Privacy Policy for Reed’s Reach for 15q13.3 Foundation Inc

Effective Date: August 28, 2025

1. Introduction

Reed’s Reach for 15q13.3 Foundation Inc (the "Foundation," "we," "us," or "our") is dedicated to accelerating the development of diagnostics and therapies for 15q13.3 microdeletion syndrome, supporting scientific research, fostering a collaborative environment, serving as a trusted resource for families, and engaging in patient advocacy. This Privacy Policy explains how we collect, use, share, and protect your information when you visit our websites, reedsreach.org and reedsreach.com (the "Sites"), and in the future, if you choose to participate in our Patient Registry.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy is designed to comply with the EU's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and to establish the framework for our future compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA).

2. Information We Collect

We collect information in two distinct ways: information you provide to us directly through our general website activities, and sensitive information you may provide in the future for our Patient Registry.

A. Information Collected Through Our General Website:

This applies to all visitors of our Sites.

  • Personal Information You Provide: We collect personal information that you voluntarily provide to us when you sign up for our newsletter, make a donation, or contact us through our contact forms. This information is currently limited to:

    • Full Name

    • Email Address

  • Information Collected Automatically: As you navigate the Sites, we may use automatic data collection technologies (like cookies) to collect certain information about your device and browsing actions, such as your IP address, browser type, and operating system. This information is primarily used to improve our website and is often aggregated.

B. Information to be Collected for Our Future Patient Registry:

This section applies only to individuals who voluntarily choose to enroll in our Patient Registry once it becomes available. Participation is entirely optional.

The purpose of the Registry is to collect information about patients with 15q13.3 microdeletion syndrome to support and accelerate research.

The information collected for the Registry will be considered Sensitive Personal Information and, where applicable, Protected Health Information (PHI) under HIPAA and a special category of personal data under GDPR. Collection will only occur after you have been provided with detailed information and have given your explicit and informed consent and/or a signed HIPAA Authorization.

This information may include:

  • Identifying Information: Name, email, address, phone number, date of birth.

  • Demographic Information: Age, gender, ethnicity.

  • Health and Medical Information: Diagnosis details, symptoms, treatment history, medications, genetic test results, family medical history, and other relevant health data.

3. How We Use Your Information

  • For General Website Users:

    • To communicate with you, respond to your inquiries, and provide you with information.

    • To send you newsletters, updates, and other communications if you have consented to receive them.

    • To operate, maintain, and improve our Sites.

    • To process donations.

  • For Future Patient Registry Participants:

    • To create and maintain a secure database of patient information for research purposes.

    • To share de-identified or aggregated data with trusted research partners (such as universities, non-profit research organizations, and pharmaceutical companies) to advance the understanding of 15q13.3 microdeletion syndrome.

    • To share identifiable data with research partners only with your separate, explicit consent for a specific research study.

    • To contact you about potential opportunities to participate in clinical trials or other research studies.

4. Legal Basis for Processing (for GDPR)

We process personal data based on the following legal grounds:

  • Consent: We process your name and email for our newsletter based on your consent.

  • Explicit Consent for Health Data: For the Patient Registry, our legal basis for processing health data is your explicit consent, as required under Article 9 of the GDPR. Health data is considered a "special category of personal data" under EU law and is granted the highest level of protection. Your explicit consent will be obtained for the specific, defined purpose of scientific and medical research. You have the right to withdraw this consent at any time.

  • Legitimate Interests: We may process information to respond to your inquiries or protect our Sites from fraud, which constitutes our legitimate interest.

5. Data Sharing and Disclosure

We do not sell your personal information.

  • Service Providers: We may share general website information with third-party vendors who perform services for us, such as email delivery or website hosting. These vendors are contractually obligated to protect your data.

  • Research Partners (Patient Registry Data):

    • De-identified Data: We may share data that has had identifiers removed (a process known as pseudonymization or anonymization), so that you cannot reasonably be identified.

    • Identifiable Data: We will NEVER share your identifiable health information with a research partner without your specific, written authorization for that particular use or disclosure.

  • Legal Requirements: We may disclose your information if required to do so by law or in response to a valid request by a public authority.

6. Your Privacy Rights

You have specific rights regarding your personal information. To exercise any of these rights, please contact us at privacy@reedsreach.org.

A. Rights Under GDPR (for individuals in the EEA/UK):

  • Right of Access: You can request a copy of the data we hold about you.

  • Right to Rectification: You can ask us to correct inaccurate or incomplete data.

  • Right to Erasure ("Right to be Forgotten"): You can ask us to delete your personal data.

  • Right to Restrict Processing: You can ask us to limit the use of your personal data.

  • Right to Data Portability: You can request that we provide your data in a machine-readable format.

  • Right to Object: You can object to us processing your data.

  • Right to Withdraw Consent: You may withdraw your consent at any time, especially your explicit consent for the processing of health data.

B. Rights Under CCPA/CPRA (for California residents):

  • Right to Know: You can request to know what personal information we have collected, used, and disclosed.

  • Right to Delete: You can request the deletion of your personal information.

  • Right to Correct: You can request the correction of inaccurate personal information.

  • Right to Opt-Out of Sale/Sharing: We do not sell personal information. You will be provided with clear options to control any "sharing" of your data for research purposes.

  • Right to Limit Use of Sensitive Personal Information: You have the right to limit the use of your sensitive information.

7. Specific Provisions for Health Information (HIPAA & GDPR)

When we launch the Patient Registry, we will adhere to the highest standards of health information privacy.

  • For U.S. Participants (HIPAA): Your participation will require signing a specific, detailed HIPAA Authorization Form, separate from any general website consent. This form will explain exactly what information will be used and how it will be shared. We will implement all required administrative, physical, and technical safeguards and sign Business Associate Agreements with any partners who may access the data.

  • For EU Participants (GDPR): As stated under our Legal Basis, your health data is a special category of personal data under Article 9 of the GDPR.

    • Processing will only occur based on your explicit consent for the specified purpose of research.

    • We will implement enhanced security measures, such as encryption and pseudonymization, to protect your data.

    • You have the absolute right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

8. Data Security

We use robust administrative, technical, and physical security measures to protect your personal information. This includes encryption, access controls, and secure storage. While we have taken reasonable steps to secure the information you provide to us, please be aware that no security measures are perfect or impenetrable.

9. International Data Transfers

Your information may be transferred to, and maintained on, computers located outside of your state, province, or country. When transferring special categories of data, such as health information, from the European Economic Area (EEA), UK, or Switzerland, we will apply the highest standard of care. Such transfers will be protected by legally-provided mechanisms, which may include Adequacy Decisions or the use of Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Children's Privacy

Our general website is not intended for children under the age of 16, and we do not knowingly collect data from them. The Patient Registry may in the future accept data from minors with the verifiable consent of a parent or legal guardian, in accordance with applicable laws (e.g., COPPA in the U.S. and GDPR in the EU).

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Effective Date." We encourage you to review this policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us at:

Reed’s Reach for 15q13.3 Foundation Inc

161 South St. Hightstown, NJ

contact@reedsreach.org