Privacy

Effective as of February 27, 2025

This Privacy Statement explains our collection, use, and disclosure of personal data. This privacy statement applies to Alzheimer’s Disease Data Initiative, Inc. (the AD Data Initiative) and our controlled affiliates and subsidiaries referred to collectively as the “AD Data Initiative,” “ADDI,” “we,” “us,” or “our.” In this statement, references to our “services” include our websites, the AD Data Initiative’s AD Workbench, and other products and services. This statement applies to our services that display or reference this statement, but it does not apply to any services that display or reference a different privacy statement.

Table of Contents (click to jump)

Personal Data We Collect
How We Use Your Personal Data
Our Disclosure of Personal Data
Your Choices
Retention of Personal Data
Other Sites, Mobile Applications, and Services
Location of Personal Data
Security Practices
Cookie Policy
European Data Protection Rights
Changes to this Privacy Statement
How to Contact Us

Personal Data We Collect

The personal data we collect depends on how you interact with us, the services you use, and the choices you make.

Information you provide to us. Personal data you provide to us through the services may include:

Name and contact information. We collect name, username or alias, and contact details such as email address, postal address, and phone number. You are only required to provide an email address so that we can fulfill your request to communicate with you. If you choose to give a name in your communication request, you are free to use a pseudonym.

Content and files. We collect the datasets, documents, or other files you upload to our services, and if you send us email messages or other communications, we collect and retain those communications.

Usage data. We automatically log your activity on our websites, apps and connected products. For example, we log the URL of the website from which you came to our sites, the pages you viewed, how long you spent on a page, access times, and other details about your use and actions on our website. See the Cookies, Mobile IDs, and Similar Technologies section below for how we process usage data.

Marketing information. We collect your preferences for receiving communications about our products, activities, publications, and details about how you engage with our communications.

Health research data. We process the previous and current pseudonymized medical health records concerning research data subjects submitted to us by you, our research contributors.

Other information. We may collect data that is not explicitly listed here but which we will use in accordance with this Privacy Statement or as otherwise disclosed at the time of collection.

Information we obtain from third-party sources. We also obtain the types of information described above from third parties. These third-party sources include, for example:

Third-party partners. Third-party researchers, institutions, and organizations, such as your employer, research sponsor, or consortium. Third-party partners also include our analytics and marketing partners.

Information we collect as part of challenges. We may sponsor or co-brand various challenges or events ("Challenges"). We receive the information that contestants provide to enter the challenge (such as name and email address). Winners may also need to provide us banking information or other details if they are awarded a prize.

Service providers. Third parties that collect or provide data in connection with work they do on our behalf, for example companies that determine your device’s location based on its IP address. We host data for research and other purposes in line with our charitable mission in the Aridhia DRE, also referred to as the AD Workbench. Aridhia’s privacy statement applies to Aridhia’s use of any personal data and Aridhia is a service provider of the AD Data Initiative for this purpose. The AD Data Initaitive will only use and share personal data received as part of the Aridhia DRE to provide the data sharing service and for other purposes that are consistent with and in support of our charitable mission. The type of information the AD Data Initiative will receive as part of the Aridhia DRE is business card-level information used to register for an account, such as name, email address, and title/organization.

Information we obtain from social media platforms. We may maintain pages for AD Data Initiative on social media platforms, such as Facebook, Twitter, and LinkedIn. When you visit or interact with our pages on those platforms, the platform provider’s privacy statement will apply to your interactions and their collection, use, and processing of your personal data. You or the platforms may provide us with information through the platform, and we will treat such information in accordance with this Privacy Statement.

Information we obtain from community forums. You may participate in our online forums. You should be aware that any information you provide or post in these areas may be read, collected, and used by others who access them. You may be required to register with a third-party application to post a comment. When you do, the platform provider’s privacy statement will apply to your interactions and their collection, use, and processing of your personal data. You or the platforms may provide us with information through the platform, and we will treat such information in accordance with this Privacy Statement.

Publicly available sources. Public sources of information such as open government databases.

When you are asked to provide personal data, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain services or features, those services or features may not be available or fully functional.

How We Use Your Personal Data

We use the personal data we collect for purposes described in this privacy statement or as otherwise disclosed to you. For example, we may use any of the categories of personal data we collect for the following purposes:

To operate the services. We use your personal data to:

provide, operate, and improve the services or Challenges;
enable the AD Workbench, which facilitates research related to our scientific mission;
facilitate social features of the services, such as our blog community forum, and connecting researchers with similar research interests;
communicate with you about the services, including by sending you announcements, updates, security alerts, and support and administrative messages; and
provide support and maintenance for the services.

