Privacy Policy
Updated
January 27
, 2022
Welcome to the
Mayo Clinic website, mobile app, and related sites and digital and online
services (“Mayo Clinic Site,” the “Site,” or “Sites”), an
online e-commerce, information, and communications service provided by Mayo
Clinic and all affiliates (“Mayo Clinic” or “We” or “Us”).
We take your
privacy seriously, and we want you to know how we collect, use, share, and
protect your information. In addition to this privacy policy (“Privacy Policy”),
users of the Mayo Clinic Site should consult the Mayo Clinic Site
Terms of Use
as well as any product-specific terms and conditions that
apply. You may review
policies
specifically related to patient information (protected
health information or PHI) submitted through Mayo Clinic's
Patient Online Services
.
This Privacy
Policy applies to all Sites where it is posted. Other Mayo Clinic online
properties may have their own privacy policies that apply to those sites. You
should review those privacy policies in connection with your use of those
sites.
What Information
We Collect
Information
you give us:
We respect the right to privacy of all visitors to the Mayo Clinic Sites.
We receive and store some information that you enter on our Sites or that you provide
to us through the Sites in any other way.
The information
we collect or that you provide on or through our Sites or by using our services
includes:
· Data that may personally identify you, including your name, postal address, billing address, shipping address, e-mail address, home, work and mobile telephone numbers, age, date of birth, social security number, insurance policy number, physical characteristics that may personally identify you, sexual orientation, IP address, bank account number, credit or debit card number (for payment purposes only), national origin, ancestry, veteran or military status, medical conditions, race, citizenship, information about any physical or mental disabilities you may have, information related to your religious or philosophical beliefs, political opinions, information regarding your gender at birth and how you currently express your gender identity, information related to your sex life, such as pregnancy, child birth and related medical conditions, any history of criminal convictions, biometric information ( such as fingerprints, exercise data, psychological characteristics, face prints, gait patterns, genetics, behavioral characteristics, voice, sleep data, and iris/retina scans), and genetic information (including familial genetic information) (collectively, “Personal Data”);
·
Information that you provide by filling in forms on our Sites,
such as appointment request forms or product ordering forms. It also includes
information you provide when you register to use our Sites, purchase products,
or use services available through the Sites or facilities. We may also ask you
for information when you report a problem with our Sites.
Some forms collect sensitive information, such as health
information, necessary for us to provide our services to
you;
·
Records and copies of your correspondence (including email
addresses), if you contact us;
·
Your responses to surveys that we might ask you
to complete for research, development, and marketing purposes; and
·
Details of transactions you carry out through our Sites and of the
fulfillment of your orders. You may be required to provide financial
information before placing an order through our Sites.
You
also may provide information to be published or displayed (hereinafter, “Posted”) on public areas of the Sites
or transmitted to other users of the Sites or third parties (collectively, “User Contributions”). Your User
Contributions are Posted on and transmitted to others at your own risk.
Although we limit access to certain pages, please be aware that no security
measures are perfect or impenetrable. Additionally, we cannot control the
actions of other users of the Sites with whom you may choose to share your User
Contributions. Therefore, we cannot and do not guarantee that your User
Contributions will not be viewed by unauthorized persons.
Information
we collect automatically:
We collect information about you automatically as you navigate
through or use our Sites. Information collected automatically may include usage
details, IP addresses, session replay and recording technology (recording your
movements, clicks, etc. on our Sites), and information collected through
cookies, web beacons, pixels tags, and other tracking technologies. As you
navigate through and interact with our Sites, we may use automatic data
collection technologies (such as session replay and tracking technologies
referred to above) to collect certain information about your equipment,
browsing actions, and patterns, specifically:
·
Usage Details.
Details of your
visits to our Sites, such as traffic data, location, logs, referring/exit
pages, date and time of your visit to or use of our Sites,
error information, clickstream data, and other communication data and the
resources that you access and use on or in the Sites.
·
Device
Information.
Information
about your computer, mobile device, and Internet connection, specifically your
IP address, operating system, browser type, and App version information.
·
Location Data.
