What information do we collect?

We collect information from you when you register on our site and gather data when you participate in the forum by reading, writing, and evaluating the content shared here. You do not have to register on the site to access the public posts but to submit your own posts, send messages to other users and for certain other activities, you do need to be a registered user.

When you register on the site, we may collect the following information:

  • Contact Data, such as a username, password and email address.
  • Profile Data, such as the country and region in which you live, your rare disease story and your age range.
  • Optional Profile Data, which you may choose to include in your profile, e.g. your birthday (day and month only) a profile picture, website link, location, preferred time zone and other such data.
  • Preference Data, which you may choose to set. For example, you can configure our services to notify you about new topics you are following by automated email and the frequency of such emails. You can tailor how the system shows you notifications about new topics or new “likes”, which categories (discussion groups) you’d like to be notified of, and so on.
  • Device Data, including the IP address and location [and device type].
  • Content that you submit in topics and posts on the system, including text, photos, attachments, links and “likes” of others’ Content.
  • Private Message data that you may exchange with our staff or other users.

Whether you do or do not register on the site, we may collect the following kind of information:

  • Pages visited
  • Time spent reading topics
  • Searches undertaken
  • Emails that you may exchange with our staff
  • [Any other data? E.g. Google Analytics data]

What do we use your information for?

Principally, we use your information to provide the services to you and to tailor those services to meet your preferences.

Any of the information we collect from you may be used in one of the following ways:

  • To provide the services of a rare disease support community to you, including moderation of the discussions and ensuring compliance with our Terms of Service, Our Community Guidelines and Site Etiquette.
  • To send you notifications — The email address you provide is used to keep you informed of topics you have contributed to or of messages sent to you by staff or others or news articles. You can tailor the frequency and other characteristics of these notification emails in your preferences.
  • To personalize your experience — your information helps us to better respond to your individual needs.
  • To improve our site — we continually strive to improve our site offerings based on the information and feedback we receive from you.
  • To improve customer service — your information helps us to more effectively respond to your customer service requests and support needs.

To send occasional emails — The email address you provide may be used to send you information about Ben’s Friends, our service providers or other services that we believe are relevant to patients in your community, including fundraising for our services.

How do we protect your information?

We implement a variety of industry-standard security measures to maintain the safety of your personal information when you enter, submit, or access your personal information.

What is your data retention policy?

We will make a good faith effort to:

  • We retain all of the information that you provide as part of using our services, with a few exceptions:
  • We may delete your account in line with our Terms of Service. If we delete your account, we may delete all of the personal information associated with that account, including your Content and Private Messages.
  • We may anonymise your account. This action removes your personal data other than your Content and your Private Messages.

If you decide to leave the site community within 60 days of joining and you ask us to close your account, we may delete the account or anonymise it.

If you decide to leave the site community and ask us to close your account more than 60 days after joining, we will anonymise your account, not delete it. This helps other members of the community by retaining full conversations. Where members leave and their Content is deleted, this creates holes in the conversation that no longer make sense and no longer act as providing support to other members.

While you remain a member of our community, you are able to edit or delete your own Content and Private Messages and it is your responsibility to keep that Content and those Private Messages in line with our Terms of Service.

We may choose to delete Content or Private Messages a number of years after it was first posted in order to manage our costs. At this point in time, we do not set a time limit after which we delete this information.

Do we use cookies?

Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow). These cookies enable the site to recognize your browser and, if you have a registered account, associate it with your registered account.

We use cookies to understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.

The following are the session only cookies we use and The cookie-related information is not used to identify you personally:

Name Essential Expires Description
email Y Session Used during account creation
destination_url Y Session Used during login to redirect to the requested page
sso_destination_url Y Session Used during SSO login to redirect to the requested page
authentication_data Y next page view Used during full-screen login to return data to the JavaScript application
fsl Y Session Full screen login client setting
theme_key Y Forever Client theme personalization. Only used when “Make this my default theme on all my devices” unselected.
cn Y Forever Client clear notifications. I’m counting this as user input instead of personalization because it doesn’t make sense to ‘undo’ or change cleared notifications.
_bypass_cache Y Session Used with ‘fsl’ for full screen login
_t Y 1440 hours User authentication token cookie. SiteSetting.maximum_session_age.hours.from_now
_forum_session Y Session Session cookie
dosp Y next page view Temporary cookie that informs client denial of service protection is in place.
__profilin N Session Developer only, used by rack-mini-profiler to bypass work
_ga N 2 years Google Analytics cookie. ONLY set if configured to use GA
_gat N 2 years Google Analytics cookie. ONLY set if configured to use GA
_gid N 24 hours Google Analytics cookie. ONLY set if configured to use GA

Do we disclose any information to outside parties?

We share your information with our trusted service providers who actually provide the IT services that underpin the website(s) that form this community. Those service providers are required to use the information only to provide the service(s) and are contracted to keep personal information confidential.
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information.
We may also release your personal information when we believe release is appropriate to comply with the law, enforce our site policies, or protect your, ours or others rights, property, or safety.
Non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Third party links

Occasionally, at our discretion, we may include or offer third party products or services on our site. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

Children’s Online Privacy Protection Act Compliance

Our site, products and services are all directed to people who are at least 13 years old or older. If this server is in the USA, and you are under the age of 13, per the requirements of COPPA (Children’s Online Privacy Protection Act), do not use this site.

Online Privacy Policy Only

This online privacy policy applies only to information collected through our site and not to information collected offline.

Your Consent

By using our site, you consent to our web site privacy policy.

Changes to our Privacy Policy

If we decide to change our privacy policy, we will post those changes on this page.

This document is CC-BY-SA. It was last updated November 1, 2021.