GDPR – General Data Protection Regulation
User – Members and Non-members who create profiles on the ACCP1.org website
Controller – An entity that establishes the purpose and means of the processing of personal data. (ACCP)
Processor – A third-party entity contracted with the Controller which processes personal data on behalf of the Controller.
Privacy-aware Workforce – The creation of and understanding of the role data plays in the success of a business and the risk that occur when data is breached or used inappropriately.
Representation in Europe – Companies collecting data from individuals in Europe must establish a presence in the EU. This presence is serves as the point where consumers can bring questions and for point of contact by regulators in the event of a question.
How Data is Collected and From Where is It Collected?
Most data ACCP collects is used for the purpose of better serving its Users. It is our general policy to collect and store information that Users knowingly provide. When creating an account for membership applications, registration for the Annual Meeting, webinar or CE courses or other purposes, Users are asked to register and provide information, including, but not limited to: name, degree(s), title, department, institution, address (generally business, but occasionally home), phone, email, NABP# and MM/DD of birth (if PharmD) or meal preferences (may be faith specific). This information is submitted voluntarily. Additionally, in confirming the profile, the Processor may collect personal data about you from public sources in order to complete or enhance the profile. The system automatically generates dates of profile creation or membership. This information is not sold or distributed in any manner.
As is consistent with the practices of a small non-profit society, ACCP contracts with third-party entities to provide services to Users. Those third-party agreements include the following or their business partners: association management system, learning management system, abstracts and proposals submission system, communications system, profession or certification-specific bodies. ACCP maintains documentation to confirm the receipt and storage of the policies of these partners specific to the collection and use of personal data.
Additionally, for email sent in HTML format by ACCP to its Users, ACCP will collect specific information regarding what the User does with that email. ACCP will monitor whether a User subsequently clicks through to links provided in the message. Other information collected through this tracking feature includes: email address, the date and time of the User’s "click," name of the email list from which the message was sent, tracking URL number and destination page.
ACCP collects and uses the data provided by Users to support its non-profit mission and serve its Users, including to:
- Deliver the information, programs, products and/or services requested by the User;
- Evaluate and respond to User inquiries and submissions;
- Provide Users with customer support and membership benefits;
- Communicate with Users through various channels, including postal mail, email, telephone, apps, in person and social media;
- Process User payments and account adjustments;
- Create and manage User membership and account registrations;
- Conduct and administer surveys and polls;
- Comply with and enforce applicable legal obligations, ACCP policies and ACCP terms and conditions;
- Perform other business functions consistent with ACCP’s non-profit mission and serve its membership.
ACCP does not store personal health data, complete credit card numbers or IP addresses.
ACCP does not collect data other than that required to adequately serve its Users for a legitimate business purpose, including for the purpose of segregating subsets of Users with an interest in specific offerings provided by ACCP.
Users from the EU will be required to consent to the collection and use of this data.
Automated Data Collection
ACCP does not collect any personal information from Users browsing its website. Only aggregate data through third-party analytics services (Google Analytics) is collected. Aggregate data is only used for internal and marketing purposes and does not provide any personally- identifying information.
Examples of the data we may automatically collect as part of our website experience include:
- Device and browser type, operating system version and language settings;
- Internet service provider (ISP);
- The website that referred the User to ACCP’s website;
- The times and dates of the visit to ACCP’s website and the duration of such use;
- Information about areas of the ACCP website that the User visited or used, as well as specific content viewed or links clicked;
- Information collected through cookies, analytics tools and other similar technologies.
- A “cookie” is a small data file that a website sends to and stores on the User’s device that allows the site to recognize the User’s browser or store information or settings. The cookie itself does not contain personal data but can be read by the entity that placed the cookie;
- The User can, however, opt-out of certain data collection by Google Analytics. To learn how to opt-out of data collection, click here;
- Most web browsers can be set to reject cookies or provide notice when cookies are placed on the User’s device. Each browser is different, so check the "Help" menu in the browser to learn how to change personal cookie preferences.
With Whom does ACCP Share the Data?
In performing the business functions required to meet the needs of its Users, ACCP may store or share data with third-party entities with whom it has a legal agreement. This includes the association management system, learning management system, abstracts and proposals submission system, communications system, profession or certification-specific bodies. Such data may be transmitted through a manual upload, as is the case with accrediting or certification entities or the abstracts and proposals submission system and the communications system, or automatically through integration, as is the case with the association management or learning management system.
ACCP makes Member contact information (first name, last name, company name, email and work phone) available through the ACCP Membership Directory to Members of the society only. Members may request that ACCP refrain from including a User’s contact information in the Membership Directory by opting out under the Preferences tab in their profile. Alternatively, Members may contact the ACCP Membership & Engagement Specialist at [email protected] or 571-291-3493 to change their preferences.
Consent to Use Personal Information.
For the purposes of the GDPR, ACCP or its partners, must store, host and otherwise process the information (including personal data) supplied by the User when creating an ACCP account. Users residing in the EU will be required to indicate consent for the personal information they have provided to be transferred and stored in countries outside of the EU, including the United States. To provide consent, said Users must opt-in to receive communications from ACCP by updating their Communications Preferences under the Preferences tab when creating an ACCP profile.