Information
about your location collected through Geolocation technology. Mayo Clinic
applications and services that run on mobile devices do not generally use
geolocation. However, the Mayo Clinic app can collect and use geolocation
information only for the limited purpose of facilitating check-in to your
scheduled appointment upon arrival. You may disable this functionality on your
mobile device by removing permission for the Mayo Clinic app to use location
services at any time.
The
information we collect automatically may include Personal Data or we may
maintain or associate information we collect with Personal Data we collect in other
ways or receive from third parties. It helps us to improve our Sites and to
deliver a better and more personalized service by enabling us to:
·
estimate our audience size and usage patterns;
·
improve our product and services offering;
·
store information about your preferences, allowing us to customize
our Sites according to your individual interests; and
·
recognize and/or authenticate you when you return to our Sites.
The
technologies we use for this automatic data collection may include:
·
Cookies (or
browser cookies)
.
We and our service providers may use cookies,
web beacons, and other technologies to receive and store certain types of
information whenever you interact with our Sites through your computer or
mobile device.
A cookie is a small file or piece of data sent from a
website and stored on the hard drive of your computer or mobile device. On your
computer, you may refuse to accept browser cookies by activating the
appropriate setting on your browser, and you may have similar capabilities on
your mobile device in the preferences for your operating system or browser.
However, if you select this setting you may be unable to access or use certain
parts of our Sites. Unless you have adjusted your browser or operating system
setting so that it will refuse cookies, our system will issue cookies when you
direct your browser to our Website or use our App.
· Pixels and Web Beacons . Pages on our Sites, or our e-mails, may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an e-mail and for other related Sites statistics (for example, recording the popularity of certain Sites content and verifying system and server integrity). For example, we use Tealium, Inc. (“Tealium”), to understand how users interact with our Sites. We use this information to assist us in improving our user experience.
·
Google
Analytics
. We use Google Analytics, a web
analytics service provided by Google, Inc. (“Google”) to collect certain information relating to your use of our
Sites. Google Analytics uses cookies,
which are text files placed on your computer, to help our Sites analyze how
users use the Sites. You can find out more about how Google uses data when you
visit our Sites by visiting “How Google uses data when you use our partners'
sites or apps”, (located at
www.google.com/policies/privacy/partners/
).
We may also use Google Analytics Advertising
Features or other advertising networks to provide you with interest-based
advertising based on your online activity.
For more information regarding Google Analytics please visit Google's
website, and pages that describe Google Analytics, such as
www.google.com/analytics/learn/privacy.html
.
· Facebook Pixel . We use Facebook Pixel, a web analytics and advertising service provided by Facebook Inc. (“Facebook”) on our Platform. With its help, we and our customers can keep track of what users do after they see or click on a Facebook advertisement, keep track of users who access our Platform or advertisements from different devices, and better provide advertisements to our target audiences. The data from Facebook Pixel is also saved and processed by Facebook. Facebook can connect this data with your Facebook or Instagram account and use it for its own and others advertising purposes, in accordance with Facebook’s Data Policy which can be found at https://www.facebook.com/about/privacy/ . Please click here if you would like to withdraw your consent for use of your data with Facebook Pixel https://www.facebook.com/settings/?tab=ads#_=_ .
·
Do Not Track Signals.
Some web browsers permit you to broadcast a
signal to websites and online services indicating a preference that they “do
not track” your online activities.
At
this time
,
we do not honor such signals; although, we currently do not use automated data
collection technologies to collect information about your online activities
over time and across third party websites or other online services for any
purpose, including advertising.
Email Communications,
Newsletter, and Related services
Our Sites
provide you with the opportunity to receive communications from us or third
parties. For example, you can sign up for a free Mayo Clinic email newsletter.
You can unsubscribe from this newsletter at any time. You may use the
unsubscribe mechanism or link in our marketing emails if you wish to stop
receiving marketing emails from us.
Email
communications that you send to us via the email links on our Site may be
shared with a customer service representative, employee, medical expert, or
agent that is most able to address your inquiry. We make every effort to
respond in a timely fashion once communications are received. Once we have
responded to your communication, it is discarded or archived, depending on the
nature of the inquiry. Note, that email communications that you send us via the
email links on our Site are not automatically encrypted, and it is possible
that unencrypted email communications with us may be accessed or viewed by
another internet user while in transit to us.
