DRK Foundation | Supporting passionate, high impact social enterprises

COVID-19 Vaccination and Testing Protocol Privacy Notice

In response to the global coronavirus pandemic, the Draper Richards Kaplan (DRK) Foundation has implemented a COVID-19 Vaccination and Testing Protocol for its annual retreat. All DRK employees and attendees of the DRK Foundation annual retreat will be required to fill out a vaccination verification form or submit through our internal Sequoia One portal (latter for employees) and provide a negative COVID test administered within 72 hours before entering the premises and attending the retreat. The aim of this notice is to provide you with information on what personal information we collect, use, and disclose, and otherwise process, in connection with our COVID-19 Vaccination and Testing protocol.

What personal information is collected?

In connection with our COVID-19 Vaccination and Testing Protocol, we may collect:
‒ Contact Information, such as name and email address.
‒ Symptom and Health Information, including information regarding symptoms and the presence or absence of possible COVID-19 or other communicable illness (which may be collected through surveys or questionnaires, temperature scans, tissue sampling, testing or other medical examinations), treatment of or vaccination against COVID-19 or other communicable illness, and other health information.
‒ Exposure Information, including information regarding potential exposure to or infection of COVID-19 or other communicable illness, which may include recent travel history and contacts with other individuals.
‒ Vaccine Information, such as whether or not you are fully vaccinated, the brand of vaccine you received, and the dates you received your first and second vaccine (as applicable).
‒ Testing Information, such as health data in connection with COVID-19 (e.g. COVID-19 test pass/fail result).
‒ Information as Required by Law, including any additional information collected pursuant to directives by public health organizations or other government agencies in the jurisdictions in which we operate, including age, date of birth, sex, race, and ethnicity.

How is personal information used?

We use personal information collected through our COVID-19 Vaccination and Testing Protocol to:
‒ Comply with Law. We must comply with certain legal and regulatory requirements regarding public health, including to determine your fitness to enter the DRK Foundation annual retreat facilities consistent with applicable government regulations and guidelines.
‒ Protect Individuals’ Health and Safety. We have a legitimate business interest in protecting the health and safety of our employees, retreat, our visitors, and the public, including to communicate with individuals about their vaccination status, testing results and/or whether they have been in close contact with a confirmed COVID-19 positive individual.
‒ Understand and Manage Our Organizational Efforts. We may also use personal information for statistical purposes to help us understand and manage our organization more efficiently, as well as to track effectiveness of our COVID 19 Vaccination and Testing Protocol and otherwise comply with legal, regulatory, and public health requirements.

How will personal information be shared?

While we take reasonable precautions to respect the privacy and confidentiality of your personal information collected through our COVID-19 Vaccination and Testing Protocol, we may share personal information, including vaccination status, testing results, and symptom and health information, in the following ways:
‒ Within DRK Foundation. Personal information may be shared with need-to-know individuals within our organization to facilitate the COVID-19 Vaccination and Testing Protocol.
‒ Service Providers. Personal information may be shared with service providers we use to conduct or support health and safety measures in connection with our COVID-19 Vaccination and Testing Protocol, mainly our data hosting provider or event venue
‒ Governmental Agencies. Personal information may be shared with governmental and public health agencies if requested for public health purposes or required by law.
‒ Health and Safety. Personal information may be shared as we reasonably believe necessary to protect the personal health or safety of our employees, visitors, or others.
‒ Legal and Public Health Obligations. Personal information may be shared as we reasonably believe necessary to comply with legal, regulatory, and public health obligations.
‒ Permission. We may disclose personal information about you to third parties with your permission.

How long will personal information be retained?

Personal information collected in connection with our COVID-19 Vaccination and Testing Protocol will be retained as long as we reasonably believe necessary to fulfill our health and safety goals, and to comply with legal, regulatory, public health and other record-keeping obligations. Personal information will be maintained securely in a manner consistent with the Equal Employment Opportunity Commission’s guidelines, the Americans with Disabilities Act and the Health Insurance Portability and Accountability Act (HIPAA), and other privacy laws, to the extent they apply.

Will these procedures and privacy practices change?

Yes. Our COVID-19 Vaccination and Testing Protocol has been developed based on guidance and directives from health authorities and government agencies, including the U.S. Center for Disease Control and Prevention (CDC) in response to the global coronavirus pandemic. Our policies, procedures, and privacy practices are subject to change without notice due to evolving recommendations and requirements with regard to COVID-19. We may also update our practices over time as we learn more about the pandemic and the efficacy of different health and safety measures. Changes to our procedures and privacy practices will be communicated to employees and visitors, as appropriate.

What are my privacy rights?

You may have certain rights with respect to the personal information collected in connection with our COVID-19 Vaccination and Testing Protocol. DRK treats any medical information as a confidential medical record. All reasonable precautions will be taken to prevent inappropriate disclosure of medical information according to applicable laws. DRK will adhere to all federal, state, and local public health reporting requirements.

Who should be contacted with questions?

If you have any questions in connection with this COVID-19 Vaccination and Testing Protocol Privacy Notice, please contact nhuang@drkfoundation.org.