Personalization. To understand you and your preferences to enhance your experience and enjoyment using our services.

Research and development. We analyze use of the services to improve the services and to develop new products and services.

Marketing. To communicate with you about new services, offers, promotions, rewards, contests, upcoming events, and other information about our services and those of our selected partners (see the “Choice and Control” section of this statement for information about how to change your preferences for promotional communications). We may send you marketing communications as permitted by law.

Communications. To send you information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.

Compliance, fraud prevention, and safety. To comply with the law, we use your personal data as necessary or appropriate to comply with applicable laws, lawful requests, and legal processes, such as responding to subpoenas or requests from government authorities. In addition, we may use your personal data and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to:

Protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims);
Enforce the terms and conditions that govern the services; and
Protect, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity.

Customer support. To provide customer support and respond to your requests, questions, and feedback, we combine data we collect from different sources for these purposes and to give you a more seamless, consistent, and personalized experience.

Anonymous data. We may create aggregated and other anonymous data from your personal data and other individuals whose personal data we collect. We make personal data into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes to analyze and improve the services and promote our business. If we do create anonymous data, we will take steps to ensure it is not re-identified.

Our Disclosure of Personal Data

We disclose personal data with your consent or as we determine necessary to complete your transactions or provide the services you have requested or authorized. We do not share your personal data with third parties without your consent, except in the following circumstances or as otherwise described in this Privacy Statement:

Business Partners. We may share your personal data with Gates Ventures, LLC, which helps the AD Data Initiative by providing technical support, such as troubleshooting site issues and administrative assistance, for purposes consistent with this Privacy Statement.

Service providers. We provide personal data to vendors or agents working on our behalf for the purposes described in this statement. Companies we’ve hired to provide customer service support or assist in protecting and securing our systems and services may need access to personal data to provide those functions. For example, we use Google Analytics on our website to help us understand how users interact with our website; you can learn how Google collects and uses the information at www.google.com/policies/privacy/partners. Additional examples of some of our current service providers as of the date of posting this privacy statement are:


Company/Service	Purpose(s)	Privacy Notice
Microsoft Azure	Websites, databases, CRM services; all long-term data backups are held within Azure	https://privacy.microsoft.com/en-us/privacystatement
Google Analytics	Advertising analytics	https://policies.google.com/privacy?hl=en-US
Verint	community forum	https://www.verint.com/our-company/legal-documents/privacy-policy/

Affiliates. We enable access to personal data across our subsidiaries, affiliates, and related companies, for example, where we share common data systems or where access helps us to provide our services and operate our business.

Professional advisors. We may disclose your personal data to professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services that they render to us.

Other Researchers. If you choose to participate in sharing, we may share your contact information and research projects, areas of interest, or research background with other researchers on our platform for the purpose of connecting and potentially collaborating.

For compliance, fraud prevention and safety. We may share your personal data for the compliance, fraud prevention and safety purposes described above. We will share your personal data to protect the rights or property of ourselves or others, including enforcing our agreements, terms, and policies.

Government Requests. We will access, disclose, and preserve personal data when we believe that doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies. Notwithstanding anything to the contrary in this statement, we may preserve or disclose your information if we believe that it is reasonably necessary to comply with a law, regulation, or legal request or to protect the safety, property, or rights of the AD Data Initiative or others. However, nothing in this statement is intended to limit any legal defenses or objections that you may have to a third party or government request to disclose your information.

Organizational transfers. We may transfer or otherwise share some or all of our business or assets, including your personal data, in connection with a (potential) organizational transaction such as a merger, consolidation, reorganization, or in the event of dissolution.

Your Choices

In this section, we describe the choices available to all users. Users who are located within Europe can find additional information about their potential rights below.

Opt out of marketing communications. You may opt out of marketing emails by following the unsubscribe instructions at the bottom of the email. You may continue to receive Service-related and other non-marketing emails.

Opt out of research connections. You may opt out of having your personal information shared with other researchers within the Service.

Cookies & browser web storage. For information on how to disable cookies and similar technologies used in the services, see our Cookie Policy.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit www.allaboutdnt.com.

Choosing not to share your personal data. Where we are required by law to collect your personal data, or where we need your personal data to provide the services to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with the services or certain features. We will tell you what information you must provide to receive the services by designating it as required at the time of collection or through other appropriate means. In some cases, you may provide a pseudonym, such as when you sign up for our email list.

