Effective date: 08/15/2018
This Notice explains how the American College of Osteopathic Surgeons, including the American College of Osteopathic Surgeons Trust Fund (“ACOS”, “we”, or “us”) collects and processes your Personal Data. Each time you use our Site, the current version of this Notice will apply. Accordingly, whenever you use our Site, you should check the date of this Notice (which appears at the top) and review any changes since the last version. This Notice is applicable only to Site visitors, registered users, and other users of our Site located in the European Union (“EU”) who use our Site or services in connection with ACOS’s offering of goods or services in the EU.
“Personal Data” is any information that enables us to identify you, directly or indirectly, by reference to an identifier such as your name, identification number, location data, online identifier or one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.
By visiting www.facos.org or related properties, (together the “Site”), you acknowledge that you have read and understood the processes and policies referred to in this Notice.
WHO WE ARE
For the purposes of the General Data Protection Regulation 2016/679 (the “GDPR”), the Data Controller is the American College of Osteopathic Surgeons registered in Virginia USA with a registered address at 1680 Duke Street, Suite 500, Alexandria, VA 22314. Our Chief Executive Officer, Linda Taliaferro, is responsible for overseeing questions in relation to this Notice for the purposes of the GDPR.
HOW TO CONTACT US
If you have any questions or concerns about this Notice, please contact us using [email protected]. Alternatively, you can contact us by phone at (703) 684-0416, or by mail to 1680 Duke Street, Suite 500, Alexandria, VA 22314.
HOW WE COLLECT YOUR PERSONAL DATA
Personal Data that you give us
We may collect and process the following Personal Data:
Personal data we collect from you
- Contact information, which you provide when corresponding with us by phone, e-mail or otherwise. This includes information you provide when you participate in discussion boards or other social media functions on our Site and when you report a problem with our Site. The information you give us may include your name, address, e-mail address, phone number, financial information and/or credit card information.
- Membership information, including your name, contact details such as address, phone number and email address (business or personal), age, job title, government identification numbers (e.g. social security number, passport number etc.), year of admission and any other information related to your membership. Membership information may be provided by you during the registration process, or by your employer on your behalf.
- Dues payment information, including financial information such as credit/debit card and account numbers used to register or renew your membership.
- Purchase information, relating to purchases made by members and non-members of delegate passes and event participation, books, reports, journals or newsletter subscriptions either in-person or via our Site. Purchase information will include financial information as well as information concerning the content and time of the purchase.
- Disciplinary information, relating to ethics/disciplinary programs in which complaints against members are adjudicated, with the result being possible suspension/expulsion from membership. This may include extensive information about a member's business or professional activities, including employment information, and similar information relating to other individuals involved in the investigation, though would usually not include financial information.
- Certification information, relating to certification programs, in which members are granted certification if they meet specified educational/employment experience requirements and/or pass an exam. This may include extensive information about the experience/performance of those certified or accredited. Where the certification concerns institutions or businesses, this may include similar information identifying employees and other members of staff including volunteers.
- Residency training information, relating to surgical residency training programs, in which members and non-members are granted approvals if they meet specified education/employment experience requirements and/or satisfy training requirements.
With regard to each of your visits to the Site we will automatically collect the following information:
Personal Data we collect from others
- Technical information, including the Internet protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- Information about your visit, including pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number; and
- Location information
We may receive information about you from publicly available and third-party databases or services that provide information about business people that we believe will help us identify provide products and services that may be of interest to you. We will obtain your consent before contacting you if required by the law of the country in which you are located.
We collect information that is sent to us automatically by your web browser and we may use this information to generate aggregate statistics about visitors to our Site, including, without limitation:
- IP addresses
- Browser type and plug-in details
- Device type (e.g., desktop, laptop, tablet, phone, etc.)
- Operating system
- Local time zone
We may use non-Personal Data for various business purposes such as providing customer service, fraud prevention, market research, and improving our Site. Please check your web browser if you want to learn what information your browser sends or how to change your settings.
HOW WE USE YOUR PERSONAL DATA
We will only process your Personal Data, including sharing it with third parties, where (1) you have provided your consent which can be withdrawn at any time, (2) the processing is necessary for the performance of a contract to which you are a party, (3) we are required by law, (4) processing is required to protect your vital interests or those of another person, or (5) processing is necessary for the purposes of our legitimate interests, except where such interests are overridden by your rights and interests.
Personal Data that you give us
We may use Personal Data that you provide directly to us for the following purposes:
Information we collect about you
- to carry out our obligations arising from your membership, or any other contract entered into between you and us and to provide you with the information, products and membership services that you request from us;
- to organize events that you have purchased or registered for, and to provide you with information, and other materials, relating to the content of the event, the speakers, sponsors and other attendees;
- to provide our newsletter and other publications to our members;
- to respond to your questions and provide related membership services;
- to provide you with information about other events, products and services we offer that are similar to those that you have already purchased, provided you have not opted-out of receiving that information;
- to provide you, or permit selected third parties to provide you, with information about events, products or services we feel may interest you, provided you have given your consent;
- to transfer your information as part of a merger or sale of the business;
- to notify you about changes to our membership service; and
- to ensure that content from our Site is presented most effectively for you and your computer.
We will use Personal Data that we have collected about your use of our Site:
Personal Data we receive from other sources
- to administer our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our Site to ensure that content is presented most effectively for you and your computer;
- as part of our efforts to keep our Site safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
- to make suggestions and recommendations to you and other users of our Site about goods or services that may interest you or them.
We will combine this information with information you give to us and information we collect about you. We will use this information and the combined Personal Data for the purposes set out above (depending on the types of information we receive).
