January 31, 2019
The American Society of Breast Surgeons (ASBrS) is committed to protecting the privacy of its members and customers. This document describes the information we collect from our web sites how we use it and your rights in connection with such use.
The American Society of Breast Surgeons
7067 Columbia Gateway Drive, Suite 290
Columbia, MD 21046
Fax: 410-381-9512 Website: www.breastsurgeons.org
What personal data we collect
Personal Information you provide to us
Personal information refers to the information we use to identify or contact you. When you sign up for a user account or apply for membership, we ask you for information such as:
- Your name and contact information (phone, mailing address, email)
- Date of birth
- Education and professional information such as medical school, residency training information, specialty, type and size of practice
- Purchasing and payment information (though credit card information is not stored)
- Authentication data (your username and password)
Information we collect about you
When you use our websites/online services without signing in, you will not be able to access certain restricted content and features. A small amount of information is still collected automatically, though, for us to personalize your experience and to learn about the usage of our websites and online services so we can make improvements. This information includes:
- Information about the device(s) you use to access our websites, such as operating system, web browser and mobile device manufacturers
- Location information
- Information about service usage, such as the amount of time you spend on each page
Why we collect this data
This information is necessary for us to provide you certain services. However, you may use the this web site without accepting cookies. The "Help" function in your web browser explains how to manage cookies while using the Internet. Please note that if your browser does not accept cookies, some of our services may not work for you.
- We may capture the IP address and type of the device you use to connect to online services, the type of operating system and the browser you use, and information about the site you came from, the parts of our online services you access, the type of mobile device you use on the site you visit next.
- When you register for or use certain interactive tools (eg, online forms) and services,
- When you sign-up for newsletters, emails or other communications from us,
- When you participate in online surveys
How We Use the Information We Collect
We use the information discussed above in a number of ways, such as:
- Processing payments and donations
- Verifying your identity (when you access your account information)
- Preventing fraud and enhancing the security of your account or our online services
- Responding to your requests and communicating with you
- Managing your preferences
- Preforming analytics concerning your use of our online services
- Operating, evaluating and improving our programs
- Including developing new products and services
- Improving existing products and services
- Performing data analytics
- Performing accounting, auditing and other internal functions
- To engage with service providers. We share your personal data with third parties in connection with services that these individuals or entities perform for or with ASBrS. These third parties are restricted from using this data in any way other than to provide services for ASBRS or for the collaboration in which they and ASBRS are contractually engaged (for example, hosting an ASBRS database or engaging in data processing on ASBRS's behalf, or mailing you information that you requested, as well as operations and maintenance contractors). These third parties’ access to your personal information is limited to the information reasonably necessary for them to perform their services for ASBRS and they are obligated to keep your data secure and not use or disclose your personal information for any purpose other than providing products and services.
- Complying with and enforcing applicable legal requirements, relevant industry standards, contractual obligations and our policies
We may also use data that we collect on an aggregate or anonymous basis (meaning it does not identify any individuals) for various purposes, while permissible under applicable laws and regulations, to help deliver products, services, and content that are better tailored to the users of our services and for other purposes.
What We Disclose to Others
We may share the information we collect from and about you within our organization and with certain third parties. For example, we may share your information with:
- Credit card processing companies, to process your payments and donations
- Companies who are engaged to perform services for, or on behalf of, ASBrS
- The American Society of Breast Surgeons Foundation
- ASBrS also uses certain data elements to conduct event management and event data. These use cases include: sharing with event co-sponsors, sharing with third parties involved in the event process (eg, hotel booking companies), potentially sharing with exhibitors at the event through badge scanning onsite at the event. You would physically present your badge for scanning. Attendee Lists and Exhibitor Email applications allow event exhibitors to send you email/direct mail. These applications generally do not allow exhibitors direct access to your contact information. Once your data has been shared with a third party, ASBrS no longer has direct control over that information, but we require our partners to agree to follow GDPR.
