Our Platform is available only to users who can form legally binding contracts under applicable law. By using the Platform, you represent and warrant that you are: (i) at least eighteen (18) years of age; and/or (ii) otherwise recognized as being able to form legally binding contract under applicable law. If you discover that information of anyone under eighteen (18) years of age was submitted to the Services, please contact us using any methods in the “Contacting Us” section below and we will remove such information.
TYPES OF INFORMATION WE COLLECT
NOCD collects information from you and about you. Here are some examples of the information we may collect:
- Contact Information. For example, we may collect your name, mailing address, telephone number and email address. We may also collect your mobile phone number.
- Account Information. If you create an account on our Platform, we will collect your username and password.
- Health Information. We may collect information about your condition including but not limited to obsessions, compulsions, triggers, intensity levels, time spent and location.
- Payment Information. For example, we may collect your billing address if you purchase a subscription through our Platform.
- Information You Post. We may collect information you post in a public space on our Platform, such as on our community forums. This may include any images and other user-generated content that you post.
- Social Media Information. We may collect information you post on our social media pages. We may also collect your social media profile information and information posted on your page.
- Information You Submit. We may collect information when you send us a message through the Platform. We may also collect the information you submit when sign-up for one of our partner programs.
- Demographic Information. We may collect your birthdate, age, gender and zip code.
- Employment Information. If you apply for a job through our Platform, we may collect your employment history and education background.
- Device Information. For example, we may collect the type of device you use to access our Platform. We may also collect your device hardware model and unique identifier, IP address or mobile operating system.
- Location Information. For example, we may collect precise location information from your device. This may include information about your exact location when you use our Platform. We may also collect this information in the background when our mobile applications are not in use. For more information about your options related to the collection of your location information, see the Choices section below.
- Other Information. If you use our website, we may collect information about the browser you are using. We might look at what site you came from, or what site you visit when you leave us. If you use our app, we might look at how often you use the app and where you downloaded it. We may also collect information about your Wi-Fi or mobile network.
HOW WE COLLECT YOUR INFORMATION
NOCD collects your information in different ways. Below are some examples of how we may collect your information on our Platform.
- Directly From You. For example, when you:
- Register for an account.
- Engage with our online communities.
- Submit a request for information about a clinical trial.
- Complete exercises on our mobile app.
- Apply for a job through our Platform.
- Sign up to receive our communications.
- Participate in one of our loyalty programs, promotions, surveys, or focus groups.
- Submit a request to our customer service team.
- Interact with NOCD social media pages.
- Passively. For example, when you:
- Install and use NOCD mobile apps.
- Visit and navigate our Platform on any device.
- Enable location-based features on our Platform.
We may also collect information about users over time and across different websites, apps and devices when you use the Platform. Third parties also collect personal information this way on our Platform.
- From Third Parties. We may receive information about you from other sources with your consent or as permitted by applicable law. For example, this may include receiving information from:
- Our business partners, including health care providers, organizations that sponsor medical trials, online advertising networks, analytics vendors, and companies that co-sponsor our promotions.
- Social media sites, including Facebook, Twitter, YouTube, Pinterest and Instagram.
- Companies that provide information to supplement what we already know about you.
- By Combining Information. For example, we may:
- Combine information that we collect offline with information we collect through our Platform.
- Combine information we collect about you from the different devices you use to access our Platform.
- Combine information we get from third parties with information we already have about you.
HOW WE USE YOUR INFORMATION
Examples of how we may use your information that we collect through our Platform include:
- To Provide Our Tools and Services. This could include fulfilling your requests for tools or services. It could also include processing purchases or other transactions.
- To Improve Our Tools and Services. We may use your information to make our Platform, tools and services better. We may also use your information to customize your experience with us.
- To Understand Your Interests. For example, we may use your information to better understand what tools interest you.
- To Respond to Your Requests or Questions. This may include responding to your feedback or notifying you if you win a promotion.
- To Communicate With You. We may communicate with you about your account or our relationship. We may also contact you about this Policy or our Platform terms and conditions.
- To Determine Your Eligibility. We may use your information to verify your identity or determine your eligibility for a job that we offer through our Platform. We may also use your information to determine your eligibility for certain clinical studies or services that are offered by us or our business partners.
- For Marketing Purposes. We may provide you with information about our tools and services. We might use your information to serve you ads about tools and offers. We might tell you about new features or updates. These might be third party offers or tools, services or studies we think you might find interesting. We may also use your information to send you electronic communications. We and our partners may engage in interest-based advertising using information gathered across multiple websites, devices, or other platforms. For more information about your choices related to these communications, see the Choices section below.
