Privacy Policy

Last Updated: September 29, 2023

This is the privacy policy (“Privacy Policy”) for the Group for Research and Assessment of Psoriasis and Psoriatic Arthritis, a tax-exempt 501(c)(3) organization in the United States (“GRAPPA US”), and its affiliate non-profit organization in the European Union, the Stichting Group for Research and Assessment of Psoriasis and Psoriatic Arthritis EU (“GRAPPA EU”) (collectively, "GRAPPA," "us," "we," or "our"). The purpose of this Privacy Policy is to describe how GRAPPA collects, uses, and shares certain types of information through our various online interfaces, which includes our organization’s websites at https:// www.grappanetwork.org and https://informatree.org/, the subdomains applicable to each (including elearn.grappanetwork.org) (collectively referred to herein as the "Site"), and our mobile application (available through Google Play and the Apple Store) (collectively referred to herein as the “Application”).

This Privacy Policy sets forth the terms between GRAPPA and visitors and users of the Site and/or the Application, as well as members of GRAPPA, (collectively “you” or “your”) regarding the collection, use, and sharing of information from or about you through the Site and/or the Application.

Please read this Privacy Policy carefully before using our Site or the Application. If you are a visitor from the European Economic Area, Switzerland, and/or the United Kingdom, you may be entitled to additional rights regarding your privacy and personal data in addition to the rights provided below. Please refer to the section titled “Rights of Site Users in Europe” below.

DEFINITION OF PERSONAL DATA

As used in this Privacy Policy, "Personal Data" means information that can be used to identify you under applicable data privacy laws. The term “Personal Data” can include information such as your name, address, telephone number, and e-mail address, but can also include indirect identifiers such as your IP address or device identifier.

The term “Personal Data” does not include aggregate information, which is data we collect about the use of the Site or categories of such users unless it is linked with your other Personal Data. Such aggregate data is not subject to the terms of this Privacy Policy.

WHEN WE COLLECT DATA

Some functions of the Site and the Application can be used without requiring that you provide any information that would personally identify you.

At this time, we do not collect any Personal Data through the Application. Any data that you enter into the Application will not be retained within the Application, and will immediately be deleted as soon as your session is closed. As the developer of the Application, however, GRAPPA may receive certain data sets from Google Play and the Apple Store, comprising non-personally identifiable aggregated user data about the persons who download the Application. Because this data cannot be de-aggregated, used to identify you, or otherwise linked back to you, we do not treat such data as Personal Data.

In order to access certain features and benefits on our Site, you may need to submit, or we may collect, certain Personal Data from you. We use varying methods to collect Personal Data on the Site. Some types of Personal Data are collected through automated technologies, while others are provided directly by users of the Site. We discuss these methods below in the section titled “Data That We Collect”.

DATA THAT WE COLLECT

From time to time, you may provide various types of information about yourself to us through the Site. Our purposes for using or otherwise processing Personal Data are described in the section titled “Our Uses of Personal Data” below.

Except as set forth in this Privacy Policy, or with your consent, GRAPPA will not disclose any of your Personal Data to any third parties. In the interest of clarity: for organizational purposes, GRAPPA US

may, from time to time, share information about organization members and users of the Site with GRAPPA EU, and vice versa. Any Personal Data shared between GRAPPA US and GRAPPA EU will be treated according to the terms of this Privacy Policy.

Generally, you may provide us with two categories of data: User Data and Site Usage Data. The types of information that you may provide in each category, along with the technologies that we use to collect such information, are generally described in the sub-sections below:

User Data

“User Data” is the Personal Data that you provide to us directly when you sign up to receive informational e-mails from us, register for a membership account, provide your curriculum vitae as part of the membership application process, update or change information for your account, apply for project grant applications through our Site, send us e-mail messages, and/or otherwise participate in other services on our Site.

Any User Data that we receive about you is provided directly by you, or on your behalf, on a voluntary basis. We describe the most common types of User Data that you may expect to provide below:

● Account Registration. If you register for an account on our Site, you may be required to provide us with Personal Data such as your name, your e-mail address. As part of the process of becoming a member of GRAPPA, you may also be required to provide other Personal Data, including (without limitation) your mailing address, the name of your current and past employer(s), your field(s) of specialization, your industry, your education history, your organizational sponsor, and any other Personal Data that you elect to include in your curriculum vitae.