WHEN WE SHARE AND WHO CAN ACCESS YOUR PERSONAL DATA
We may share your Personal Data for the purposes described in this Notice with:
- a member of our group
- partners, suppliers and sub-contractors, for the performance of obligations arising from your membership, or any other contract we enter into with them or you or to provide you with the information, products and membership services that you request from us
- analytics and search engine providers that assist us in the improvement and optimization of our Site
- trusted third-party companies and individuals to help us provide, analyze, and improve the Site and our membership services (including but not limited to data storage, maintenance services, database management, web analytics and payment processing)
- in the event that we sell or buy any business or assets, in which case we will disclose your Personal Data to the prospective seller or buyer of such business or assets
- if ACOS or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its customers will be one of the transferred assets.
We will only transfer your Personal Data to trusted third-parties who provide sufficient guarantees in respect of the technical and organizational security measures governing the processing to be carried out and who can demonstrate a commitment to compliance with those measures.
SELLING YOUR PERSONAL DATA
We will never sell your Personal Data to third parties without your opt-in consent.
Although we use security measures to help protect your Personal Data against loss, misuse or unauthorized disclosure, we cannot guarantee the security of information transmitted to us over the internet. All information you provide to us is stored on secure servers. Any payment transactions will be encrypted using SSL technology.
TRANSFER OF PERSONAL DATA OUTSIDE OF THE EUROPEAN ECONOMIC AREA ("EEA") AND INTERNATIONAL USERS
We are headquartered in the United States. Your Personal Data may be accessed by us or transferred to us in the United States or to our affiliates, partners, merchants, or service providers who are located worldwide. If we transfer your data to an entity in a country outside of the EEA, we will ensure the appropriate safeguards are in place to protect your personal data. If you are visiting our Site from outside the United States, be aware that your information may be transferred to, stored, and processed in the United States where our servers are located, and our central database is operated.
HOW LONG WE STORE YOUR PERSONAL DATA
We will store your Personal Data, in a form which permits us to identify you, for no longer than is necessary for the purpose for which the Personal Data is processed. We may retain and use your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and rights, or if it is not technically reasonably feasible to remove it.
Member Data Retention
We will retain information about our members for as long as the membership account is active. If you wish to cancel your account or request that we no longer use your information to provide you service, contact us at [email protected]. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Non-Member Data Retention
We collect certain categories of Personal Data about non-members, described in further detail above. The storage period for this data is as follows:
- Contact information: We retain this information indefinitely for archiving and recordkeeping purposes, as well as to track historical trends for our site and organization, unless you specifically request that we delete your Personal Data as described below.
- Purchase information: We retain this information indefinitely for archiving and recordkeeping purposes, as well as to track historical trends for our site and organization, unless you specifically request that we delete your Personal Data as described below.
- Residency training information: We retain this information indefinitely for archiving and recordkeeping purposes, as well as to track historical trends for our site and organization, unless you specifically request that we delete your Personal Data as described below.
- Technical information, information about your visit to our Site, and location information: We retain this information indefinitely for archiving and recordkeeping purposes, as well as to track historical trends for our site and organization, unless you specifically request that we delete your Personal Data as described below.
WHERE WE STORE YOUR PERSONAL DATA
The Personal Data that you provide to us is generally stored on servers located in the United States. If you are located in another jurisdiction, you should be aware that once your Personal Data is submitted through our Site, it will be transferred to our servers in the United States and that the United States currently does not have uniform data protection laws in place.
COOKIES AND SIMILAR TECHNOLOGY
LINKS TO THIRD PARTY SITES AND SERVICES
Our Sites may contain links to third-party websites, applications and services not operated by us. These links are provided as a service and do not imply any endorsement by us of the activities or content of these sites, applications or services nor any association with their operators. Company is not responsible for the privacy policies or practices of any third party including websites or services directly linked to our Service. We encourage you to review the privacy policies of any third-party site that you link from our Service.
You can request an electronic copy of your personal data contained within our system. Requests should be made by contacting us at [email protected] In order to comply with your request, we may ask you to verify your identity.
If any of the information that we have about you is incorrect or incomplete, you may correct this information by visiting your ACOS Profile or contacting us at [email protected].
You may ask us to delete or remove your Personal Data. Requests should be made to [email protected] We will evaluate your request in light of the applicable law. In some situations, deletion of certain Personal Data may mean that it is no longer possible for you to gain access to certain parts of our site or retain access to membership activities.
Restrict or Object to the Use of Your Data
You may ask us to restrict or block the processing of your Personal Data in certain circumstances. Requests should be made by e-mailing us at [email protected]. Additionally, if you prefer not to receive marketing messages from us, please let us know by clicking on the unsubscribe link within any marketing message that you receive or by sending a message to us at [email protected].
You have the right to obtain your Personal Data from us that is contained in our system or ask us to transfer your data to another organization, in certain circumstances. Requests for your data should be made by e-mailing us at [email protected].
If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on your prior consent. Requests should be made by e-mailing us at [email protected].
Lodge a Complaint
If you have a concern about our privacy practices, including the way we have handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns. The relevant authority is the data protection authority in your country of residence, the country where you work, or the country in which the alleged unlawful use of your Personal Data occurred.
CHANGES TO THIS NOTICE
If we make any material changes to this Notice or the way we use, share or collect personal Data, we will notify you by revising the “Effective Date” at the top of this Notice, prominently posting an announcement of the changes on our Site, or sending an email to the email address you most recently provided us (unless we do not have such an email address) prior to the new policy taking effect.
Any changes we make to this Notice in the future will be posted on this page and, where appropriate, notification sent to you by e-mail. Please check back frequently to see any updates or changes to this Notice.