Privacy Policy

This privacy policy sets out how Hidradenitis Suppurativa Foundation (HSF) uses and protects any information that you give us when you use this website. HSF may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy was last updated May 24, 2018.

This privacy policy has been compiled to better serve those who are concerned with how their personal data or ‘Personally Identifiable Information’ (PII, also referred to in this policy as “information”) is being used and protected, in particular online. PII, as described in applicable laws, including EU and US privacy laws (such as the GDPR for residents in the EU and EEA countries, and the California Online Privacy Protection Act) and in the context of information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

What information do we collect from the people that visit our website?

We may collect the following information from you when you register on our site on our site: name, email addresses, and which email list you would like to join (general information and/or medical physician). We do not collect personal health information (PHI) from visitors to our site.

How do we use your information?

We may use the information we collect from you when you register to send you information such as newsletters, and upcoming educational events.

How do we protect your information?

We collect as little information as possible while yet serving your needs, such as an email and name only for responding to your requests.

Third-party disclosure

We do not sell, trade, or otherwise transfer your information to third parties, unless required by law or with your consent.

Third-party links

We do not include or offer third-party products or services on our website.

Sponsors of our Foundation are acknowledged on a specific page on our site.

Changes to this Privacy Policy

You will be notified of any Privacy Policy changes on our Privacy Policy Page by email, if you have opted in to be contacted by us.

Access to your Information

You have a right to request a copy of, change or remove your PII personal information at any time by emailing us as @ or via the Contact Us button on our website (

How does our site handle Do Not Track signals?

We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

Does our site allow third-party behavioral tracking?

We do not support third-party behavioral tracking.

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.

Notification in case of a Data Breach

In order to be in line with the US privacy law standard of Fair Information Practices Principles we will take the following responsive action, should a data breach occur, if you are a US resident, and we will notify you via email within 7 business days.

If you are resident of a country subject to the GDPR or another privacy law requiring breach notification, we will notify you as required by that law.

We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

Contractual obligations

1. We process your personal information to send you information from time to time as you have requested.

When using our contact form, we process your PII to reply to your request. We may also automatically process your PII to send you automated email notifications about the handling of your request.

When you are a subscriber we automatically process your PII send you automated transactional emails, i.e. reminders about your subscription expiration and any changes in your subscription’s status with us.

1. To comply with a legal obligation

We may be subject to legal obligations under local and international laws, as well as Directives issued by the European Union, which may require us to process your personal information. In other cases, we may receive a court order or otherwise be legally obliged to process or convey your personal information to third parties.

1. To protect our legitimate interests

We may process your personal information to protect the legitimate interests of us and others. A legitimate interest exists when we have a business or commercial reason to use your information. Even then it must not be against what is fair to you and your best interests. Examples of such processing are as follows:

In case of a suspected abuse or an attempt to compromise, deteriorate, disrupt or otherwise interfere with of our services we may process PII to identify the perpetrator and pursue redress. Such steps may for example (not an inclusive list) include contacting the suspected offender or pursuing the matter legally.
In rare occasions we may send you a personal, non-automated email to address a concern regarding your subscription or to respond to your request.

1. In case of a serious security issue in our software where a public announcement is deemed inadequate we may send you an email informing you of the situation, the risks and what you can do.

2. Because you have given your consent

If you have explicitly provided your consent the processing of your personally identifiable information draws its legality upon your explicit consent. You have the right to withdraw your consent at any time. However, any processing which took place before your consent’s withdrawal is not affected.

Your data protection rights under the GDPR (for EU, EEA and EFTA residents)

You have the following rights with regards to the personally identifiable information we keep on file for you:

  • Access your personal information. This lets you, for example, get a copy of the personal data we keep on file for you and confirm that we are processing it legally.
  • Request the correction of the personal information we keep on you. This allows you to correct incomplete or inaccurate information we keep on file for you.
  • Ask for the deletion of your personal information (a.k.a. “right to be forgotten”). This lets you request that we delete your personal information when there is no real reason for us to process it.
  • Object to processing your personal information (a.k.a. “right to objection”) when we base our processing on protecting our interests bit there is something special in your situation which makes you want to object to the processing for this reason. If you object we will no longer process your personal information unless we can prove pressing legal reasons for the processing which trump your interests, rights and freedoms. Please note that this is largely inapplicable to our business relationship since our processing is done either on a legal basis, your explicit consent or is exempt from the GDPR protections (e.g. keeping an IP log for security reasons).
  • You have the right to object in cases where we process your personal information for reasons of direct marketing. This also includes profiling, to the extent that this is used for direct marketing. This is also inapplicable to our business relationship since we do not engage in direct marketing.
  • Ask the limitation of the processing of your personal information. This allows you to ask us to limit the processing of your personal information, that is to use it only for specific cases, if:

    • they are inaccurate;
    • they have been used illegally but you do not wish us to delete them;
    • they are no longer necessary but you want us to retain them for their use in potential legal demands;
      you have asked us to stop using your personal information but you are waiting us to confirm if we have legal reasons to use them.
      Ask for a copy of the personal information pertaining to you in a structured, commonly used and machine-readable format, and to convey this information to other organizations. You may also request that we directly convey that file to another organization of your choice. This is also known as “data portability right”.
    • Withdraw your consent regarding the processing of your personal information at any time. Please note that withdrawal of your consent at any time does not invalidate the legality of the processing based on your consent before that was revoked or withdrawn by you.

To exercise any of your rights, or if you have questions about the use of your personal information from us, you can contact us through the Contact Form button on our website.

According to the law, we will reply to your requests promptly and provide access to your data within 30 days. If you have not received a reply from us for over three weeks (21 days) please retry contacting us with alternate means; most likely your request never reached us. Kindly note that we reserve the right to direct you to our site’s tools and / or this Privacy Statement if your concern is readily addressed by it. Per the law, we reserve the right to not reply to your requests if they are too often or are otherwise in abuse of the provisions of the law.

Where do we store your information? (for EU, EEA and EFTA residents)

Your data will be stored on servers located in the USA which for purposes of the GDPR is treated as an inadequate jurisdiction in terms of data protection.

For more Information or to report a problem

If you have a question, wish to notify us of any desired restrictions, or believe your privacy rights have been violated, then submit your inquiry or file your complaint with us using the contact information below. To protect your privacy and security, we will take reasonable steps to verify your identity before providing information or making corrections. There will be no retaliation for filing a complaint.

Postal Mail:

Security and Privacy Requests
Executive Director

Hidradenitis Suppurativa Foundation

Registered Head Office
1301 20th Street, Suite 570,
Santa Monica, CA 90404