Privacy Policy
Effective as of September 2023.
Tiny Treasures Milk Bank is owned and operated by Prolacta Bioscience®, Inc. (for company address, please see "Contact Us" section below, and for company representative, please see here). Prolacta is the world’s leading hospital provider of 100% human milk-based nutritional products.
We believe that protecting the Personal Data (defined below) of those we may interact with is vitally important. We believe that you should know what we do with your data, who we share it with, and the business reason for sharing it.
Prolacta will not sell your Personal Data, as this term is conventionally defined. We are dedicated to advancing the science of human milk, not selling Personal Data.
Purpose
This Privacy Policy (“Policy”) describes the privacy practices of Prolacta Bioscience, Inc. and all our corporate partners and affiliates (collectively, “Prolacta”, “we”, “us”, or “our”) and applies to the Sites (defined below) under applicable global privacy laws. This Policy describes how we collect, use, share, and otherwise process individually identifiable data about visitors to this Site (defined below), contact persons of our customers, prospects, distributors, sales representatives, vendors, investors, suppliers, human milk donors, infants and individual end-users of Prolacta products or services ("Personal Data").
Scope
For ease of use, when we refer to “Site” or “Sites” we are referring to any and all of the Prolacta-owned sites (Prolacta.com, prolacta.uk, prolacta.de, prolacta.asia, tinytreasuresmilkbank.com, helpinghandsbank.com, humanmilkscience.org and preemiemilkbank.com) as well as offline through contact forms and other communications. This Policy describes how we collect, use, disclose, and otherwise process Personal Data in connection with the Site(s) on which we post or link to this Policy (the “Sites”) and explains the rights and choices available to individuals with respect to their Personal Data.
This Policy does not apply to any information that you may provide directly to third parties including via links appearing on the Site.
Personal Data about our employees, contractors, and other Prolacta temporary workers are addressed through internal company policies and procedures, and are outside the scope of this Policy.
For the privacy policy applicable to recruiting and job candidates, please reach out to Prolacta separately using the contact information below.
Summary of Key Points
-
Collection
|
We collect name, contact details, and other Personal Data related to our products and services. Learn more below.
|
-
Use
|
We use Personal Data to provide our products and services and respond to inquiries, to manage accounts and maintain business operations, to provide relevant marketing, and to fulfil other business and compliance purposes. Learn more below.
|
-
Disclosure
|
We disclose Personal Data as necessary to provide our products and services and respond to requests, and to fulfil other business and compliance purposes. Learn more below.
|
-
Marketing Choices
|
You have control over how we use Personal Data for direct marketing. Learn more below.
|
-
Data Security
|
We maintain technical and organizational measures to protect Personal Data from loss, misuse, alteration, or unintentional destruction. Learn more below.
|
-
Cross-border Data Transfers
|
We provide appropriate protections for cross-border transfers of Personal Data where specified by law. Learn more below.
|
-
Retention
|
We retain your Personal Data for as long as necessary to fulfil the purposes we collected it for. Learn more below.
|
-
Data Subject Rights
|
Certain applicable global privacy laws, give residents) certain rights to request access, rectification, deletion, or other actions regarding their Personal Data. Learn more below.
|
-
Other
|
We provide other information in this Privacy Policy about the Personal Data we do and do not collect. Learn more below.
|
-
Changes to this Privacy Policy
|
We may update this Privacy Policy from time to time, as required by applicable law. Learn more below.
|
-
Contact Us
|
Please contact us as detailed below with any questions. Learn more below.
|
-
Collection of Personal Data
Basic Data: Name, title, company, job responsibilities, hospital affiliation, phone number, mailing address, email address, contact details, date of birth and infant date of birth for the Milk Resourcing team, physician and pediatrician contact information for the Milk Resourcing team, and recordings in certain limited circumstances, where you have provided consent.
Credit Card Data: Includes credit card number and other payment information collected in limited circumstances from our business customers.
Device Data: Computer Internet Protocol (IP) address, unique device identifier (UDID), cookies and other data linked to a device, and data about usage of our Site and communications (Usage Data). Note, however, we do not consider Device Data to be Personal Data except where we link it to you as an individual or where applicable law requires.
Marketing Data: Computer Internet Protocol (IP) address, unique device identifier (e.g., MAC address), cookies and other data linked to a device, and data about usage of our Site and communications (Usage Data).
Network Data: Includes network name, network type, captive portal options, browser type, browser language, and telemetry information, among others. Note, however, we do not consider Network Data to be Personal Data except where we link it to you as an individual or where applicable law requires.
Registration Data: Newsletter requests, subscriptions, downloads, and username/passwords.
Other Data: any Personal Data you voluntarily provide to us, including any information you voluntarily provide in the section “What are your nutritional goals?” as well as information about you that is linked to the Personal Data above, such as inquiry and communication information when you contact us.
