Website Privacy Policy

Last updated: August 31, 2021

Welcome to CommonHealth, a product from The Commons Project Foundation! This Privacy Policy (“Policy”) describes how The Commons Project Foundation (“TCP,” “we” or “us”) collects, uses, and shares information about you when you access and use this website and any other websites that link to this Policy (“Websites”). By accessing or using the Websites, you agree to be bound by this Policy.

We collect several types of information from and about users of our Websites. 

Information You Provide To Us.  We collect the information you provide to us directly when you use the Websites. This includes:

  • Personal Actions you take. We collect information about the actions you take when using the Websites. This includes your interactions with the content or your interactions with other users.

  • Filling out forms.  Some of our Websites include forms where you as the visitor may choose to provide us with personal data about yourself, including personal data regarding your location and medical symptoms and conditions you may have.  

  • Other information. You may choose to provide other information directly to us. For example, we may collect information when you fill out a form, participate in a promotion, apply for a job, submit a search query, request customer support, or otherwise communicate with us.

Information We Collect Automatically.  When you access or use our Websites, we may also automatically collect information about you. This includes:

  • Log and usage data.  When you visit our Websites (whether on your computer or on a mobile device), we gather certain information automatically and store it in log files. This information includes IP addresses, the Internet Service Provider, referring/exit pages, date/time stamps, clickstream data, login/logout times, and duration of time spent on our Websites.

  • Device information.  In addition to log data, we collect information about the device you’re using to access the Websites; this includes the type of device, browser type, operating system, settings, unique device identifiers, and crash data that helps us understand when something goes wrong.

  • Information Collected from Cookies and similar technologies: We may receive information from cookies, which are pieces of data your browser stores and sends back to us when making requests. We use cookies to improve your experience and the quality of Websites For example we use analytics services (e.g., those provided by Squarespace) that place cookies collecting personal data allowing us to understand how often you use the Websites, where you are accessing the Websites from and events that happen on the Websites. Some cookies may also be necessary for our Websites to work.  Note that cookies can either be persistent (e.g., they remain on your computer or device until you delete them) or temporary (e.g., they last only until you close your browser). Our Websites may use both session and persistent cookies. Cookies on our Websites may also be either first-party or third-party. First-party cookies are used and controlled by us. Third-party cookies are controlled by third party services. Unless the cookie is necessary for our Websites to work, you have choices and control over the cookies that you allow onto your device. Please see the cookie banner at the bottom of the screen for further information.

Information Collected from Other Sources.  We use certain third-party online services to provide information about TCP’s work (like Twitter and LinkedIn, or Squarespace) (those services we refer to as “Other Services”).  When you follow, like, comment, or otherwise engage with us through these Other Services, we may receive personal data about you (that information, “Other Service Information”). You can check the privacy policy of any Other Service for more information on how it collects, uses, and shares personal data, including the Other Service Information that may be provided to us.

TCP does not sell, rent, or lease your personal data to others.  We use information about you for the following purposes only:

  • To provide and maintain the Websites. We use the personal data we collect to provide or serve our Websites and to maintain and improve the Websites, including understanding the content that our visitors find valuable. 

  • To understand the use of Other Services. Including understanding the particular materials that we posted or linked to those users of those Other Services found most valuable. For example, we use analytics services provided by Squarespace – further described here.

  • To communicate with you. We may also use your personal data to directly communicate with you about your use of the Websites or to respond to an email or submission from you.

  • To comply with the legal obligations. We may in some cases need to process your personal data in order to comply with TCP legal requirements; protecting the rights, property, or safety of you, TCP, or another party; or otherwise to resolve legal disputes.  

  • To provide the COVIDcheck.org risk assessment tool to you (and to provide aggregated information to public health authorities if you consent to it). You can choose to provide certain personal data to us to use the COVIDCHECK.org risk assessment tool. This personal data is used only for the purposes of providing you with a risk assessment for your own personal use, based on your personal data, and the latest guidance and science. If you consent to us doing so, we may also aggregate the personal data you provide (so that it does not identify you and is no longer personal data), and we may share that aggregated information with public health authorities and entities.