Credit Card Account Information
ACCP does not disclose credit card account information provided by its Users. When Users choose to pay by credit card, ACCP submits the information needed to obtain payment to the appropriate clearinghouse.
Privacy Issues with Links to Other Sites
ACCP1.org contains links to other websites. ACCP has no control over and is not responsible for the privacy policies or content of such sites.
How ACCP Protects Personal Data
ACCP uses commercially-reasonable administrative, technical and physical security measures designed to protect personal data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. Despite these safeguards, however, no website or information system can ever be completely secure, so we cannot guarantee that the use of our website will be completely safe or secure. For additional information on privacy, identity theft and online security, please visit the US Federal Trade Commission's website.
User Personal Data Choices
Personal Data Access
If the User wishes to review and/or request changes to certain personal data ACCP has collected about the User (such as current contact information or User name and password), the User may do so by logging into User’s ACCP profile on ACCP1.org or by contacting the ACCP Membership & Engagement Specialist at [email protected]. In some cases, the User may also have a right to (i) request the deletion of certain personal data or (ii) obtain a copy of such data in an accessible format. ACCP will make reasonable attempts to comply with such requests where applicable but may refuse requests where we are otherwise legally required to retain the data or the requests are unreasonably repetitive, require disproportionate technical effort, risk the privacy of others or are impractical.
Users may choose to opt-out of some or all future communications from ACCP. This can be done by updating the User’s Communication Preferences under the Preferences tab in the ACCP Profile or by contacting the ACCP Membership & Engagement Specialist at [email protected]. For email, Users can also opt-out by clicking the “unsubscribe” links in the footer of our emails and selecting only specific emails in which you are interested. (Please note that when opting out of emails, you may still receive “transactional” emails, which contain information you specifically request or information related to your membership purchase or renewal.) ACCP will honor opt-out requests as soon as practical and as required by applicable law.
ACCP is headquartered in the United States of America. Personal information may be accessed by ACCP or transferred to ACCP in the United States. By providing ACCP with personal information, User consents to this transfer. ACCP will protect the privacy and security of personal information according to this privacy statement, regardless of where it is processed or stored, however User acknowledges and consents to the fact that personal information stored or processed in the United States will be subject to the laws of the United States, including the ability of governments, courts or law enforcement or regulatory agencies of the United States to obtain disclosure of your personal information.
This privacy notice for the American College of Clinical Pharmacology® ("Company," "we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:
- Download and use our mobile application ACCP365 Mobile App, or any other application of ours that links to this privacy notice
- Engage with us in other related ways, including any sales, marketing, or events
Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at [email protected].
1. WHAT INFORMATION DO WE COLLECT?
Personal information you disclose to us. We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
- phone numbers
- email addresses
- mailing addresses
Sensitive Information. We do not process sensitive information.
Payment Data. We may collect data necessary to process your payment if you make purchases. such as your payment instrument number (such as a credit card number), and the security code associated with your payment instrument. All payment data is stored by Paypal. You may find their privacy notice link(s) here: https://www.paypal.com/myaccountiprivacy/privacyhub.
Application Data. If you use our application(s) we also may collect the following information if you choose to provide us with access or permission:
- Geolocation Information. We may request access or permission to track location-based information from your mobile device, while you are using our mobile application(s), to provide certain location-based services. If you wish to change our access or permissions, you may do so in your device's settings.
- Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device's calendar, camera, contacts, storage. and other features. If you wish to change our access or permissions, you may do so in your devices settings.
- Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may tum them off in your devices settings.
This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
Information automatically collected. We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information. such as your device characteristics, operating system, device name, device model and other technical information. This information is primarily needed for our internal analytics and reporting purposes.
Like many businesses. we also collect information through cookies and similar technologies.
The information we collect includes:
- Device Data. We collect device data such as information about your phone. tablet you use to access the Services. Depending on the device used, this device data may include information such as your application identification numbers and system configuration information.
- Location Data. We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.
2. HOW DO WE PROCESS YOUR INFORMATION?
We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention; and to comply with law. We may also process your information for other purposes with your consent.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
- To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies. and other similar information.
- To save or protect an individual's vital interest. We may process your information when necessary to save or protect an individual's vital interest, such as to prevent harm.
3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
We may share information in specific situations described in this section and/or with the following third parties.
Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents ("third parties") who perform services for us or on our behalf and require access to such information to do that work. They also commit to protect the data they hold on to our behalf and to retain it for the period we instruct.
The third parties we may share personal information with are as follows:
- Web and Mobile Analytics - Google Analytics for Firebase
5. HOW LONG DO WE KEEP YOUR INFORMATION?
We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice unless a longer retention period is required.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example. because your personal information has been stored in backup archives) then we will securely store your personal information and isolate it from any further processing until deletion is possible.
6. HOW DO WE KEEP YOUR INFORMATION SAFE?
We aim to protect your personal information through a system of organizational and technical security measures. We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.
7. DO WE COLLECT INFORMATION FROM MINORS?
We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services. If we deem that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at [email protected].
8. HOW CAN YOU REVIEW, UPDATE OR DELETE THE DATA WE COLLECT FROM YOU?
In certain situations, you may request to review, update, delete your personal information. To do so please submit a request to [email protected].