- For Security Purposes. This could include protecting our company and consumers who use our tools and services. It may also include protecting our Platform.
- As Otherwise Permitted By Law or As We May Notify You.
HOW WE SHARE YOUR INFORMATION
We may share your information in the following ways:
- Internally. We may share your information within our company as needed to provide the services.
- On our Platform. For example, we may display information you post in our community forums. We may also display information you submit in connection with a promotion.
- With Clinical Trial Sites. For example, if you ask for more information about a particular clinical trial, we may share the contact information you submit to us with a clinical trial site.
- With Clinical Service Providers. For example, if you ask for more information about a particular treatment or health provider, we may share the contact information you submit to us with the clinical service provider.
- With Our Service Providers. We may share your information with third parties who perform services on our behalf and with whom we have a contract that includes appropriate privacy obligations. For example, this may include payment processors, analytics vendors, companies that send emails on our behalf or help us run our Platform.
- With Our Business Partners. For example, this may include a company that co-sponsors a promotion.
- With Any Successors to All or Part of Our Business or One of Our Brands. For example, if NOCD merges with, acquires or is acquired, or sells a brand or part of its business to another business entity. This may include an asset sale, corporate reorganization or other change of control. We may transfer our customer information as part of such a transaction or as stand-alone assets. You hereby consent to such transfers and NOCD may assign and transfer all of the rights, benefits, duties, and obligations of this Policy, under the circumstances described in this paragraph.
- To Comply with the Law or To Protect Ourselves. For example, this could include responding to a court order or subpoena. It could also include sharing information if a government agency or investigatory body requests. We might share information when we are investigating a potential fraud. This could include fraud we think has occurred during a sweepstakes or promotion. Such uses shall only be as necessary or appropriate, and only as permitted under the Health Insurance Portability & Accountability Act and amendments thereto (HIPAA) or other applicable law: (a) to comply with legal process; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to protect our operations or those of any of our affiliates, including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
- For Such Other Purposes as You May Consent.
- For Other Reasons We May Describe to You.
CHOICES REGARDING YOUR INFORMATION
You have certain choices about how we use your information. Certain choices you make are browser and device-specific.
You can opt-out of receiving our marketing communications. Note that you will still receive transactional messages from us, including information about your account and responses to your inquiries. To opt-out of receiving our marketing communications, you can follow the instructions included with the communication.
Mobile Application and Location Based Services:
- If you have previously opted into NOCD’s collection and use of location-based information through our mobile applications, you may opt-out by adjusting the settings on your mobile device.
- You may also opt-out of location-based information collection by NOCD if you uninstall all NOCD mobile apps from your devices.
You may opt out by adjusting the settings on your mobile device.
Cookies & Other Tracking Technologies:
Cookies are small text files that websites place on your device as you are browsing, which are stored by your web browser. By storing data, cookies serve crucial functions for websites. If you prefer not to share data, you can disable them. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Services. One helpful summary of the different types of cookies websites use is available on the European Union’s privacy legislation website, which explains:
- Strictly necessary cookies — These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user.
- Preferences cookies — Also known as “functionality cookies,” these cookies allow a website to remember choices you have made in the past, like what language you prefer, what region you would like weather reports for, or what your user name and password are so you can automatically log in.
- Statistics cookies — Also known as “performance cookies,” these cookies collect information about how you use a website, like which pages you visited and which links you clicked on. None of this information can be used to identify you. It is all aggregated and, therefore, anonymized. Their sole purpose is to improve website functions. This includes cookies from third-party analytics services as long as the cookies are for the exclusive use of the owner of the website visited.
- Marketing cookies — These cookies track your online activity to help advertisers deliver more relevant advertising or to limit how many times you see an ad. These cookies can share that information with other organizations or advertisers. These are persistent cookies and almost always of third-party provenance.
To learn more, you can review the EU’s Cookies explanation here.
Our Do Not Track Policy:
- Some browsers have “do not track” features that allow you to tell a website not to track you. These features are not all uniform. We do not currently respond to those signals. If you block cookies, certain features on our sites may not work. If you block or reject cookies, not all of the tracking described here will stop.
- Options you select are browser and device specific.
RIGHTS REGARDING PERSONAL INFORMATION
You have the following rights (“Data Subject Right”) in relation to your personal information that we hold about you that is collected.
- Right of Access: If you ask us, we will confirm whether we are processing your personal information and, if so, provide you with a copy of all Personal information you are lawfully entitled to receive along with certain other details. If you require additional copies, we may need to charge a reasonable fee. In addition, you may request the categories of third parties with whom we share that personal information, and if we disclosed your personal information, the identify the personal information categories that each category of recipient obtained.