● Subscription To Receive Notices. GRAPPA offers users and members the ability to subscribe and to receive updates about organization meetings as well as GRAPPA related events and projects via e-mail. Such events and projects include, without limitation, current research and data relating to diagnosis, treatment and pathogenesis of psoriasis and psoriatic arthritis. In order to subscribe to these services, you may be required to provide us with Personal Data such as your name and e-mail address.

● Communications with GRAPPA. When you send e-mail messages to GRAPPA, we may receive Personal Data about you, and may use the information provided by you to respond to your communication and/or as described in this Privacy Policy. We may also archive this information and/or use it for future communications with you where we are permitted by law to do so. Where we send you e-mails, we may track the way that you interact with these e-mails (such as when you open an e-mail or click on a link inside an e-mail). We use this information for the purposes of optimizing and better tailoring our communications to you.

● Learning Modules. If you access or use the learning modules provided through our Site, we may process your Personal Data in order to provide the modules to you. We may also process related information in connection with your use of our learning modules, including your course completion rate, the materials you download, the comments that you provide, and other content.

From time to time, we may also collect additional Personal Data when you or others provide your curriculum vitae in the membership process, or provide content to be posted on the Site. We may use such data for any of the foregoing items (account registration, communications, and notifications), as well as to assess our resources, projects, and opportunities for members.

Unless expressly requested, you should not provide any Personal Data or other information of a personal or sensitive nature, whether relating to you or another person, either by posting such information on the Site or by providing such information through your communications to us.

Site Usage Data

When users come to our Site, we automatically track and collect information about those visits in our server logs from the user’s browser or device. This information is known as “Site Usage Data”. Information that we automatically collect may include Personal Data such as the user’s IP address, geolocation data, device identification, browser type, and operating system, as well as the referring or exit pages, the page(s) requested, the pages that you visit and the time of your visits, and cookie information. Based on the user’s IP address, we may be able to obtain further Personal Data about the user, such as the identity of their internet service provider and the geographic location of their point of connectivity. Other types of information that we collect as Site Usage Data includes aggregate data such

as the pages of our Site that were visited, the order in which those pages were visited, when they were visited, and which hyperlinks were "clicked” on our Site. We do not treat Site Usage Data as Personal Data if it falls within the category of aggregate data.

Please see the next sub-header in this section (Cookie Policy) for a description of the technologies that we use to automatically collect Site Usage Data.

Cookie Policy

We collect the information described in the sub-section titled “Site Usage Data” by using certain technologies known as ‘cookies’ or ‘web beacons’. A cookie is a piece of data that is stored on your hard drive and records your preferences and other data about your visit to the Site. Web beacons are small, invisible graphic images that allow the collection of certain information and monitor user activity on the Site.

We may use cookies, web beacons, frames, server log analyses, and similar technologies to customize your experience with our Site. For example, certain features of our website use WordPress cookies to determine if a user is logged in or not. A full list of the visitor information that we collect through such technologies can be viewed by clicking on the cookie settings button displayed at the bottom of the page.

We do not currently enable Google Analytics, and the Google Analytics tags deployed on our Site are not used to process your Personal Data. In the event that we enable Google Analytics in the future, however, cookies enabled by Google Analytics may process your Personal Data when you visit or interact with the

Site. For more information about your current cookie preferences, please click on the cookie settings button displayed at the bottom of the page.

Many internet browsers will allow you to erase cookies from your hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. However, if you block cookies on our Site, some portions of the Site may not function as intended.

Generally, all cookie and/or web beacon data is treated and used in the aggregate. We use such aggregate data for purposes such as customizing our users' visits to our Site, and helping us to understand trends and user needs so that we can improve the Site. Because aggregate data does not identify you and cannot be traced back to you, it is not subject to this Privacy Policy unless it is internally linked to your Personal Data. If we link or combine any of the aggregate data that we collect from you with any of your Personal Data, we will treat such linked aggregate data in the same way that we treat the rest of your Personal Data until the aggregate data is no longer linked to Personal Data.

OUR USES OF PERSONAL DATA

In general, we use Personal Data that we collect from you to process your requests, to facilitate your use and our administration and operation of the Site, to provide you with information or services you request, to inform you about events, services, research, and projects we think will be of interest to you, and to learn more about and improve the Site and for the purpose for which information was provided. Some of the ways in which we may use the information that we collect include:

● establishing and managing your membership in GRAPPA;

● providing you with the services you request and enable the use of features on the Site; ● sending you account-related e-mails;

● contacting you about our or a third party’s volunteer opportunities, initiatives, research studies, projects, special events, or other activities;

● responding to your e-mails, submissions, comments, requests for technical support or assistance, or complaints;

● developing, customizing, and improving the Site, the Application, and the resources that GRAPPA provides (including without limitation diagnosing technical and service problems, administering our Site; managing our communications; analyzing and enhancing our services, the Application, and the Site; protecting the security of our networks and information systems; and performing accounting, auditing, invoicing and reconciliation activities in our capacity as a non-profit research organization);

● identifying and protecting against fraud, prohibited or illegal activities, as well as potential third-party claims and other liabilities; and

● generally complying with applicable laws, rules, and regulations.

