Effective September 01, 2021
What is sercleinc.com?
Sercle provides this platform for survivors who want (to):
- Personalized data-driven insights on their experiences of sexual and gender-based violence, their trauma, and mental health.
- track their trauma and mental health data so they can be an active participant in their own mental healthcare and symptom management
- create collective knowledge about sexual and gender-based violence, trauma, mental health, and treatments by:
- contributing their data to research
- sharing their experiences, challenges, and everyday life with other members of the Sercle Online Community
- helping others feel less alone and able to share their own experiences with sexual and gender-based violence, that affect their relationships, careers, health and wellness, etc.
Who Might View or Have Access to The Data We Collect?
If you become a Member of the Platform, there are four broad groups of people who might have access to your data.
- The Community – This refers to your fellow Members on the platform. You can share your data through your profile and the various social components on the site. By sharing your data, others can learn from it. You can mark some data (such as a trauma symptom or mental health condition) to be reserved for your Personal View only and that will not be made visible to the Community.
- Sercle Inc – We use the data you provide internally, both to improve our services and to conduct our own research.
- Our Partners – Sercle Inc frequently partners with other institutions to conduct research. These Partners could include, but are not limited to: law/policy makers, universities, pharmaceutical companies, hospital systems, insurance companies, governments, research institutions, NGOs/developmental organizations, and regulatory bodies.
- Vendors – We also contract with various service providers for business and technical services like email delivery, site hosting, marketing, help desk support, and others.
Details of how these different groups might access or use our data are provided below.
There are three privacy levels you may choose for participation on the Platform if you are a member. You choose one of these settings:
- Public view: The data associated with your username and avatar image is viewable by non-members and members of Sercle; or
- Community view: The data associated with your username and avatar image is only viewable on the Platform by other members of Sercle; or
- Personal view: Some data (as specified by you) will not be viewable to anyone but you (for example, a condition may be hidden at your request).
Public profiles may be indexed or stored by Internet search engines (e.g., Google) or other independent sites, which means a member’s information might come up in the search results by anyone on the Internet, even after switching privacy levels.
You can change your privacy level at any time. None of the privacy levels allows non-members of the community to contact you.
What Kind of Information We Collect
Data that is identifying or potentially identifying is treated as “Identifying Data.” This data includes:
- User ID assigned by the Platform
- Platform password (this is collected as part of registration and stored as a one-way hash so that no one, other than you, knows what your password is)
- Name (Member may provide as part of registration or in a Member’s Account Information)
- Date of Birth
- Email address
- Mailing address (may be collected via email, forms, or Private Message with Sercle staff as part of Member programs such as t-shirt giveaways)
- IP Addresses
- Private Message content for Private Messages between Members
- Any of the above is entered as free text
Sercle may de-identify Identifying Data. This would include removing identifying information from free text entries like forum posts or comments. Once identifying information is removed, Sercle no longer treats the data as Identifying Data.
Sercle may aggregate or statistically analyze Identifying Data from more than one member, in which case such resulting aggregated or statistically analyzed data will not be treated as Identifying Data by Sercle.
“Non-Identifying Data” is all information, except Identifying Data, that Members provide about themselves when using the Platform or in other communications with Sercle. Examples of Non-Identifying Data that Members may submit include:
- Non-identifying photographs
- Age (unless over 89)
- Location (city, state/province, country)
- Gender identity
- Condition/mental health information (e.g., first symptom, family history)
- Treatment information (e.g., treatment stop reasons, dosages, side effects, treatment evaluations)
- Symptom information (e.g., severity, duration)
- Outcome scores (e.g. PHQ-9, GAD-7, DSM-5 (PCL-5), Health of the Nation Outcome Scales (HoNOS), DailyMe, and MonthlyMe measures (not including free-text associated with this tracking))
- Structured survey responses
- Non-identifying information shared via free text fields (e.g., the forums, treatment evaluations, surveys, annotations, journals, feeds)
- Connections to other people on the Platform (e.g., Followers, Leaders, and Groups)
Sercle may aggregate or statistically analyze data, including from more than one Member. The resulting aggregated or statistically analyzed data shall be treated as Non-Identifying Data by Sercle.