Surveys
We
occasionally survey visitors to our site. The information from these surveys is
used in aggregated, de-identified form to help us understand the needs of our
visitors so that we can improve our site. The information may be shared with
third parties with whom we have a business relationship. We generally do not
ask for information in surveys that would personally identify you; if we do
request contact information for follow-up, you may decline to provide it. If
survey respondents provide personal information (such as an email address) in a
survey, it is shared only with those people who need to see it to respond to
the question or request, or with third parties who perform data management
services for our site. Those third parties have agreed to keep all data from
surveys confidential.
How We Use
the Information We Collect
In addition
to the uses described above, we use the information we collect for things like:
·
Optimizing
the performance and user experience of our sites;
·
Operating,
evaluating, and improving our business;
·
Providing
healthcare services;
·
Fulfilling purchases,
orders, and requests for products, services, or information on our e-commerce
sites, including the Mayo Clinic Store and Mayo Clinic Marketplace;
·
Processing
returns and exchanges from our e-commerce sites, including the Mayo Clinic
Store and Mayo Clinic Marketplace;
·
Tracking and
confirming online orders from our e-commerce sites, including the Mayo Clinic
Store and Mayo Clinic Marketplace;
·
Delivering or
installing products;
·
Marketing and
advertising products and services, including by inferring your interests from
your interactions with our websites and newsletters and tailoring
advertisements, newsletters, and offers to you (both on our websites and on
other websites) based on your interactions with us in our stores and online interests;
·
Sending you
email newsletters;
·
Conducting
research and analysis;
·
Communicating
with you about your account, special events, and surveys; and
·
Establishing
and managing your accounts with us.
We may
combine this information with any other information we have about you,
including, if you are a Mayo Clinic patient, any PHI we have about
you. If we combine this information with your PHI, we will treat all of that information as PHI and will only use or
disclose that information as set forth in our
Notice of Privacy Practices
.
Data Retention
We will
retain your information for as long as your account is active or as needed to
provide you services, comply with our legal obligations, resolve disputes, and
enforce our agreements. You may request that we delete your data by contacting
us as provided below. However, we may not be able to honor that request in all
instances given the laws and regulations that apply to us. For example, under state and federal law, we
may be required to maintain some data that is specific to you and that may
identify you, such as your medical records or other information. We may also
have a legal basis or obligation to maintain medical and other information
about you to provide care and treatment or to comply with our professional,
legal, and other obligations.
Disclosure of
Your Information
We may share
the information we collect about you with third parties who we have engaged to
help us provide the Site, as well as the products and services available
through our Site. In this regard, we may disclose your Personal Data
to
affiliates, contractors, service providers, and other third parties we use to
support our business. The services provided by these organizations include
providing IT and infrastructure support services, advertising, marketing, and
payment processing services. Advertising and marketing partners such as
Facebook, Instagram, Google, and other
advertising networks may receive and use your Personal Data to assist us with
our advertising and marketing efforts.
In each case, we will ensure that these third parties have
agreed to safeguard your data.
Our
partner, Everyday Health, may use a third-party ad network provider, such as
Collective Media, to help present advertisements on this website.
We may
provide third parties with aggregate statistics about our visitors, traffic
patterns, and related site information. These data reflect site-usage patterns
gathered during visits to our website each month, but they do not contain
information that personally identifies you unless you have given us permission
to share that information.
We may also
disclose your Personal Data:
·
to a buyer or other successor in the event of a merger,
divestiture, restructuring, reorganization, dissolution, or other sale or
transfer of some or all of our assets, whether as a going concern or as part of
bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Mayo
Clinic about our Sites users are among the assets transferred;
·
to fulfill the purpose for which you provide it;
·
for any other purpose disclosed by us when you provide the information;
·
with your consent;
·
to comply with any court order, law, or legal process, including
to respond to any government or regulatory request;
·
to affiliates to market their products or services to you if you
have purchased one of our products and if you have not opted out of these
disclosures. For more information, see
Choices About
How We Use and Disclose Your Information
;
·
to enforce or apply our
Terms of Use
and other
agreements, including for billing and collection purposes; and
·
if we believe disclosure is necessary or appropriate to protect
the rights, property, or safety of Mayo Clinic, our customers, or others. This
includes exchanging information with other companies and organizations for the
purposes of fraud protection and credit risk reduction.
