting the restriction or stop the processing;
• Right to Data Portability. You may have the right, in limited circumstances, to receive an electronic copy of your personal information and/or have it transferred to another individual or legal entity as per your request; and 
• Right to Withdraw Your Consent. When the processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. Please note your withdrawal will only affect future processing of personal information previously collected.
If you would like to exercise any of these rights, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.
Only you, or someone legally authorized to act on your behalf in certain jurisdictions, may make a request to exercise the rights listed above regarding your personal information. If your personal information is subject to a law that allows an authorized agent to act on your behalf in exercising your privacy rights and you wish to designate an authorized agent, please provide written authorization signed by you and your designated agent using the information found in “Contact Us” below and ask us for additional instructions.
To protect your privacy, we will take steps to verify your identity before fulfilling requests submitted under applicable privacy laws. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Examples of our verification process may include asking you to confirm the email address we have associated with you. 
Some laws may allow you to appeal our decision if we decline to process your request. If applicable laws grant you an appeal right, and you would like to appeal our decision with respect to your request, you may do so by informing us of this and providing us with information supporting your appeal.
If your personal information is subject to the applicable data protection laws of the European Economic Area or the United Kingdom, you have the right to lodge a complaint with the competent supervisory authority if you believe our processing of your personal information violates applicable law.  
• If your personal information is subject to the applicable data protection laws of the European Economic Area, you may find the contact details of the competent authorities in the following link: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.
• For the United Kingdom, you may lodge a complaint with the Information Commissioner’s Office (ICO) by clinking here: https://ico.org.uk/make-a-complaint/.

7. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

The Breasties is headquartered in the United States and we have operations in the United States and other countries. All personal information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. These countries may or may not have adequate data protection laws as defined by the data protection authority in your country. 
If we transfer personal information from the European Economic Area, Switzerland, and/or the United Kingdom to a country that does not provide an adequate level of protection under applicable data protection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses. 
For more information about the safeguards we use for international transfers of your personal information, please contact us as set forth below.

8. RETENTION OF PERSONAL INFORMATION 

We store the personal information we collect as described in this Privacy Statement for as long as you use the Services, or as necessary to fulfill the purpose(s) for which it was collected, provide the Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

To determine the appropriate retention period for personal information, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, certain risk factors, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.

9. SUPPLEMENTAL NOTICE FOR EU/UK GDPR

This Supplemental Notice for EU/UK GDPR only applies to our processing of personal information that is subject to the EU or UK General Data Protection Regulation.

In some cases, providing personal information may be a requirement under applicable law, a contractual requirement, or a requirement necessary to enter into a contract. If you choose not to provide personal information in cases where it is required, we will inform you of the consequences at the time of your refusal to provide the personal information.

The Breasties’ processing of your personal information may be supported by one or more of the following lawful bases:

If we process personal information that is considered a “special category of personal data”, then our processing of this personal information may be supported by one or more of the following conditions:

• Explicit Consent: You may have provided your explicit consent for our processing of your personal information. 
• Necessary for Employment, Social Security, or Social Protection Law Purposes: Our processing of your personal information may be necessary for the purposes of carrying out obligations and exercising specific rights in the field of employment, social security, and/or social protection law. 
• Necessary to Protect Vital Interests: Our processing of your personal information may be necessary to protect the vital interests of you if you are physically or legally incapable of giving consent. 
• Publicly Available Personal Information: Our processing of your personal information may relate to personal information which has been manifestly made public by you. 
• Necessary for the Establishment, Exercise or Defense of Legal Claims: Our processing of your personal information may be necessary for the establishment, exercise or defense of legal claims.
• Necessary for Substantial Public Interest: Our processing of your personal information may be necessary for reasons of substantial public interest. 
• Necessary for Medical Purposes: Our processing of your personal information may be necessary for the purposes of preventive or occupational medicine, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services, or pursuant to contract with a health professional. 
• Necessary for Substantial Interest in the Area of Public Health: Our processing of your personal information may be necessary for reasons of public interest in the area of public health. 

10. CHILDREN’S PERSONAL INFORMATION

The Services are not directed to children under 18 (or other age as required by local law outside the United States), and we do not knowingly collect personal information from children.
If you are a parent or guardian and believe your child has uploaded personal information to the Services in violation of applicable law, you may contact us as described in “Contact Us” below.

11. THIRD-PARTY WEBSITES/APPLICATIONS

The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk. 