Platform Use Data
We, and our Vendors, use analytics code and may use web tracking technologies such as cookies and pixel tags to understand how Members use our platform and to improve products and services. Such collected data (“Platform Use Data”) can include the URL of the websites you visited before and after you visited our Platform, the type of browser you are using, your Internet Service Provider, what pages in our Platform you visit, what links you click on, date and time of your visit and duration, and whether you open email communications we send to you. The analytics code also collects information about you such as geolocation, age, gender, affinity categories, and interests, which can be used by Sercle and its analytics vendor (Google Analytics). You may be able to modify your browser settings to alter which web tracking technologies are permitted when you use the Platform, but this may limit your use of the Platform.
Platform Use Data is typically only used by Sercle and our Vendors. However, when de-identified it may be shared with our research Partners to help them understand how members use and benefit from the site.
How Data is Used and Shared
You should expect that every piece of Non-Identifying Data you submit on sercleinc.com may be shared with Partners.
Members are encouraged to share health information but should consider that the more information that is entered, the more likely it is that you could be located or identified.
How Identifying Data is Used
There are only 3 ways Identifying Data is shared with the community.
- The username you created on sercleinc.com is used throughout the site to represent you and your profile.
- Your avatar image, whether or not it is identifying, is also used to represent you and your profile on the site.
- Any identifying information you choose to share as free text in the various social features of the site will be shared with everybody on the site who chooses to read it.
If you are using the Platform with a special account type other than the regular member account type, additional identifying information about you may be shared. For example:
Mental health professionals or Researchers who were granted an official psychologist or research account, will have their full name and affiliation viewable by the Community via their profile;
Sercle employees and contractors may have a Staff account that identifies them as Sercle Staff.
We will never sell your identifying information for non-Sercle advertising purposes.
Sercle uses Identifying Data internally, as needed, for research, for maintenance and operation of the Platform, and to create better tools and experiences for you. We take steps to protect this data and limit access to only those who need it for their job.
If we have a member’s permission, their e-mail address will be used to send them a variety of notifications, including study invitations, newsletters, and private message notifications. You may change this setting at signup, on your account page, or by clicking the unsubscribe link at the bottom of any email you receive from Sercle. However, all Members receive administrative emails (e.g., password reset), which you cannot opt out of while you remain registered with the Platform.
Additionally, Identifying Data is not shared with or sold to Partners unless explicit consent is given. Specific instances where consent may be requested include:
- Special research projects and studies
- Co-registration with a Partner
- Media interviews of a member
- Participation in a health management program or sponsored group on Sercle.
Sercle, in some instances, will allow Vendors to have access to Identifying Data for the purpose of operating the Platform or improving services. Sercle investigates all engaged Vendors to ensure that their security and privacy practices are compliant with relevant regulations and up to Sercle standards. Specific examples where a Vendor may have access to Identifying Data include:
If you make a request, Sercle may provide a Vendor with the minimum amount of Identifying Data needed to fulfill the request. Examples include requesting to receive the company newsletter via email, requesting an email response from the Sercle support team, or requesting a t-shirt be sent to your postal mail address.
We may use your identifying information to exclude you from certain Sercle advertisements or to present certain participation opportunities to you.
How Non-Identifying Data is Used
Aggregated data (for example, counts of the number of Members with a certain condition or on a particular treatment) is not identifying and is displayed to the Community and shared with Partners. Data that a member has marked as reserved to their Personal View may be included in such counts.
In addition to serving the individual needs of our Members, Sercle and its Partners are interested in better understanding the survivor experience and improving treatment options and outcomes for everyone. For example, we may look at questions such as, “Do certain treatments work better for some types of people versus others?” Sercle provides Non-Identifying Data, in individual and aggregate format, to Partners for use in scientific research and market research. When selling this information, Sercle removes Members’ Identifying Data (de-identification) to reduce the possibility of re-identification and contractually forbids Partners from trying to re-identify Members.
Sercle may periodically ask Members to complete surveys about their experiences (including questions about products and services). Survey responses (possibly in combination with data from the Platform) are analyzed by Sercle researchers. Insights from the analysis may be shared with and/or sold to Partners in a way that does not identify any respondent. Member participation in these surveys is not required and refusal to do so will not impact a member’s experience with Sercle.