Sensitive Data. In limited circumstances, certain Personal Data that we collect may be considered “sensitive” within the meaning of applicable laws, such as government identifiers.
-
How We Use Your Personal Data
We use your Personal Data for the following purposes:
Purpose of Use
|
Categories of Personal Data
|
Provide the products and services you requested, respond to your inquiries, and allow Prolacta to contact you.
|
Basic Data, Registration Data, Device Data, Network Data, and Biometric Data
|
Manage your accounts and maintain our business operations.
|
Basic Data, Registration Data, and Device Data
|
Make our Site more personal, intuitive and easy to use.
|
Device Data
|
Protect the security and effective functioning of our Site and information technology systems.
|
Basic Data, Registration Data, and Device Data
|
Process payment for requested products or services.
|
Credit Card Data
|
Make our Site and products more personal, intuitive and easy to use.
|
Device Data
|
Configure, manage and provision network elements
|
Network Data, Device Data
|
Protect the security and effective functioning of our products, Site and information technology systems.
|
Basic Data, Registration Data, and Device Data
|
Provide relevant marketing about our or our affiliates' products and services, or promotions that we are developing, and opportunities that may be available to you.
|
Basic Data, Registration Data, Device Data, and Marketing Data
|
Set up, securely access, troubleshoot, and measure user experience.
|
Basic Data, Registration Data, Device Data, End-Client Data, Network Data
|
For the Milk Resourcing team.
|
Basic data, Biometric Data, Other Data
|
Address our compliance, fraud prevention, safety, and legal obligations and exercise our legal rights.
|
Basic Data, Registration Data, and Device Data
|
-
Disclosure of Personal Data
We disclose Personal Data to the following categories of recipients:
Affiliates
We may disclose your Personal Data specified in Section 1 above to our corporate partners and affiliates with which we have a commercial alliance. Our corporate partners and affiliates use the Personal Data for purposes specified in Section 2 above. For a list of corporate partners and affiliates with whom we share Personal Data, please contact us. Prolacta Bioscience, Inc. is responsible for management of the Personal Data shared with our corporate partners and affiliates.
Service providers
We may employ third-party companies and individuals (collectively, “service providers”) to perform services on our behalf, including:
-
Data storage and analytics companies
-
Technology services and support (including email and web hosting providers, marketing and advertising technology providers, email and text communications providers, mobile app developers)
These service providers may use your Personal Data only as directed by Prolacta and in a manner consistent with this Policy, and are prohibited from using or disclosing your Personal Data for any other purpose.
Internal professional advisors
We may disclose your Personal Data to professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services that they render to us.
Compliance with laws and law enforcement, protection, and safety
We may disclose your Personal Data to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern our websites, products, and services; (d) protect our rights, privacy, safety, or property, as well as that of you or others; and (e) protect, investigate, and deter against fraudulent, harmful, unauthorized, unethical, or illegal activity.
Business transfers
We may sell, transfer, or otherwise share some or all of our business or assets, including your Personal Data, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization, sale of assets, or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honour this Policy.
If you have questions about the parties to whom we disclose Personal Data, please contact us as specified below.
-
Marketing
You have control regarding our use of your Personal Data for directing marketing. If you no longer wish to receive any marketing communications, remain on a mailing list to which you previously subscribed, or receive any other marketing communication, you can choose to not receive such communications at any time. Please follow the unsubscribe link in the relevant communication, or contact us as detailed below.
-
Security
The security of your Personal Data important to us. We will take reasonable steps, proportionate to the sensitivity of the Personal Data, to protect Personal Data we collect, both during transmission and once we receive it from loss, misuse, unauthorized access, disclosure, alteration, or destruction. We have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure Personal Data from loss, misuse, and unauthorized access or disclosure, alteration, or destruction such as role based access controls, user authentication / authorization, logging mechanisms and physical access and security access controls.
We will only process and use Personal Data in a way that is compatible with and relevant to the purposes for which it was collected, or authorized by you, including the purposes set out above. To the extent necessary for those purposes, we will take reasonable precautions to ensure that Personal Data is accurate, complete, and current. Additionally, Personal Data may be retained in a form identifying or making identifiable individuals only for as long as it serves a purpose for which the data was collected or as authorized by the individual.
-
Cross-border Data Transfers
Prolacta is headquartered in the United States and has affiliates and service providers in other countries. Your Personal Data is processed in the United States or other locations outside of your country of residence where privacy laws may not provide the same level of data protection as those in your jurisdiction.
However, we have taken appropriate security measures as listed above in Section 5 “Security" to ensure that your Personal Data will remain protected in accordance with this Policy.
Whenever we transfer your Personal Data originating from the EU and UK to countries not deemed by the European Commission to provide an adequate level of personal data protection, we implement standard contractual clauses and other appropriate solutions that allow us to conduct the transfer in accordance with the European Economic Area’s (“EEA”) data protection laws. These safeguards include role based access controls, user authentication / authorization, logging mechanisms and physical access and security access controls. Furthermore, the received data is secured using Secure FTP to transfer files. Where required by such laws, you may request a copy of the suitable mechanisms we have in place by contacting us as detailed below in Section 10 (“Contact Us”).