Retention of Personal Data

We retain personal data where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested; to comply with applicable legal, tax or accounting requirements; to establish or defend legal claims; or for fraud prevention). When we have no ongoing legitimate organizational need to process your personal data, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible. For example:

“Live” user data (username, email, sign-in information) is stored indefinity unless a request is received to remove it.
User generated content (comments, documents, or other files) is retained indefinitely unless a request is received to remove it.
Research datasets used for scientific research are retained indefinitely in order to support scientific integrity and reproducibility, or at the discretion of the contributing researcher.
Backup data (which may contain the above user-specific information) is retained for up to one year.
We may also delete data in accordance with set retention policies.

Other Sites, Mobile Applications, and Services

The Services may contain links to, or content or features from, other websites and online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages, mobile applications, or online services that are not associated with us. We do not control third-party websites, mobile applications, or online services and are not responsible for their actions. Other websites and services follow different rules regarding collecting, using, and sharing your personal data. We encourage you to read the privacy policies of other websites, mobile applications, and online services you use.

Location of Personal Data

The personal data we collect may be stored and processed in your country, region, or any other country where we, our affiliates, subsidiaries, or service providers process data. Currently, we primarily use data centers in Ireland, the Netherlands, and the U.K., but depending on our processing activity, we may use servers in other locations. The storage location(s) are chosen to operate efficiently and improve performance. In addition, we take measures to protect and secure where data is stored and processed, as described in this statement.

Location of Processing and Transfer of European Personal Data. We transfer personal data from the European Economic Area (EEA), United Kingdom (UK), and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do so, we use legal mechanisms, including contracts, to help ensure your rights and protections. To learn more about the European Commission’s decisions on the adequacy of personal data protections, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.

Security Practices

We employ several organizational, technical, and physical safeguards to protect the personal data we collect. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your personal data. To help us protect personal data, we request that you use a strong password and never share your password with anyone or use the same password with other sites or accounts.

Cookie Policy

We use cookies, web beacons, mobile analytics, and similar technologies (“Cookies”) to operate our websites and online services and to help collect data, including usage data, identifiers, and device information.

What are Cookies and similar technologies?

Cookies are small text files placed by a website and stored by your browser on your device. A Cookie can later be read when your browser connects to a web server in the same domain that placed the Cookie. The text in a Cookie contains a string of numbers and letters that may uniquely identify your device and can contain other information as well. This allows the web server to recognize your browser over time, each time it connects to that web server.

Web beacons are electronic images (also called single-pixel or clear GIFs) that are contained within a website or email. When your browser opens a webpage or email that contains a web beacon, it automatically connects to the web server that hosts the image (typically operated by a third party). This allows that web server to log information about your device and to set and read its own Cookies. In the same way, third-party content on our websites (such as embedded videos, plug-ins, or ads) results in your browser connecting to the third-party web server that hosts that content. We also include web beacons in our email messages or newsletters to tell us if you open and act on them.

Mobile analytics are generated by operating systems for mobile devices (iOS and Android) and can be accessed and used by apps in the same way that websites access and use Cookies. Our apps contain software that enables us and our third-party analytics to access these mobile IDs

How are Cookies categorized?

Cookies are either session Cookies or persistent Cookies. Session Cookies are stored in temporary memory and are not retained after your browser is closed. Persistent Cookies are stored on your device in a folder associated with your browser and are activated again once you visit other sites that can identify that Cookie. Persistent Cookies remain on your device for the duration period set within the Cookie or until they are deleted.

We classify our Cookies into the following categories:

Required. Required Cookies are essential for the basic functionality of our website and services. They enable core functions such as page navigation, access to secure areas of the site, and ensuring that the website operates efficiently. Because they are needed for the service’s operation, they are always set to "Active."
Functional. Functional Cookies are used to enhance the functionality of the website and provide features that make the user experience better. These Cookies allow our website to remember choices you make such as language preferences and provide personalized features. Overall, these Cookies are not strictly necessary for our website to operate but enhance your experience on our website. You have the option to choose whether to accept or decline these Cookies at your discretion.
Analytics. Analytics Cookies are used to gather information about how you interact with our website. These Cookies collect information such as the number of times you and other users visit our website, the source of the visit (e.g., direct traffic or search engine), and the time spent on the page. We use this data to inform how to best improve our website and services. You have the option to choose whether to accept or decline these Cookies at your discretion.
Advertising. Advertising Cookies are used by advertising companies to inform and serve personalized ads more relevant to your interests. These Cookies also may facilitate sharing information with social networks or recording your interactions with particular ads. You have the option to choose whether to accept or decline these Cookies at your discretion.

How do we and our partners use Cookies and similar technologies?

