Privacy Policy

Privacy Policy

Last updated: 09/09/2025

Who We Are

This website is operated by the National Organization for Rare Disorders (NORD).

What Personal Data We Collect and Why We Collect It

Account Creation & Purchases

When you purchase access to NORD Symposium video content, we collect:

  • Name, email address, and password (to create your account).

  • Billing details necessary for payment (processed securely by our payment provider).

  • Purchase history (sessions/packages you buy).

We collect this information to:

  • Provide access to the purchased video sessions.

  • Maintain your account and order history.

  • Meet our legal, accounting, and compliance obligations.

Subscription Forms

If you submit a subscription form on our site, you are opting in for us to save your name, email address, and other relevant details. These subscriptions may be used to notify you about related content, discounts, or special offers. You may unsubscribe at any time by clicking the link at the bottom of any email.

Comments

When visitors leave comments (if enabled), we collect the data shown in the comments form, as well as the visitor’s IP address and browser user agent string to help spam detection.

Media

If you upload images or media to the site, avoid uploading files with embedded location data (EXIF GPS), as visitors may download and extract that data.

Contact Forms

If you contact us via a form, we may collect your name, email, and message content. We keep submissions for customer service purposes but do not use the information for marketing without consent.

Cookies

We use cookies to enhance user experience. These include:

Cookie Name Usage Duration
pum-668 Prevents popups from displaying repeatedly 1 month

We also use anonymous cookies to prevent users from seeing the same popup repetitively and to deliver time-sensitive messaging.

Analytics

We use analytics to understand visitor behavior and improve our services. These may include anonymized data such as IP address, browser type, and pages visited. Users can opt out by disabling cookies in their browser.

Who We Share Your Data With

We do not sell or rent your personal information. Your data may be shared only with:

  • Payment Processors (e.g., Stripe) for secure payment handling.

  • Hosting & Technical Providers (e.g., WP Engine, plugins) to operate the site.

  • Email & Marketing Providers (e.g., Mailchimp) if you opt into communications.

  • Legal/Compliance Authorities when required by law.

How Long We Retain Your Data

  • Account & Purchase Information: Retained as long as your account is active and as required by law for financial compliance.

  • Subscriber Information: Retained indefinitely in the local database for analytics and export purposes. If synced to a third-party service (e.g., Mailchimp), data remains until you unsubscribe or request deletion.

  • Contact Form Submissions: Retained up to 12 months for customer service.

  • Analytics Data: Retained for 12–18 months.

  • Cookies: Retained according to their expiration schedule.

What Rights You Have Over Your Data

You have the right to:

  • Access, update, or delete your personal data.

  • Request an export of your data.

  • Withdraw consent for optional communications.

To make a request, contact us at [email protected].

Where Your Data Is Sent

  • Payments are processed through Stripe, which may transfer data outside the EU with safeguards in place.

  • Email subscriptions may be handled by Mailchimp or similar providers.

  • Hosting is provided by WP Engine, which may transfer data securely outside the EU.

We ensure all transfers comply with European data protection standards.

How We Protect Your Data

We use a combination of technical and organizational measures:

  • Secure socket layer (SSL) encryption.

  • Limited access controls to sensitive information.

  • Regular security monitoring of WordPress and plugins.

  • Staff training in data handling.

What Data Breach Procedures We Have in Place

We maintain internal reporting systems for potential breaches and will notify users and relevant authorities if legally required.

What Third Parties We Receive Data From

We may receive confirmation data from payment providers (e.g., Stripe) verifying transactions.

Automated Decision-Making & Profiling

We do not use automated decision-making or profiling beyond standard analytics tracking.

Industry Regulatory Disclosure Requirements

As a nonprofit health organization, NORD complies with applicable U.S. privacy and data protection regulations. No health data is collected through this website.