Types of Information Collected From Unregistered Visitors
Visitors can access the home pages of the Clinical Education Alliance Sites and browse some areas of these Web sites without disclosing any personal data. We do track information provided to us by your browser", including the Web site from which you came (known as the “referring URL”), the type of browser you use, the time and date of access, and other information that does not personally identify you. You must register with us to access most CEA materials and programs.
Information Collected When Users Register
Users registering with a Clinical Education Alliance Site are asked to provide identifying information, including name; professional qualifications; contact information; areas of technical or medical interest and/or expertise; preference for types of information and marketing, continuing education, and other events; and other information that are personal data. Our registration screen clearly labels which information is required for registration and which information is optional and may be given at the user’s discretion.
Registered users can access their account information and make corrections or updates at any time via the My Profile pages. You can manage your communications preferences and interests with your account information by updating your account email and content preferences. You can also use the “opt-out” or unsubscribe mechanism or other means provided within the communications that you receive from us or you can unsubscribe by contacting us and telling us that you wish to do so. We reserve the right to notify you of changes or updates to the services provided to you through the Clinical Education Alliance Sites whenever necessary
If you request us to deactivate your account or to delete, correct, or modify your personal data, we will endeavor to fulfill your request, but some personal data may persist in backup copies for a certain period of time and may be retained as necessary for our legitimate interests or to comply with our legal obligations, resolve disputes, and perform or enforce our agreements. To deactivate your account or to request us to delete, correct, or modify any of your personal data, please email email@example.com.
Information From Outside Sources
We may also collect information about physicians or other healthcare professionals who register for the Clinical Education Alliance Sites through other sources in order to verify their licensure status and identity. In some cases, we may ask visitors to our Clinical Education Alliance Sites for information after they register, such as credit card information. Where necessary (eg, to process a symposium registration request), we or our authorized data processors may contact financial or credit organizations to confirm credit card data. All credit card data are secured using a secure payment gateway provided by a third party to prevent unauthorized access to that information.
In addition, we automatically gather certain information about you as you interact with the Clinical Education Alliance Sites, such as your IP address and referring URL. CEA will process this information as part of the services we have agreed to supply to you in order to personalize our offerings and presentations to you, facilitate your movements throughout our Web sites, provide personalized services, and communicate with you individually.
Your Web browser can be set to allow you to control whether you will accept cookies, reject cookies, or to notify you each time a cookie is sent to you. If your browser is set to reject cookies, Web sites that are cookie enabled will not recognize you when you return to the Web site, and some Web site functionality may be lost. The Help section of your browser will tell you how to prevent your browser from accepting cookies.
We will only process your personal data where:
1. You have given your consent to such processing (which you may withdraw at any time, as detailed below)
2. The processing is necessary to provide our services through the relevant Clinical Education Alliance Site
3. The processing is necessary for compliance with our legal obligations and/or
4. The processing is necessary for our legitimate interests or those of any third-party recipients that receive your personal data (as detailed in Clauses 5 and 7 below)
We will not disclose or share your personal data without your consent, except as detailed below. We may send you promotional or informational messages by email, fax, or text messaging, if you consent to same.
We may use your data, including your personal data:
We may also use aggregate data about users for program and/or product use analysis, program development, and site improvement. We may also use it for market analysis and provide information from our Web sites in aggregate form, with identifying information removed, to third parties. For example, we may tell a grant funder what percentage of our registered users resides in a particular geographical area or their practice specialty. Depending on our agreements with third parties, we may or may not charge for this information.
We do not and will not sell, rent out, or trade your personal data. We will only disclose your personal data in the ways set out in this notice and, in particular, to the following recipients:
1. To any company within CEA
2. To companies who work with us including third parties who process your personal data on our behalf and upon our instructions (such as our systems providers including cloud providers); see below for further information
3. To third parties who process your personal data on their own behalf but through providing us or your employer with a service on our behalf (such as our suppliers)
4. To any third party to whom we assign or novate any of our rights or obligations
5. To any prospective buyer in the event we sell any part of our business or assets and/or
6. To any government, regulatory agency, enforcement, or exchange body or court where we are required to do so by applicable law or regulation or at their request
CEA may also disclose personal data about users to accrediting bodies as is required by them in order to grant users continuing education credit or other forms of credit for programs successfully completed. We may also disclose personal data in aggregated form to grant funders to analyze the demographics and practice patterns of healthcare professionals visiting the funded programs. Please note that registering for such continuing education or other credit constitutes consent to such disclosure.