Please note that our Site is not designed to respond to "do not track" requests from browsers. SHARING OF PERSONAL DATA

GRAPPA does not sell or rent Personal Data to third parties, and does not share Personal Data with third parties except as described in this Privacy Policy, as revised from time to time:

● We may share Personal Data with third parties when you request that we do so or otherwise give your consent.

o For example, contract research organizations and biopharmaceutical companies that wish to receive training modules from GRAPPA for their clinical trial

investigators may be required to provide Personal Data to Trifecta Clinical, which assists us in structuring clinical research trials.

● From time to time, we may share Personal Data with consultants, vendors, and service providers (“Service Providers”) who assist us in providing our services. These Service Providers may include vendors and suppliers that provide us with technology, services, and/or other content related to the operation and maintenance of the Site. Our Service

Providers may have limited access to your Personal Data in the course of providing their products or services to us. These third parties are not authorized by us to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements.

o One example of a Service Provider is Lemonhead Design, which assists

GRAPPA in managing and administering the Site.

● GRAPPA may share your Personal Data with various government authorities:

o if we are required to do so by law, regulation, or legal process (such as a court order or subpoena);

o in response to requests by government agencies, such as law enforcement authorities;

o when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss in connection with an investigation of suspected or actual illegal activity; and/or

o if we have a good faith belief that the disclosure is necessary or appropriate to comply with law or legal process.

In such cases, we reserve the right to raise or waive any legal objection or right available to us at our discretion.

● We also may share your Personal Data when we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to protect and defend the rights, property, or safety of GRAPPA, the Site, our members, our users, or others; to prevent and protect GRAPPA and its users from fraudulent, abusive, unlawful, or unauthorized use of the Site; to otherwise enforce our rights and agreements; and otherwise in connection with our Terms of Use and other agreements.

● We reserve the right to disclose or transfer any information we have about you as part of, or during negotiations of, any merger, sale of company assets, or acquisition, or in any other situation where Personal Data may be transferred as one of GRAPPA’s assets.

PROTECTING PERSONAL DATA

We strive to protect your Personal Data while it is under our control. Your account information is accessible online only through the use of a password. GRAPPA uses commercially reasonable administrative, technical, and physical safeguards to protect Personal Data against accidental or unlawful destruction or loss, or unauthorized disclosure, access, or use, such as weekly code updates, DDOS mitigation protection from Cloudflare, firewalls, and encryption.

You should be aware, however, that "perfect security" does not exist on the Internet or in any method of storage. To help protect the confidentiality of your Personal Data, you must keep your password confidential and not disclose it to any other person. You are responsible for all uses of the Site by any person using your password. Please advise us immediately if you believe your password has been compromised or misused.

YOUR RESPONSIBILITIES; OPTING OUT OF COMMUNICATIONS

You are responsible for verifying the accuracy of the Personal Data you submit to GRAPPA and ensuring that any Personal Data that you provide is kept up to date for the purposes for which you provide it. Inaccurate information may affect your ability to use the Site, the information you receive when using the Site, and our ability to contact you. For example, your e-mail address should be kept current because that is one of the primary methods that we use to communicate with you.

We only send e-mails to persons who have provided their e-mail addresses directly to us and who have consented to receive communications from us. If you do not wish to receive e-mails from GRAPPA, you may opt out by logging in to your account settings online and updating your contact preferences.

Please note, even if you opt out of receiving promotional e-mails from GRAPPA, you may still receive relationship e-mails from us, including responses to e-mails that you sent to us prior to opting out, notices of updates or changes to our policies and procedures, or other messages relating to your account, your membership in GRAPPA, and/or your use of the Site.

Additionally, because our system for processing opt-out requests is not automatic, your request may not be processed immediately. You may continue to receive some communications from us during the processing period.

If you are a visitor from the European Economic Area, Switzerland, and/or the United Kingdom, you may be entitled to additional rights regarding your privacy and personal data in addition to the rights provided below. Please refer to the section titled “Rights of Site Users in the European Union” below.