Choices
About How We Use and Disclose Your Information
We
do not control third parties’ use of cookies or how they manage the information
collected through the use of cookies. However, our
sponsors and advertisers have agreed that they will not collect any personally
identifiable information from our Site visitors while using our Sites. These
third parties may aggregate the information they collect with information from
their other customers for their own purposes.
In addition, we
strive to provide you with choices regarding the Personal Data you provide to
us. We have created or you have available mechanisms to provide you with
control over your Personal Data:
·
Cookie Settings
and Advertising
. You can set your browser or operating system to refuse all or
some cookies or to alert you when cookies are being sent. If you disable or
refuse cookies, please note that some parts of our Sites may then be
inaccessible or not function properly.
·
Promotional
Offers from Mayo Clinic
. If you do not
wish to have your email address used by us to promote our own products and
services, you can opt-out at any time by clicking the unsubscribe link at the
bottom of any email or other marketing communications you receive from us or submitting
a request to our
Preference Center
. This opt-out
does not apply to information provided to Mayo Clinic
as a
result of
a product purchase or your use of our services. If you wish to
opt-out of such sharing, please email us at
customerservice@mayopublications.com
.
·
Disclosure of
Your Information to Affiliates
. By purchasing our products, you
consent to our sharing of your Personal Data with our affiliates for their
promotional purposes. If you wish to unsubscribe from such affiliate
promotions, you can do so by clicking the unsubscribe link at the bottom of any
email or other marketing communications you receive from them. If you wish to
opt-out of such sharing, please email us at
customerservice@mayopublications.com
.
·
Targeted
Advertising
.
To learn more about interest-based advertisements and your opt-out rights
and options, visit the
Digital Advertising Alliance
and the
Network Advertising Initiative
(NAI) websites (
www.aboutads.info
and
www.networkadvertising.org
)
. Please note that if you choose to opt out, you will continue to see ads,
but they will not be based on your online activity.
We do not
control third parties’ collection or use of your information to serve
interest-based advertising. However, these third parties may provide you with
ways to choose not to have your information collected or used in this way. You
can also opt out of receiving targeted ads from members of the NAI on its
website.
Your Rights Regarding Your Information and Accessing and
Correcting Your Information
For non-patient information, you can Contact
Us through the Contact Information below to access and/or find out what
information we have about you and to correct that information. You can also review
and change your Personal Data by logging into our site and visiting either the
Settings or Account Preferences sections. You may also notify us through the Contact
Information below of any changes or errors in any Personal Data we have about
you to ensure that it is complete, accurate, and as current as possible or to
delete your account. We cannot completely delete your personal information
except by also deleting your account with us. We may not be able to accommodate
your request if we believe it would violate any law or legal requirement or if
we have a legal basis or obligation to maintain it, or if it would cause the
information to be incorrect.
If you are a
patient of Mayo Clinic, you can access the patient-related information that we
maintain about you through
Patient Online Services
or
through our health information management department. For more information
about requesting your medical records, ask us or go online to the Patient and
Visitor Guide for the location where you receive your care, then explore the
release of information options:
http://www.mayoclinic.org/patient-visitor-guide
. You also can request a correction to your patient information
through our Patient Online Services or health information management
department. In our mobile app, you can request to deactivate your account;
however,
we are still required maintain your
patient-related information under the Health Insurance Portability and
Accountability Act (HIPAA) and other federal and state law.