Sercle may report individual adverse events and drug safety information to regulatory Partners like the FDA, CDC, or other bodies (US and international) as well as directly to pharmaceutical and other Partners. When reporting such information, Sercle does not provide Identifying Data, although we reserve the right to contact Members for follow-up at the request of agencies or Partners. In this context, the data that Sercle reports may include free text or images on the forums or evaluations.
Finally, Sercle may use Non-Identifying Data internally or send it to Vendors who assist with operating our services. For example, we may send treatment or condition information to an e-mail provider so that information can be included in messages we send to you. In addition, some Vendors (such as Google Analytics) may use such data to improve their own products and services.
Sercle, like other online communities, is a “public forum.” Be aware that Non-Identifying Data, in the right combinations, might be used by other Members of the community to identify you. For example, having a mental health condition might make it easier to identify somebody when gender and state of residence are also known.
How Platform Use Data is Used
We use Platform Use Data for several purposes:
- Authentication: We use Platform Use Data stored in cookies on your computer to indicate that you have logged into your Sercle account and to enable you to use certain portions of our Platform.
- Understand Our Users: We use Platform Use Data to analyze trends, track users’ movements around the Platform, and gather demographic information about our user base as a whole. This provides us with the ability to determine aggregate information about our user base and usage patterns. Understanding how people use our Platform allows us to make the Platform better for everybody. It may also be used by our Vendors to improve their products and services. We may use this information, possibly in coordination with one of our research Partners, to do relevant research on user behavior or therapy outcomes. We do not sell this usage data to third parties for advertising or marketing purposes. We sometimes provide our Partners with aggregated usage data of all individuals they have referred to our site. We will only provide your personally identifying or identifiable Platform Use Data to Partners with your express consent.
- Administer Platform: We use Platform Use Data to help administer the Platform and Members’ use of the Platform. We may, in some circumstances, need to review this Platform Use Data in combination with specific Identifying Data to troubleshoot and resolve issues for individual users.
Closing Your Account
You are free to stop using this service at any time.
You can “deactivate” your account, in which case Sercle keeps your data stored so that you can return and reactivate without losing that data. If you choose to deactivate your account, Sercle will not display or share your data as of the date of deactivation. Sercle will not use your data in any research that begins after the date of your deactivation.
Alternatively, you can “delete” your account and data, in which case your data is permanently removed from Sercle and cannot be recovered.
Note: If you request deactivation or deletion, research that is already in progress or that was conducted prior to your request, will still include your data. This is important to support peer review of the research and replication of results — important parts of the scientific process. Sercle keeps special archives of your data for this purpose in accordance with relevant US and EU/EEA/UK regulations.
Other Special Cases
There are instances, not covered above, where your Non-Identifying Data, Identifying Data, and Platform Use Data may be used and disclosed, including, but not limited to, the following:
- Sercle may use your data in the case of an emergency or other circumstance that we determine requires a member of the management team to directly contact the Member (for example, a data breach that put the Member’s data at risk).
Other Security Issues
Sercle cannot guarantee the identity of any Members with whom you may interact in the course of using the Platform or who may have access to your displayed data. Additionally, we cannot guarantee the authenticity of any data that Members may provide about themselves.
Sercle takes commercially reasonable technical precautions to help keep Member data secure, and consistent with applicable EU, UK, and US laws. We take these precautions in an effort to protect your information against security breaches. However, this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by a breach of firewalls and secure server software. By using our Platform, you acknowledge that you understand and agree to assume these risks.
In the event of a breach, Sercle will notify relevant regulatory authorities within 72 hours of becoming aware of the breach. We will notify affected Members as soon as possible after that.
Risks and Benefits
While our goal is to help survivors improve their trauma healing outcomes, there are no certain benefits to using this website. However, compassion, understanding, and support from people who have similar experiences, including keeping track of personal well-being, treatments, and symptoms have been shown to be helpful in improving overall mental and physical health.
