GDPR Privacy Notice

Skip Navigation
Back to top

Nemours EU Privacy Notice

The Nemours Foundation (“Nemours”, “we” or “us”), a Florida not-for-profit corporation, respects your privacy. We are the data controller with respect to your personal data that you submit to us. For questions regarding how we use your personal data, please contact us via email at or in writing at the following address:

The Nemours Foundation
Kevin Haynes
Chief Privacy Officer and Data Protection Officer
10140 Centurion Parkway North
Jacksonville, Florida 32256

Personal Data

When you complete our International Medicine Contact Form, some of the information that you provide to us constitutes “personal data” as defined in the European Union General Data Protection Regulation (GDPR). Under the GDPR, personal data means any information relating to an identified or identifiable individual. This means that personal data includes any identifying information about you or another person, such as your name, birthdate, email address, and passport number.

Sensitive Data

Some of the information you provide to us constitutes sensitive data as defined in the GDPR, including information concerning your health and identification of your race or ethnicity on government-issued identification documents.

Legal Bases for Processing

We only use your personal information as permitted by law. We are required to inform you of the legal bases of our processing of your personal information, which are described in the table below. If you have questions about the legal bases under which we process your personal information, contact us at

Processing Purpose & Legal Basis

To provide our service

Our processing of your personal information is necessary to perform the contract governing our provision of our healthcare services or to take steps that you request prior to engaging our services. You are not obliged to provide your personal data. However, we may be unable to conclude the contract if you decide not to provide personal data.

To communicate with you for compliance, fraud prevention, and safety

These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impacts on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by any adverse impact on you (unless we have your consent or are otherwise required or permitted by law).

To comply with law

We use your personal information to comply with applicable laws.

With your consent

Where our use of your personal information is based upon your consent, you have the right to withdraw it anytime by contacting us at or in writing to: The Nemours Foundation, Kevin Haynes, Chief Privacy Officer and Data Protection Officer, 10140 Centurion Parkway North, Jacksonville, Florida 32256

Use for New Purposes

The purposes for which we use your personal information are described in our Notice of Privacy Practices. We may use your personal information for reasons not described in the Notice of Privacy Practices, where we are permitted by law to do so and where the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis for that use. If we have relied upon your consent for a particular use of your personal information, we will seek your consent for any unrelated purpose.


We will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information you have provided, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. Medical Records stored in electronic format shall be retained 50 years from the last date of service, for both minor and adult patients. Once the retention for a Medical Record in electronic format has expired, the record shall be destroyed. Medical Records stored on paper of adult patients who have received healthcare services by Nemours will be maintained for 10 years past the last visit date. For minor patients, Medical Records stored on paper shall be retained until the minor patient reaches the age of 30 years. Once the retention period for a Medical Record in paper format has expired, the record shall be destroyed.

Your Rights

Under the GDPR, you have certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:

  • Opt-out. Stop sending you direct marketing communications that you have previously consented to receive. We may continue to send you nonmarketing communications.
  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct. Update or correct inaccuracies in your personal information.
  • Delete. Delete your personal information.
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
  • Restrict. Restrict the processing of your personal information.
  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You can submit these requests by email to We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at or submit a complaint to the data protection authority in your jurisdiction.

Cross-Border Data Transfer

Please be aware that your personal data will be transferred to, processed, and stored in the United States in order to process your Health Information Form and to perform our healthcare services. Data protection laws in the United States may be different from those in your country of residence. You consent to the transfer of your personal data, including sensitive personal data, to the United States by completing a Nemours Authorization to Release Protected Health Information form.

We will not transfer your personal information out of the United States. If a transfer is required we will obtain your consent prior to any transfer.