SPECIAL NOTICES

Regarding Use of the Site by Children

The Site is not designed for use by children under the age of 16, nor do we knowingly collect any Personal Data from children under the age of 16.

Regarding Links to Other Websites

From time to time, we may provide links to third-party websites on the Site. Reasons that we may link to third-party websites include (without limitation): to provide you with additional research resources, training modules and seminar recordings that are hosted off-site, and as part of our agreements with our corporate supporters. Any such links from the Site to third-party websites are provided for your convenience. Personal information you provide on the linked pages is provided directly to that third party and is not subject to this Privacy Policy. Please review the third party’s privacy policy to better understand its privacy practices.

Regarding Our Exemption from the California Consumer Privacy Act

As a non-profit organization, GRAPPA does not constitute a “business”, as the term is defined under the California Consumer Privacy Act (“CCPA”) or its successor the California Privacy Rights Act (“CPRA”). GRAPPA is not required to respond to consumer requests provided under the CCPA or the CPRA. Users of the Site in California are entitled to all of the rights granted to users in this Privacy Policy, apart from those expressly stated as rights specific to users in the European Union.

RIGHTS OF SITE USERS IN EUROPE

This section provides details about the Personal Data we collect about users of the European Economic Area, Switzerland, and/or the United Kingdom, (collectively the “EU”), and the rights afforded to them regarding the processing of their Personal Data under their respective data privacy laws, including the EU General Data Protection Regulation and the U.K. General Data Protection Regulation (collectively, the “GDPR”).

Personal information. For details about the Personal Data we collect, please see the section titled “Data That We Collect” above.

Lawful grounds. If you reside in the EU, we rely on the following lawful grounds to collect, store, use, and otherwise process your Personal Data:

Processing of your Personal Data is necessary to perform our obligations under any contract with you (for example: to comply with the terms of use of our Site);
Processing of your Personal Data is necessary for the legitimate business interest of GRAPPA or a third party;
You have consented to the processing of your Personal Data pursuant to this Privacy Policy; and/or
Processing of your Personal Data is necessary for complying with our legal obligations.

Transfer to the United States. While we have offices based in the Netherlands, GRAPPA’s headquarters is located in the United States. As such, we will transfer your Personal Data for processing in the United States from time to time. We make the transfer to the United States in the absence of an adequacy decision (after July 16, 2020) because it is necessary for the performance of a contract with you, or with your explicit consent. We take appropriate measures to provide adequate protection for the transfer and processing of your Personal Data in the United States.

Individual rights and requests. If you reside in Europe, Switzerland, or the U.K., you may send data subject requests to admin@grappanetwork.org to take any of the following actions:

● To withdraw your consent for the processing of your Personal Data at any time;

● To notify us that you wish to access, transfer, rectify or erase your Personal Data, or to restrict or object to the processing of your Personal Data; or

● To request access to, transfer of, and rectification or erasure of your Personal Data, or restriction of processing, or to object to processing of your Personal Data.

Please specify the nature of your request and the information that is the subject of your request. We may require you to submit additional information necessary to verify your identity and status as a data subject. We will respond to your request directly within 30 days.

Note, however, that if we are processing your personal data based upon the lawful ground of your consent, you have the right to withdraw your consent for such processing at any time without affecting the lawfulness of the processing based on consent before it is withdrawn.

Retention. We retain your Personal Data for as long as necessary for the purpose in which it was collected to either perform a contract, or for our or a third party’s legitimate interest, or for the purpose for which you consented.

CHANGES TO THIS POLICY

We may revise and update this Privacy Policy at any time. If we make such revisions, we will provide notice that changes have been made by posting the revised Privacy Policy on the Site and updating the revision date at the top of the Privacy Policy. We encourage you to review our Privacy Policy whenever you visit the Site to make sure that you understand how your Personal Data is being treated.

Your privacy is important to us. If you have any questions, concerns, or complaints regarding our Privacy Policy or practices, please contact us using the information provided below.

We will endeavor to respond to your complaint, inquiry, or information request to the extent possible, in a timely and efficient manner.

● Online Form:

Available here.

● United States:

Group for Research and Assessment of Psoriasis and Psoriatic Arthritis (GRAPPA) 3213 W. Wheeler St. #35

Seattle, WA 98199

admin@grappanetwork.org

● European Union:

Stichting Group for Research and Assessment of Psoriasis and Psoriatic Arthritis EU (GRAPPA EU)

Thorbeckeplein, 8

5301 NB Zaltbommel

The Netherlands

admin@grappanetwork.org

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.