Surveys and Promotions
From time to time, ASBrS, or third parties designated by ASBrS, requests information from users via surveys. Information requested may include contact information (eg, name, mailing address) and demographic information (eg, zip code, age, employment status). Survey information may be used by ASHA, or third parties designated by ASHA, for a variety of business purposes. For example, surveys will be used for the purpose of improving services offered by ASHA and to gather information about professional issues related to the practice of breast surgery. Participation in ASBrS surveys is completely voluntary.
ASBrS and the Website is based in the United States and, regardless of where you access the Website, the information collected as part of that use will be transferred to and maintained on servers located in the United States. Any information we obtain about you will be stored in accordance with U.S. privacy laws, regulations, and standards, which may not be equivalent to the laws in your country of residence. By using the Website, you consent to this collection, transfer, storage, and processing of information to and in the United States in accordance with the foregoing.
Your Rights Under EU Data Protection Laws
If EU data protection laws apply to our processing of your information, you are entitled by law to access, correct, amend, or delete personal information about you that we hold. A list of these rights is below and additional information is available in our message about GDPR.
You can control the information we have about you and how we use it in several ways. If you are a registered user, you can review, revise, and correct the personal data that you have provided to ASBrS directly through your user profile or by contacting us directly at firstname.lastname@example.org. You can request that data be deleted or make another request in connection with the rights below by contacting us via this same link.
In the event that we refuse a request under rights of access, we will provide the individual with a reason as to why. Individuals in the EU have the right to complain as outlined in the "Complaints" section.
A list of your rights is below:
Right of access – the right to request a copy of the information that we hold about the you.
Right of rectification – the right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
Right of portability – the right to have the data we hold about you transferred to another organization.
Right to object – the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling – the right to not be subject to the legal effects of automated processing or profiling. We do not currently engage in any automated processing or profiling of individuals we know reside in the EU.
How Long We Keep Your Information
You can delete your account or request that we delete your account by contacting us at email@example.com. If you choose to delete your account, we will begin the process of deleting your account from our systems.
We retain your information after you request such deletion for longer periods for specific purposes to the extent that we are obliged to do so in accordance with applicable laws and regulations and/or as necessary to protect our legal rights or for certain business requirements. For example, when we process your payments, we will retain this data for longer periods of time as required for tax or accounting purposes. Some of the specific reasons we would retain some data for longer periods of time include:
- Security, fraud and abuse prevention – ie, to protect you, other people, and us from fraud, abuse, and unauthorized access.
- Financial record-keeping - when you make a payment to us we are often required to retain this information for long period of time for purposes of accounting, dispute resolution and compliance with tax, anti-money laundering, and other financial regulations.
- Complying with legal or regulatory requirements – to meet any applicable law, regulation, legal process or enforceable governmental request, as required to enforce our terms of service, including investigation of potential violations.
- Direct communications with us - if you have directly communicated with us, through a customer support channel, feedback form, or a bug report, we may retain reasonable records of those communications.
- Even if you delete your account, keep in mind that the deletion by our third party providers may not be immediate and that the deleted information may persist in backup copies for a reasonable period of time. For any privacy or data-protection-related questions, please firstname.lastname@example.org.
Protecting Children's Privacy
You must be 18 years or older to use our Services. We do not knowingly accept personal information from any child under the age of 16. If it is brought to our attention that we have inadvertently received personal information from a child under 16, we will immediately remove all personal and identifiable information from our records or seek parental consent as may be required.
How Can I Revoke My Consent?
If you want to be removed from all ASBrS communications, excluding information regarding your membership, please contact us in one of four ways:
- Login to My Account and change your preferences
- Email email@example.com with the subject "Remove Me From List" and you will be removed from non-member communications within 3 days.
- Call the Society Office at 410-381-9500/877-992-5470 to ask to be removed from the list and you will be removed from non-member communications within 3 days.
- Mail your information to:
- The American Society of Breast Surgeons
7067 Columbia Gateway Drive, Suite 290
Columbia, MD 21046