We contract with other companies and individuals to help us provide our services to you. Such persons act as our data processors and act only on our instructions. For example, we may host some of our sites on another company’s computers, hire technical consultants, or work with companies to remove repetitive information from customer lists, analyze data, provide marketing assistance, and provide customer service. In addition, as a healthcare professional, we may validate your licensure status and other information against available databases that list licensed healthcare professionals. In order to perform their jobs, these other companies may need to have access to your personal data. We require our employees and all such companies and contractors to comply with the terms of our privacy policies, to limit their access to any information to the minimum necessary to perform their obligations, and not to use such information for any purpose other than fulfilling their responsibilities to us or servicing orders or requests you have made.
We partner with various companies that provide a variety of medical education and communications services. We share personal data about our users with these partner companies to permit them to contact our users concerning medical education services that may be of interest. Any communications you receive from our partner companies will provide a method for declining further communications.
We reserve the right to transfer all databases and information, including your personal data, to any successor entity or company that acquires all or the relevant part of CEA operations or business without notice to you.
We may contact you about the services and products we offer where we have received your consent to do so or we believe that you may be interested in the material as it relates to similar products or services you have previously acquired, or indicated your interest in acquiring, from us. For example, a user may receive publicity information for programs on hepatitis-related issues if it is known that user may have an interest in that information. In no case in such circumstances will the advertiser or grant funder have access to any personal data about a specific user.
We may also personalize Clinical Education Alliance Sites based on your interests. For example, you may be provided with content based on information you have shared with us, your previous Web site browsing behavior, or information we may have gained from your interactions with a third party that shares information with us. In addition, we may use information for our own internal marketing, research, and related purposes.
We may send offers to selected groups of users on behalf of other groups. When we do this, we do not disclose your personal data to such groups or to other users in the same group. We provide a variety of mechanisms for you to tell us you do not want to receive such communications.
CEA may make message boards, forums, and/or interest groups available to our users. Please remember that any information that is disclosed in these areas becomes public information, including any of your personal data you choose to share as well as comments that you may leave or alias/nickname identifiers you may use when interacting with any of our online resources. Any of your personal data that you disclose in such a way is disclosed and processed by us with your consent. We urge you to exercise caution when deciding to disclose your personal data in that context.
We may process your personal data including by disclosing it to regulators and other authorities including the police when we believe such processing is necessary in order to comply with our legal obligations including those that are regulatory.
CEA abides by all applicable state and federal laws governing electronic communication over the Internet, including the following:
We have implemented technology and security policies, rules, and other measures appropriate to protect the personal data that we have under our control from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored, or otherwise processed. We also protect your information by requiring that all our employees and others who have access to or are associated with the processing of your data respect your privacy and confidentiality and we have trained them aCEArdingly.
CEA uses security methods to determine the identity of its registered users, so that appropriate rights and restrictions can be enforced for that user. Reliable verification of user identity is called authentication. CEA uses passwords associated with users’ email addresses to authenticate users. Users are responsible for maintaining their own passwords. Although we take appropriate precautions to protect the security of our users’ personal data from loss, misuse, unauthorized access or disclosure, alteration, or destruction, we cannot guarantee the total security of such data or that we will be immune from hacking incidents or security breaches.
Storage of Health Information
Information in our data centers is backed up routinely in order to aid in the recovery of information in the event of accidental damage of information or due to a natural disaster. The backup media is stored in a physically secure storage facility.
If you wish to:
1. Update, modify, delete, or obtain a copy of your personal data that we hold on you
2. Restrict or stop us from using any of your personal data, including by withdrawing any consent you have previously given to the processing of such data, or
3. Where any personal data have been processed on the basis of your consent or because it is necessary to perform a contract to which you are a party, request a copy of such personal data, you can request this by emailing us at the address set out below. We endeavor to respond to such requests within a month or less, although we reserve the right to extend this period for complex requests.
In any of the situations listed above, we may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorized disclosure of data.
We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your personal data and for any additional copies of the personal data you request from us.
We will only retain your personal data for as long as necessary to fulfill the purpose for which it was collected or to comply with legal, regulatory, or internal policy requirements.
For privacy questions or concerns about the way in which CEA processes your personal data or about the Clinical Education Alliance Sites, please contact firstname.lastname@example.org.
Clinical Education Alliance
12001 Sunrise Valley Drive
Reston, VA 20191