- Right to Request Rectification: If you believe your personal information is inaccurate or incomplete, you are entitled to request that we correct or complete it. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal information so you can contact them directly.
- Right to Erasure: You may ask NOCD to delete or remove your personal information, such as where you withdraw your consent, where applicable. If we shared your data with others, we will tell them about the erasure where possible. We have no current plans to share your personal information. But, should we ever share your personal information, if you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal information with so you can contact them directly.
- Right to Restrict Processing: You may ask us to restrict or ‘block’ the processing of your personal information in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your personal information with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal information so you can contact them directly.
- Right to Data Portability: You have the right to obtain your personal information from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that is processed by us by automated means. We will give you your personal information in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
- Right to Object: You may ask us at any time to stop processing your personal information, and we will do so:
- If we are relying on a legitimate interest to process your Personal information — unless we demonstrate compelling legitimate grounds for the processing; or
- If we are processing your personal information for direct marketing.
- Right to Withdraw Consent: If we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
- Rights in Relation to Automated Decision-Making: Individuals residing in the EU have the right to be free from decisions based solely on automated processing of your personal information, (including profiling) unless this is necessary in relation to a contract between you and us or you provide your explicit consent to this use.
- Right to Lodge a Complaint with the Data Protection Authority: Individuals that have a concern about our privacy practices, including the way NOCD handles your personal information, you can report it to the data protection authority that is authorized to hear those concerns.
If you wish to exercise any of these Data Subject Rights, please contact us via at the information provided in the HOW TO CONTACT US section below. We will try to comply with your request as soon as reasonably practicable and in compliance with applicable law. Where appropriate, we will transmit the amended information to third parties having access to your Personal Information.
We may deny your request to exercise any of your Data Subject Rights above if any such exercise of those rights might prevent NOCD from:
- Complying with legal obligations.
- Detecting security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debugging products to identify and repair errors that impair existing intended functionality.
- Making other internal and lawful uses of that information that are compatible with the context in which you provided it.
YOUR CALIFORNIA PRIVACY RIGHTS
In addition to the rights in the section above, if you reside in California, you have the right to ask us one time each year if we have shared personal information with third parties for their direct marketing purposes. To make a request, please send us an email at email@example.com or write to us at the address listed below. Indicate in your email or letter that you are a California resident making a “California Shine the Light” inquiry.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
- Select Information in Customer Records
We disclose your personal information for a business purpose to the following categories of third parties:
- Our affiliates
- Service providers
- Third parties to whom you authorize us to disclose your personal information in connection with products or services we provide to you
Sale of Personal Information:
In the preceding twelve (12) months, we have not sold any personal information.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
SECURITY AND RETENTION
NOCD seeks to use administrative, physical, and technical safeguards that are reasonable and appropriate for the protection of the Personal Information in our custody or control. When you access the Platform using modern web browsers, Secure Socket Layer (SSL) or Transport Layer Security (TLS) technology protects your information using both server authentication and data encryption. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contacting Us” section below.
As our operations are conducted from the US, all Personal Information that we collect is used and stored in the US, is subject to US laws, and may be subject to disclosure to US governments, courts, law enforcement, or regulatory agencies pursuant to those laws. NOCD is based in the United States. If you are using NOCD services from or in another country with laws governing data collection and use, please note that your Personal Information will be transmitted to our servers in the United States as necessary to provide you with the information that you requested, administer our contract with you or to respond to your requests as described in this Policy, and such Personal Information may be transmitted to our service providers supporting our business operations. The United States may have data protection laws less stringent than or otherwise different from the laws in effect in the country in which you are located. When we transfer your Personal Information out of your country, we will take steps to ensure that your Personal Information receives an adequate level of protection where it is processed, and your rights continue to be protected.
If you have any questions, comments, or concerns with respect to our privacy practices or this Policy, or wish to update your information, please feel free to contact us at firstname.lastname@example.org or at 312-766-6780. For citizens of the European Union or the United Kingdom, you can use this form to submit a request regarding your personal information that is processed by NOCD.
You may also write to us at the following address:
NOCD Attention: Privacy Officer 225 N Michigan Ave, Suite 1430 Chicago, IL 60601
CHANGES IN POLICY
From time to time, we may change our Policy. We will notify you of any material changes to our Policy as required by law. We will also post an updated copy on our Platform. This Policy is current as of the “last revised” date which appears at the top of this page.