-
Retention
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data, whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, we may anonymize your Personal Data (so that it can no longer be associated with you) in which case we may use this data for as long as necessary without further notice to you.
-
Your Rights
Where required by applicable law, you have the right to obtain confirmation that we maintain certain Personal Data relating to you, to verify its content, origin, and accuracy, as well as the right to access, review, port, delete, or to block or withdraw consent to the processing of certain Personal Data (without affecting the lawfulness of processing based on consent before its withdrawal), by contacting us as detailed below.
-
Access. Subject to certain exceptions, you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is processed, and, where that is the case, to request access to the Personal Data as well as further information. You may have the right to request a copy of the Personal Data we are processing about you, which we will provide to you in electronic form. We may require you to prove your identity before providing the requested information.
-
Rectification. You have the right to require that any incomplete or inaccurate Personal Data that we process about you is amended.
-
Deletion. You have the right to request that we delete Personal Data that we process about you, unless we are required to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
-
Restriction. You have the right to request that we restrict our processing of your Personal Data where, e.g.: (i) you believe such data to be inaccurate; (ii) our processing is unlawful and you oppose to the erasure of the Personal Data and request the restriction instead; or (iii) we no longer need to process such data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims.
-
Portability. You have the right to request that we transmit the Personal Data we hold with respect to you to another data controller, where this is: (i) Personal Data which you have provided to us; and (ii) we are processing that data on the basis of your consent or in order to perform our obligations under contract to you (such as to provide legal services).
-
Withdrawing Consent. If you have consented to our processing of your Personal Data, you have the right to withdraw your consent at any time, free of charge, without affecting the lawfulness of processing based on consent before its withdrawal. This includes cases where you wish to opt out from marketing messages that you receive from us.
-
Contacting authorities. You the right to lodge a complaint with a data protection authority if you believe that we have not complied with applicable data protection laws.
-
Direct marketing. You have the right to object to our use of Personal Data for direct marketing and in certain other situations at any time. Please note that we may need to retain certain Personal Data as required or permitted by applicable law.
-
Objection. Where the legal justification for our processing of your Personal Data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defense of a legal claim.
You can submit these requests by email to privacy@prolacta.com or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why subject to legal restrictions. If you would like to submit a complaint about our use of your Personal Data or response to your requests regarding your personal data, you may contact us as described above or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
-
Other
- Legal Basis for Processing
The legal bases for our processing of your Personal Data are described below.
Some jurisdictions require an explanation of the legal basis for the collection and processing of Personal Data. We have several different legal grounds on which we collect and process Personal Data, including, without limitation: (a) as necessary to perform a transaction (such as in order to provide the products and services you requested); (b) as necessary to comply with a legal obligation (such as when we use Personal Data for record keeping to substantiate tax liability); (c) consent (where you have provided consent as appropriate under applicable law, such as for direct marketing or certain cookies); and (d) necessary for legitimate interests (such as when we act to maintain our business generally, including maintaining the safety and security of the Site). With respect to legitimate interests, we typically collect and process limited Personal Data about customer contacts as well as Personal Data of our human milk donors and other individuals.
-
Other Sites and Services
For your convenience and information, we may provide links to sites and other third-party content that are not owned or operated by Prolacta. These links are not an endorsement, authorization, or representation that we are affiliated with that third party. We do not exercise control over third-party sites or services and are not responsible for their actions. Other sites and services follow different rules regarding the use or disclosure of the personal data you submit to them. We encourage you to read the privacy policies of the other sites you visit and services you use.
-
What are the consequences of not providing Personal Data?
You are not required to provide all Personal Data identified in this Policy to use our Site or to interact with us offline, but certain functionality will not be available if you do not provide certain Personal Data. If you do not provide certain Personal Data, we may not be able to respond to your request, perform a transaction with you, or provide you with marketing that we believe you would find valuable.
-
Do we engage in automated decision-making without human intervention?
We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.
-
Does the Site honor do not track ("DNT") signals sent via browsers?
Given the divergent practices of organizations that offer browsers and the lack of a standard in the marketplace, we do not respond to DNT signals at this time.
-
Changes to this Privacy Policy
We reserve the right to modify this Policy at any time, by publishing a new version on our Sites. You can see the date of the last revision at the beginning of this policy.
-
Contact Us
Prolacta is the controller of your Personal Data covered by this Policy. If you have any questions or concerns about our Policy or privacy practices, please contact us at:
Prolacta Bioscience, Inc.
1800 Highland Avenue
Duarte, CA 91010
Attention: Privacy
privacy@prolacta.com
Prolacta’s EU representative, Vincent Gaspar, can be reached at vgaspar@prolacta.com.