12. CONTACT US 

The Breasties is the controller of the personal information we process under this Privacy Statement. 
If you have any questions about this Privacy Statement or would like to exercise your rights, please contact us at gro.seitsaerbeht%40ycavirp.
For individuals in the EEA, UK, and Switzerland: If you have a concern about our processing of personal information that we are not able to resolve, you have the right to lodge a complaint with the Data Protection Authority where you reside. 
Contact details for your Data Protection Authority can be found using the links below:• For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en• For individuals in the United Kingdom: https://ico.org.uk/global/contact-us/• For individuals in Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.htmlv
EU Data Protection Representative: [insert name and contact information]

ANNEX A – SUPPLEMENTAL CONSUMER HEALTH DATA PRIVACY STATEMENT

This Supplemental Consumer Health Data Privacy Statement (“Consumer Health Data Privacy Statement”) supplements The Breasties’ Privacy Statement.

This Consumer Health Data Privacy Statement only applies to personal information that we process that is “consumer health data” subject to the Washington My Health My Data Act (“MHMDA”) or Nevada Senate Bill 370 (“NV SB 370”) (as applicable).

Terms used in this Consumer Health Data Privacy Statement that are defined in MHMDA or NV SB 370 will have the meaning set forth in those laws to the extent such laws are applicable. 

1. CONSUMER HEALTH DATA WE COLLECT

Under the MHMDA, “consumer health data” is defined as “personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status.”
Under NV SB 370, “consumer health data” is defined as “personally identifiable information that is linked or reasonably capable of being linked to a consumer and that a regulated entity uses to identify the past, present or future health status of the consumer.”
Because consumer health data is defined very broadly, many of the categories of personal information that we collect under our Privacy Statement may also be considered consumer health data.
Examples of consumer health data that you may provide to us, or that we may otherwise collect, may include:
• Information that could identify your attempt to seek health care services or information, including services that allow you to assess, measure, improve, or learn about your or another person’s health. For example, we collect your search queries on the Services, which may include queries or other information concerning nutrition, wellness, fitness, medical conditions, or other health-related topics.• Information about your health-related conditions, symptoms, status, diagnoses, disease, testing, or treatments.• Information about social, psychological, behavioral, and medical interventions. • Information about use or purchase of prescribed medication. • Information about measurements of bodily functions, vital signs, symptoms, or characteristics.• Information about diagnoses or diagnostic testing, treatment, or medication. • Information about surgeries or other health-related procedures. • Reproductive or sexual health information. • Information about gender-affirming care. • Biometric information. • Genetic data. • Information about your access to healthcare, including precise location information that could reasonably indicate an attempt to acquire or receive health services or supplies; or• Information processed to associate or identify an individual with the data listed above that is derived or extrapolated from non-health information.• Information related to the precise (geo)location information of a consumer used to indicate an attempt by a consumer to receive health care services or products. • Other information that may be used to infer or derive data related to the above or other consumer health data. 

2. SOURCES OF CONSUMER HEALTH DATA

We collect consumer health data that you provide to us, consumer health data we collect automatically when you use the Services, and consumer health data from third-party sources, as described in our Privacy Statement and below.

3. WHY WE COLLECT AND USE CONSUMER HEALTH DATA

We collect and use consumer health data for the purposes and in the manner described in the “How We Use Personal Information” section of the Privacy Statement.

Primarily, we collect and use consumer health data as reasonably necessary to provide you with the products or Services you have requested or authorized. This may include delivering and operating the products or Services and their features, personalization of certain product or Services features, ensuring the secure and reliable operation of the products or Services and the systems that support them, troubleshooting and improving the products and Services, and other essential business operations that support the provision of the products and Services (such as analyzing our performance and meeting our legal obligations).

We may also use consumer health data for other purposes for which we give you choices and/or obtain your consent as required by law.

4. SHARING OF CONSUMER HEALTH DATA

We may share each of the categories of consumer health data described above for the purposes described above and in the “How We Use Personal Information” section of the Privacy Statement.

In particular, we may share consumer health data, with your consent or as reasonably necessary to complete any transaction or provide any product or Service you have requested or authorized, as described above.