We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and activity occurring on or through the services. The information that may be collected automatically includes your computer or mobile device operating system type and version number, manufacturer and model; device identifier; browser type; screen resolution; IP address; the website you visited before browsing to our website; general location information such as city, state or geographic area; and information about your use of and actions on the services, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access. Our service providers and business partners may collect this type of information over time and across third-party websites and mobile applications.

What controls are available?

There are a range of Cookie and related controls available through browsers, mobile operating systems, and elsewhere. For example:

Cookie controls. Most web browsers are set to accept Cookies by default. If you prefer, you can go to your browser settings to learn how to delete or reject Cookies. If you choose to delete or reject Cookies, this could affect certain features or services of our website. If you choose to delete cookies, settings and preferences controlled by those Cookies may be deleted and may need to be recreated.

Our Cookie settings can be accessed by clicking on the “Cookie Consent” link in the footer of the site. Our Cookie controls include the ability to enable and disable functional, analytics, and advertising Cookies. You may modify your Cookie choices anytime from the same web browser.

Global Privacy Control. Some browsers and browser extensions support the “Global Privacy Control” (GPC) or similar controls that can send a signal to the websites you visit indicating your choice to opt-out from certain types of data processing, including data sales and/or targeted advertising, as specified by applicable law. It is not always possible to detect such a signal. You can use the range of other tools to control data collection and use, including the Cookie controls described above.

Do Not Track. Some browsers include a "Do Not Track" (DNT) setting that can send a signal to the websites you visit, indicating you do not wish to be tracked. This is a browser setting and there is no common understanding of how to interpret the DNT signal; therefore, our websites do not respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the Cookie controls described above.

European Data Protection Rights

The information provided in this section applies only to individuals in the European Economic Area, Switzerland, and United Kingdom (collectively, “Europe”).

Controller and Representative. The AD Data Initiative is the controller of your personal data covered by this Privacy Statement for purposes of European data protection legislation.

The contact information for our representative in Europe is: Europesupport@alzheimersdata.org.

Legal bases for processing. We rely on different lawful bases for collecting and processing personal data about you, for example, with your consent and/or as necessary to provide the services you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfil other legitimate interests.

Use for new purposes. We may use your personal data for reasons not described in this Privacy Statement where permitted by law, and the reason is compatible with the purpose for which we collected it. If we need to use your personal data for an unrelated purpose, we will notify you and explain the applicable legal basis.

Sensitive personal data. We process pseudonymized sensitive personal data (e.g., information related to racial or ethnic origin, health, biometrics or genetic characteristics) for research purposes, in conjunction with data contributors and researchers.

Your Rights: European data protection laws give you certain rights regarding your personal data. If you are located within Europe, you may ask us to take the following actions in relation to your personal data that we hold:

Access. Provide you with information about how we process your personal data and give you access to your personal data.
Correct. Update or correct inaccuracies in your personal data.
Delete. Delete your personal data.
Transfer. Transfer a machine-readable copy of your personal data to you or a third party of your choice.
Restrict. Restrict the processing of your personal data.

Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal data that impacts your rights. You also have the ability to control your Cookie settings. Our Cookie settings can be found at https://www.alzheimersdata.org/privacy#Cookie. Our Cookie controls include the ability to enable and disable functional, analytics, advertising, and uncategorized cookies. You may modify your cookie choices anytime from the same web browser.

To make such requests, please use the contact information at the bottom of this statement. We may request specific information to confirm your identity and process your request. However, applicable law may require or permit us to decline your request. We will tell you why if we decline your request, subject to legal restrictions. When we are processing data on behalf of another party that is the “data controller,” you should direct your request to that party. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns. You can find your data protection regulator here. For additional information, you may also visit https://ico.org.uk.

Changes To This Privacy Policy

We will update this Privacy Statement when necessary to reflect changes in our services, how we use personal data, or the applicable law. When we post changes to the statement, we will revise the "Last Updated" date at the top of the statement. If we make material changes to the statement, we will provide notice or obtain consent regarding such changes as may be required by law.

How To Contact Us

If you have any questions or comments about this Policy or the AD Data Initiave's privacy practices, email us at support@alzheimersdata.org or contact our European representative at Europesupport@alzheimersdata.org. You may also contact our DPO at DPO.ADDI@twobirds.com.

Additionally, if you are located in the EEA or the United Kingdom and have questions about your personal data, you may contact our representative at:

Bird & Bird GDPR Representative Services SRL

Avenue Louise 235

1050 Bruxelles

Belgium

EUrepresentative.ADDI@twobirds.com

DPO.ADDI@twobirds.com

Bird & Bird GDPR Representative Services UK

12 New Fetter Lane

London

EC4A 1JP

United Kingdom

UKrepresentative.ADDI@twobirds.com