Privacy Policy
Last updated: 29 August 2025
ER Wait Times.org ("we," "us," or "our") operates the website ERWaitTimes.org, related mobile pages, embedded widgets, and public API (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information, including how we run our SMS text-messaging programs.
1. Who We Are
ER Wait Times.org ("we," "us," or "our") operates an online platform that displays emergency-room wait-time estimates and related hospital information across the United States.
2. Scope & Key Definitions
This Policy governs all Personal Information collected through the Services, regardless of device or jurisdiction. Statutory definitions align with:
U.S. laws: CCPA/CPRA, BIPA, PIPA, HIPAA, TCPA, state consumer-privacy statutes
Non-U.S. laws: EU/UK GDPR
"Personal Information" ("PI") means information that identifies, relates to, or could reasonably be linked to an individual, such as a mobile-phone number.
3. Information We Collect
Category | Examples | Source | Primary Legal Basis* |
|---|---|---|---|
Identifiers | IP address, cookie ID | automatic | Legitimate interests / consent |
Approx. Location | City-level geolocation inferred from IP | automatic | Legitimate interests |
Contact Data | Name, email, mobile number | user-supplied | Consent / contract |
Technical Data | Browser, OS, time-stamps | automatic | Legitimate interests |
Health-Context Data | Search terms ("ER near…") | user action | Legitimate interests |
SMS & Log Data | Opt-in time-stamp, carrier, message history | automatic | Legal obligation (TCPA), legitimate interests |
*GDPR Art. 6 bases; analogous grounds apply under U.S. laws.
3.1 Cookies
We use first- and third-party cookies for analytics and preference storage. Non-essential cookies fire only after affirmative consent or as allowed by applicable law.
4. How We Use Your Information
Serve real-time ER wait-time dashboards and geo-nearest hospital suggestions.
Provide text messages for:
• Transactional/utility purposes (login codes, critical service notices, subscription alerts - max 4 per event).
• Marketing/promotional offers (max 3 per calendar month).
Improve accuracy through aggregated analytics (IP addresses truncated).
Respond to inquiries or send newsletters (with opt-out).
Detect, investigate, and prevent fraud or security incidents.
Comply with laws, subpoenas, or enforce our Terms of Use.
5. SMS/Text-Messaging Program Terms
Opt-In
You must affirmatively consent (unchecked checkbox or similar) before receiving texts. The call-to-action reads:
"By entering your mobile number and checking this box, you agree to receive up to 4 utility texts per event and up to 3 marketing texts per month from ER Wait Times.org. Consent is not a condition of purchase. Reply STOP to cancel, HELP for help. Msg & Data rates may apply. See Privacy Policy & Terms."
Message Frequency
• Utility/transactional: up to 4 texts per service event (e.g., password reset, critical outage alert).
• Marketing: up to 3 recurring texts per month.
Opt-Out
Reply STOP at any time to cancel. You will receive one final confirmation text.
Help
Reply HELP or email marketing@erwaittimes.org.
Carriers
Wireless carriers are not liable for delayed or undelivered messages.
Data Use
Mobile numbers are used solely to deliver the requested texts; we do not sell or share them for third-party marketing.
Record-Keeping
We log opt-in/opt-out details (time-stamp, IP, carrier) as required by the TCPA, CTIA, and Twilio.
6. Sharing & Disclosure
We never sell Personal Information. We may disclose data only to:
Service Providers
(hosting, SMS delivery, analytics) bound by contracts prohibiting secondary use.
Healthcare-Facility Partners
(aggregated, de-identified statistics only).
Legal/Safety Purposes
to comply with law, court orders, or prevent imminent harm.
Corporate Events
(merger, acquisition) with prior notice.
7. Your Privacy Rights
A. EU/UK GDPR
– access, correct, delete, restrict, port, or object; withdraw consent.
B. California CCPA/CPRA
– know, delete, correct, and opt out of "sharing."
C. Other U.S. State Laws
– we honor Washington's My Health My Data Act, Nevada SB 370, Connecticut DPA, et al.
D. Illinois-Specific (BIPA & PIPA)
– biometric-data consent; breach notice within 45 days.
E. HIPAA
– we are not a "covered entity" or "business associate."
Exercise any right by emailing marketing@erwaittimes.org. We may verify identity before fulfilling a request.
8. Data Retention
Server logs: 30 days
Anonymized analytics: 24 months
Contact-form & SMS opt-in data: 24 months after last interaction or sooner if the purpose ends
Backup archives: purged on a 35-day rolling basis
9. Security
We secure data via TLS 1.3, AES-256 encryption at rest, web-application firewalls, intrusion detection, and mandatory MFA for staff. Despite safeguards, no system is 100% secure; please report suspected vulnerabilities to our security team.
10. International Transfers
When EEA/UK data is processed in the United States, transfers rely on the 2021 EU Standard Contractual Clauses plus supplementary technical and organizational measures.
11. Children's Privacy
The Services are not directed to children under 13; we do not knowingly collect their PI (COPPA compliance).
12. Governing Law
This Policy is governed by Illinois law (County of DuPage), excluding conflict-of-law principles.
13. Changes to This Policy
We will update this Policy whenever practices or laws change. Material revisions will be announced via site banner or email. An archive of prior versions is maintained for transparency.
14. Contact Us
Questions? Email marketing@erwaittimes.org