GDPR – General Data Protection Regulation
User – Members and Non-members who create profiles on the ACCP1.org website
Controller – An entity that establishes the purpose and means of the processing of personal data. (ACCP)
Processor – A third-party entity contracted with the Controller which processes personal data on behalf of the Controller.
Privacy-aware Workforce – The creation of and understanding of the role data plays in the success of a business and the risk that occur when data is breached or used inappropriately.
Representation in Europe – Companies collecting data from individuals in Europe must establish a presence in the EU. This presence is serves as the point where consumers can bring questions and for point of contact by regulators in the event of a question.
How Data is Collected and From Where is It Collected?
Most data ACCP collects is used for the purpose of better serving its Users. It is our general policy to collect and store information that Users knowingly provide. When creating an account for membership applications, registration for the Annual Meeting, webinar or CE courses or other purposes, Users are asked to register and provide information, including, but not limited to: name, degree(s), title, department, institution, address (generally business, but occasionally home), phone, email, NABP# and MM/DD of birth (if PharmD) or meal preferences (may be faith specific). This information is submitted voluntarily. Additionally, in confirming the profile, the Processor may collect personal data about you from public sources in order to complete or enhance the profile. The system automatically generates dates of profile creation or membership. This information is not sold or distributed in any manner.
As is consistent with the practices of a small non-profit society, ACCP contracts with third-party entities to provide services to Users. Those third-party agreements include the following or their business partners: association management system, learning management system, abstracts and proposals submission system, communications system, profession or certification-specific bodies. ACCP maintains documentation to confirm the receipt and storage of the policies of these partners specific to the collection and use of personal data.
Additionally, for email sent in HTML format by ACCP to its Users, ACCP will collect specific information regarding what the User does with that email. ACCP will monitor whether a User subsequently clicks through to links provided in the message. Other information collected through this tracking feature includes: email address, the date and time of the User’s "click," name of the email list from which the message was sent, tracking URL number and destination page.
ACCP collects and uses the data provided by Users to support its non-profit mission and serve its Users, including to:
- Deliver the information, programs, products and/or services requested by the User;
- Evaluate and respond to User inquiries and submissions;
- Provide Users with customer support and membership benefits;
- Communicate with Users through various channels, including postal mail, email, telephone, apps, in person and social media;
- Process User payments and account adjustments;
- Create and manage User membership and account registrations;
- Conduct and administer surveys and polls;
- Comply with and enforce applicable legal obligations, ACCP policies and ACCP terms and conditions;
- Perform other business functions consistent with ACCP’s non-profit mission and serve its membership.
ACCP does not store personal health data, complete credit card numbers or IP addresses.
ACCP does not collect data other than that required to adequately serve its Users for a legitimate business purpose, including for the purpose of segregating subsets of Users with an interest in specific offerings provided by ACCP.
Users from the EU will be required to consent to the collection and use of this data.
Automated Data Collection
ACCP does not collect any personal information from Users browsing its website. Only aggregate data through third-party analytics services (Google Analytics) is collected. Aggregate data is only used for internal and marketing purposes and does not provide any personally- identifying information.
Examples of the data we may automatically collect as part of our website experience include:
- Device and browser type, operating system version and language settings;
- Internet service provider (ISP);
- The website that referred the User to ACCP’s website;
- The times and dates of the visit to ACCP’s website and the duration of such use;
- Information about areas of the ACCP website that the User visited or used, as well as specific content viewed or links clicked;
- Information collected through cookies, analytics tools and other similar technologies.
- A “cookie” is a small data file that a website sends to and stores on the User’s device that allows the site to recognize the User’s browser or store information or settings. The cookie itself does not contain personal data but can be read by the entity that placed the cookie;
- The User can, however, opt-out of certain data collection by Google Analytics. To learn how to opt-out of data collection, click here;
- Most web browsers can be set to reject cookies or provide notice when cookies are placed on the User’s device. Each browser is different, so check the "Help" menu in the browser to learn how to change personal cookie preferences.
With Whom does ACCP Share the Data?
In performing the business functions required to meet the needs of its Users, ACCP may store or share data with third-party entities with whom it has a legal agreement. This includes the association management system, learning management system, abstracts and proposals submission system, communications system, profession or certification-specific bodies. Such data may be transmitted through a manual upload, as is the case with accrediting or certification entities or the abstracts and proposals submission system and the communications system, or automatically through integration, as is the case with the association management or learning management system.
ACCP makes Member contact information (first name, last name, company name, email and work phone) available through the ACCP Membership Directory to Members of the society only. Members may request that ACCP refrain from including a User’s contact information in the Membership Directory by opting out under the Preferences tab in their profile. Alternatively, Members may contact the ACCP Manager of Membership at KYoung@ACCP1.org or 571-291-3493 to change their preferences.
Consent to Use Personal Information.
For the purposes of the GDPR, ACCP or its partners, must store, host and otherwise process the information (including personal data) supplied by the User when creating an ACCP account. Users residing in the EU will be required to indicate consent for the personal information they have provided to be transferred and stored in countries outside of the EU, including the United States. To provide consent, said Users must opt-in to receive communications from ACCP by updating their Communications Preferences under the Preferences tab when creating an ACCP profile.
Credit Card Account Information
ACCP does not disclose credit card account information provided by its Users. When Users choose to pay by credit card, ACCP submits the information needed to obtain payment to the appropriate clearinghouse.
Privacy Issues with Links to Other Sites
ACCP1.org contains links to other websites. ACCP has no control over and is not responsible for the privacy policies or content of such sites.
How ACCP Protects Personal Data
ACCP uses commercially-reasonable administrative, technical and physical security measures designed to protect personal data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. Despite these safeguards, however, no website or information system can ever be completely secure, so we cannot guarantee that the use of our website will be completely safe or secure. For additional information on privacy, identity theft and online security, please visit the US Federal Trade Commission's website.
User Personal Data Choices
Personal Data Access
If the User wishes to review and/or request changes to certain personal data ACCP has collected about the User (such as current contact information or User name and password), the User may do so by logging into User’s ACCP profile on ACCP1.org or by contacting the ACCP Manger of Membership at KYoung@ACCP1.org. In some cases, the User may also have a right to (i) request the deletion of certain personal data or (ii) obtain a copy of such data in an accessible format. ACCP will make reasonable attempts to comply with such requests where applicable but may refuse requests where we are otherwise legally required to retain the data or the requests are unreasonably repetitive, require disproportionate technical effort, risk the privacy of others or are impractical.
Users may choose to opt-out of some or all future communications from ACCP. This can be done by updating the User’s Communication Preferences under the Preferences tab in the ACCP Profile or by contacting the ACCP Manger of Membership at KYoung@ACCP1.org. For email, Users can also opt-out by clicking the “unsubscribe” links in the footer of our emails and selecting only specific emails in which you are interested. (Please note that when opting out of emails, you may still receive “transactional” emails, which contain information you specifically request or information related to your membership purchase or renewal.) ACCP will honor opt-out requests as soon as practical and as required by applicable law.
ACCP is headquartered in the United States of America. Personal information may be accessed by ACCP or transferred to ACCP in the United States. By providing ACCP with personal information, User consents to this transfer. ACCP will protect the privacy and security of personal information according to this privacy statement, regardless of where it is processed or stored, however User acknowledges and consents to the fact that personal information stored or processed in the United States will be subject to the laws of the United States, including the ability of governments, courts or law enforcement or regulatory agencies of the United States to obtain disclosure of your personal information.