There is a possibility that you may feel uncomfortable sharing information online. It is possible that you could be identified using the information you elect to display on Sercle (and/or in conjunction with other data sources). You could be discriminated against or experience repercussions as a result of the information you share. For example, it is possible that employers, insurance companies, or others may discriminate based on information about your traumatic experience.
You should understand that anyone can register on Sercle and view the data you have elected to share on the Platform.
In using the Platform, you are free to skip any non-required questions or data fields that make you feel uncomfortable.
California Online Privacy Protection Act Notice
On September 27, 2013, California enacted A.B. 370, amending the California Online Privacy Protection Act to require website operators like us to disclose how we respond to “Do Not Track Signals” and whether third parties collect personally identifiable information about users when they visit us.
We do not track user activity that does not occur on our site and therefore do not use “do not track” signals.
We do not authorize the collection of personally identifiable information from our users for non-Sercle advertising purposes through advertising technologies without separate member consent.
California Civil Code Section 1798.83 also permits our members who are California residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please send an email to email@example.com. Please note that we are only required to respond to one request per Member each year.
Governing Law and Platform Visitors from outside the United States
We and our servers are located in the United States and are subject to the applicable US local and national laws. These laws may not have equivalent privacy protection as those in your country of residence. When we share information about you with our various Partners, the data-sharing agreement includes data protection clauses. We also comply with the EU-US and Swiss Privacy Shield Frameworks.
Be aware that the European Court of Justice (ECJ) has determined that no data transferred to the United States can be adequately protected from the United States government and that the United States does not provide adequate judicial remedies against the United States government for invasion of Europeans’ privacy.
Sercle Inc. is subject to the regulatory and enforcement authority of the US Federal Trade Commission.
We acknowledge the right of EU, UK, and Swiss individuals to access their personal data under the Privacy Shield. Individuals wishing to exercise this right may do so by contacting our community team.
We will also provide EU, UK, and Swiss individuals opt-out or opt-in choices before we share their data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, you may do so by contacting our community team.
Pursuant to the Privacy Shield, Sercle Inc. is liable for the onward transfer of personal data to third parties unless we can prove we were not a party to the actions resulting in the damages.
In compliance with the Privacy Shield Principles, Sercle Inc. commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union, UK, and Swiss individuals with Privacy Shield inquiries or complaints should first contact Sercle at: firstname.lastname@example.org.
Sercle has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU Privacy Shield. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/bbb-eu-privacy-shield-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
General Data Protection Regulation (GDPR)
All individuals have rights regarding their data. The European Union’s (EU) General Data Protection Regulations (GDPR) describes these rights in law. They include:
- You have the right to clear and transparent communication about your data. We want to make this policy as clear as possible and provide a friendlier version to help you understand it.
- You have the right to request a copy of your data in a common digital format. To request this information, please contact our community team.
- You have the right to edit or correct your data. You can edit most of your information on the Platform. If you need help with this, contact our community team.
- You have the right to request that your data be deleted. To do this, contact our community team.
- You have the right to be notified of any breach involving your data. We will notify the appropriate data protection authority within 72 hours of detecting a breach involving your data. We will notify you as soon as possible after that.
- You have the right to object to the processing of your data. You may decline any consent request to share your identifying data with a Partner and this will have no impact on your use of the service. For clarity, we may still share with our Partners data regarding you that does not identify you and is not connected with you. You may request to close your account at any time (see Closing Your Account above).
In some cases, these rights might be restricted. Some examples would include where the information requested compromises the privacy of another individual or is the subject of legal proceedings or investigation. Additionally, processing that has already occurred cannot be undone. If you have questions or complaints about our handling of these rights, see the information at the end of this policy.
What are the Legal Bases for Our Collection and Use of Your Data?
GDPR sets out a number of possible bases, three of which apply to Sercle Inc. and the Platform:
We need to use some identifying information just to operate the service. This includes your email address, username, password, and IP address, among other items.
In rare cases, we may need to share your data to comply with a legal obligation. See “Other Special Cases” above.
If you are a resident of the European Union or the UK and have a complaint about our use or processing of your data, you have a right to lodge a complaint with a national Data Protection Authority. The UK and each European Union member nation has established its own Data Protection Authority; you can find out about the Data Protection Authority in your country.