We may share information about you as follows:

  • We share information with vendors, consultants, and other service providers who need access to such information to carry out work for us;

  • We may share information (and will provide you with prior notice, to the extent legally permissible) in response to a request for information if we believe disclosure is in accordance with or required by, any applicable law, regulation, legal process, or governmental request (including as noted above in “How We Use Information”);

  • We may disclose personal data to law enforcement, regulators or others if we believe in good faith that it’s necessary (a) in connection with any legal investigation; (b) to comply with relevant laws or to respond to subpoenas or warrants served on us; (c) to protect or defend our rights or property or users of our Services or others; and/or (d) to investigate or assist in preventing any violation of the law;

  • We may share information if we believe your actions are inconsistent with the Terms of Service or the Code of Conduct, or to protect the rights, property, and safety of ourselves and others;

  • We may share information in connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company;

  • We may share information between and among TCP, and its current and future parents, affiliates, subsidiaries, and other companies under common control and ownership; and

  • We may share information with your consent or at your direction, including with other users. 

We may also share aggregated or de-identified or anonymized information, which cannot reasonably be used to identify you for our lawful business purposes, including to analyze, build and improve the Websites and promote our business, provided that we will not share such data in a manner that could identify you.  

In addition, Our Websites may contain links to other websites, products, or Websites that we do not own or operate. We are not responsible for the privacy practices of these third parties. Please be aware that this Policy does not apply to your activities on these third-party Websites or any information you disclose to these third parties. We encourage you to read their privacy policies before providing any information to them.

We take reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction.

We will keep your personal data only for as long as we believe that we need it for the purpose we have collected it (as described above) or to meet legal obligations, resolve disputes, maintain security, prevent fraud and abuse, enforce our agreements with you, or fulfill your request to unsubscribe from further messages from us. When your personal data is no longer needed, we will destroy or de-identify it. We may archive personal data (which means storing it in inactive files) for a certain period prior to its final deletion, as part of our ordinary business continuity procedures.

The Services are not designed or intended for children under 13. If you are based outside the United States, you must be over the age required by the laws of your country to use the Services. If we become aware that we have the personal data of such children collected through the Websites, we will promptly delete it.

As a user of our Websites, you have choices about how to protect and limit the collection, use, and disclosure of information about you.

  • Cookies: Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject first and third-party cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of Websites.

  • Do Not Track.  We don’t currently share personal data with third parties for their direct marketing purposes, nor do we support any Do Not Track signals since there’s currently no standard for how online services respond to those signals. As standards develop, we may establish policies for responding to DNT signals that we would describe in this Privacy Policy.

  • Accessing and Correcting Your Information:  If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you can review and change your Personal Data by sending us an email at privacy@thecommonsproject.org to request access to, correct, or delete any Personal Data that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or regulatory requirement, result in fraud, or cause the information to be incorrect.  We will not discriminate against you if you choose to exercise your options related to your Personal Data.

If you are visiting and using the Websites from the European Economic Area (“EEA”), please be aware that the information (including personal data) may be transferred within the United States or back out of the United States to other countries outside of your country of residence, depending on the type of information, how we store it and what third-party service providers we use. These countries (including the United States) may not necessarily have data protection laws as comprehensive or protective as those in your country of residence; however, our collection, storage, and use of your Personal Data will at all times continue to be governed by this Policy.

BY SUPPLYING YOUR PERSONAL DATA TO US YOU EXPRESSLY AGREE TO THE TRANSFER OF YOUR PERSONAL DATA OUT OF THE EEA, AND TO THE PROCESSING OF YOUR INFORMATION IN THE U.S., SUBJECT TO THIS PRIVACY POLICY.

If you have any questions about our data processing activities, please email us at privacy@thecommonsproject.org.  If you think that we haven't complied with data protection laws, you have a right to lodge a complaint with your local supervisory authority.

California Resident Rights. The California Consumer Protection Act (“CCPA”) gives consumers who are residents of California the right to request certain information from businesses about their data collection practices. The CCPA does not apply to TCP because TCP is a non-profit organization. However, as part of TCP’s commitment to advancing the public good, it has voluntarily committed to CCPA compliance. In order to submit a CCPA request, please contact us at privacy@thecommonsproject.org. Please include in your request sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information. Please note that we do not sell your personal data and that TCP will not discriminate against you in any way based on your exercise of these rights.

We may change this Policy from time to time. If we do, we will let you know by revising the date at the top of the Policy. If we make a change to this policy that, in our sole discretion, is material, we will provide you with additional notice (such as adding a statement to the front page of Websites). We encourage you to review this Policy whenever you access or use Websites or otherwise interact with us to stay informed about our information practices and the ways you can help protect your privacy. If you continue to use Websites after the Policy changes go into effect, you consent to the revised policy.

If you have any questions about this Privacy Policy, please email legal@thecommonsproject.org or in writing to our US corporate office:

The Commons Project Foundation 

745 Fifth Avenue, 5th Floor

New York, NY 10151

ATTN: PRIVACY REQUEST