Security
Whether you
are visiting the Mayo Clinic Site or one of our clinic locations, we use
reasonable security measures to protect the confidentiality of personal
information under our control, and we appropriately limit access to it. We use
a variety of information security measures to protect your online transactions
with us. The Mayo Clinic Site uses encryption technology, such as Secure
Sockets Layer (SSL), to protect your personal information during data
transport. SSL protects information you submit via our website, such
as ordering information including your name, address, and credit card number. That being said, Mayo Clinic cannot ensure or warrant the
security of any information you transmit to us, and you do so at your own risk.
We have taken reasonable steps to ensure the integrity and confidentiality of
personally identifiable information that you may provide. You should
understand, however, that electronic transmissions via the internet are not
necessarily secure from interception, and so we cannot absolutely guarantee the
security or confidentiality of such transmissions.
Users in the
European Economic Area (EEA), the United Kingdom, and Switzerland
If you are a
resident of the EEA, the United Kingdom, or Switzerland, the
following information applies with respect to personal data collected through
your use of our Site.
Purposes of
processing and legal basis for processing:
As explained above, we process personal data in
various ways depending upon your use of the services. We process personal data
on the following legal bases: (1) with your consent; (2) as necessary to
provide the services; (3) to comply with our legal obligations; and (4) as
necessary for our legitimate interests in providing the services where those
interests do not override your fundamental rights and freedoms related to data
privacy.
Transfers:
Personal
data we collect may be transferred to, and stored and processed in, the United
States or any other country in which we or our affiliates or processors
maintain facilities. We will ensure that transfers of personal data to a country
or an international organization outside the EEA, the United Kingdom, or
Switzerland are subject to appropriate safeguards.
Your rights:
You are
entitled to the rights under Chapter III of the EU General Data Protection
Regulation, the United Kingdom General Data Protection Regulations and Data
Protection Act 2018, or Section 2 of the Swiss Federal Act on Data Protection
with respect to the processing of your personal data, which include the right
to access and rectify and to request erasure of personal data. In order to verify your identity, we may require you to
provide us with personal information prior to accessing any records containing
information about you. To exercise these rights, please contact Mayo’s Data
Protection Officer at
INTLcompliance@mayo.edu
.
Complaints or
concerns:
You are welcome to raise any complaints or concerns to Mayo Clinic by
contacting Mayo’s Data Protection Officer at
INTLcompliance@mayo.edu
. You also
have the right to lodge a complaint with a supervisory authority.
Other than our
Patient Online Services
, o
ur Sites are
not intended for users under 18 years of age. No one under age 18 may provide
any information to or through the Sites. We do not knowingly collect Personal
Data from users under 18. If you are under 18, do not use or provide any
information on or in our Sites or on or through any of their features,
including your name, address, telephone number, email address, or any screen
name or username you may use. If we learn we have collected or received
Personal Data from a user under 18 without verification of parental consent, we
will delete that information. If you believe we might have any information from
a user under 18, please
contact us at the contact information below.
Our Patient Online Services is available to patients 18
years of age and older. It is also available to patients who are between the
ages of 13 years old and 17 years old with the permission of their parents or
legal guardians.
Links to Other
Websites
Our Sites link
to other websites, many of which have their own privacy policies. Be sure to
review the privacy policy on the site you're visiting.
Privacy Policy
Updates
We may need
to update our Privacy Policy as technology changes and Mayo Clinic evolves. If
we make significant changes to this Privacy Policy, we'll post a prominent
message on our websites.
California
Residents
Mayo Clinic
is a not for profit exempted from the California Consumer Privacy Act (CCPA).
California Civil Code Section 1798.83 (California’s “Shine the Light”
law) permits users of our Sites that are California residents and who provide
Personal Data in obtaining products and services for personal, family, or
household use to request certain information regarding our disclosure of
Personal Data to third parties for their own direct marketing purposes. If applicable, this information would include
the categories of Personal Data and the names and addresses of those businesses
with which we shared your Personal Data with for the immediately prior calendar
year. You may request this information once per calendar year. To make such a
request, please c
ontact us using the information below.
Contact Information
If you have a
question or concern regarding your privacy, please contact Mayo Clinic's
Privacy Officer using the contact information below:
Mayo Clinic Privacy Officer
200 First St. SW
Rochester, MN 55905
507-266-6286