We only share or disclose your Consumer Health Data as needed to provide you with the products or services that you request, or with your explicit consent. We may share or disclose any or all the above categories of Consumer Health Data to the following entities, who shall use the data only as permitted for the purposes set forth above, and within the bounds of our contracts with them:
These general categories of third parties:
• Business Collaborators
• Product co-promotion partners
• Product co-development partners
• Marketing and Advertising Agencies
• Social Media Companies and Platforms
• Service Providers (including those hosting or analyzing data on our behalf, those assisting with fraud prevention, those assisting in program administration, those assisting in incident management and reporting, those administering our call center and websites, and those who assist with our information technology and security programs)
• Emergency Personnel
• Health insurance companies, health plans, and/or other payors
• Authorized/legal representatives, family members, and caregivers
• Third parties (including those with whom rē•spin has joint marketing and similar arrangements, those who provide marketing and data analytics services, those who provide program enrollment or product fulfillment, payment, and authorization, other third parties as necessary to complete transactions and provide products/services, or where required by law)
• Our lawyers, auditors, and consultants
• Legal and regulatory bodies
In addition, we may share or disclose Consumer Health Data as permitted or required by law, such as (i) to an acquiring organization if we are involved in a sale or a transfer of our business, (ii) as needed to prevent, detect, protect against, or respond to security incidents, identity theft, fraud, harassment, malicious or deceptive activities, (iii) in situations that may involve violations of our terms of use or other rules, (iv) to protect our rights and the rights and safety of others, (v) as needed to support external auditing, compliance and corporate governance functions, (vi) as needed to preserve the integrity or security of our systems, or (vii) to investigate, report, or prosecute those responsible for any action that is illegal under applicable state or Federal law.

5. HOW TO EXERCISE YOUR RIGHTS

MHMDA and NV SB 370 provide consumers with certain rights with respect to consumer health data.

Under MHMDA, consumers have the right to: (i) confirm whether The Breasties is collecting, sharing, or selling consumer health data and to access such data; (ii) withdraw consent from The Breasties’ collection and sharing of consumer health data; and (iii) request that The Breasties delete consumer health data.

Under NV SB 370, consumers have the right to: (i) confirm whether The Breasties is collecting, sharing or selling consumer health data; (ii) have The Breasties provide the consumer with a list of all third parties with whom The Breasties has shared consumer health data relating to the consumer or to whom The Breasties has sold such consumer health data; (iii) request that The Breasties cease collecting, sharing, or selling consumer health data relating to the consumer; and (iv) request that The Breasties delete consumer health data.

The rights afforded to consumers under MHMDA and NV SB 370 are subject to certain exceptions.

Subject to certain legal limitations and exceptions, you have the following rights with respect to any Consumer Health Data we may collect about you:
• The right to confirm whether we are collecting, sharing, or selling your Consumer Health Data and to access such data, including to receive a list of affiliates or specific third parties with whom we have shared or sold your information, along with contact information such as an active email address for each third party;
• The right to review and request corrections to your Consumer Health Data;
• The right to withdraw consent from our collection or sharing of your Consumer Health Data; and
• The right to request that we delete your Consumer Health Data.
We will not discriminate against you for exercising any of your rights. We will make reasonable efforts to respond promptly to your requests in accordance with applicable laws. Please allow 45 days for a response. We may, after receiving your request, require additional information from you to authenticate your request and verify your identity. Please be aware that we may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.
You can request to exercise such rights by following the instructions found under the “Your Privacy Choices and Rights” section of the Privacy Statement.

If your request to exercise a right under MHMDA or NV SB 370 is denied, you may appeal that decision by contacting us at: gro.seitsaerbeht%40olleh.

If your appeal is unsuccessful and your consumer health data is subject to MHMDA, you can raise a concern or lodge a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint.

6. DISCLOSURE REGARDING THIRD PARTY COLLECTION OF CONSUMER HEALTH DATA UNDER NV SB 370 

This Supplement applies to Nevada consumers for purposes of providing additional disclosures required by Nevada's Consumer Health Data Privacy Law. We collect, use, process, and share Consumer Health Data for the purposes and manners described above in our Consumer Health Data Privacy Notice.
Third Party Collection of Consumer Health Data on Our Websites. We limit third party collection of Consumer Health Data over time and across different Internet websites or online services when Nevada consumers use our websites or online services. We do this by disabling certain cookies or by ensuring that entities whose cookies, web beacons, pixels, and other online trackers we use on our websites and online services are our service providers or processors under applicable U.S. state privacy or consumer health data privacy laws. Nonetheless, please note that other third parties may still be able to process Consumer Health Data from you over time and across different websites depending on your browser, browser settings and add-ons, and associated permissions you have set on your device. This collection of Consumer Health Data by those third parties is unrelated to our processing of Consumer Health Data from you, and we encourage you to review your browser settings and review those third parties’ privacy notices for more information about their Consumer Health Data practices.
Review and Revision of Consumer Health Data. If you would like to review and/or revise your Consumer Health Data, you may submit a request to us via any of the methods listed in this Notice.

7. UPDATES TO THIS CONSUMER HEALTH DATA PRIVACY STATEMENT

We may update this Consumer Health Data Privacy Statement from time to time in our sole discretion. If we do, we’ll let you know by posting the updated Consumer Health Data Privacy Statement on our website, and/or we may also send other communications.