Last updated: 25 May 2018
We value your privacy and strive to protect your personal information. Please read this Policy to understand what types of information we collect from you, for what purposes and what choices you have regarding our collection of your information.
This policy covers the HandSurgeryResource.org and HandSurgeryPrimer.org websites (collectively, the "Websites"). By accessing, using or posting information to the Websites, you agree to this Privacy Policy.
Hand Surgery Resource serves an international community, and so we are committed to complying with any applicable data protection laws and regulations, such as the EU's General Data Protection Regulation(GDPR).
Plain Language Summary
Disclaimer: This summary is not itself a part of the Privacy Policy and is not a legal document. It is simply a reference for understanding privacy rights and regulations.
In plain language, regulations such as GDPR define the following roles, rights, and responsibilities:
- Data Subject - this is you, the end user.
- Data Controller - this is us, Hand Surgery Resource as the owners and operators of HandSurgeryResource.org and HandSurgeryPrimer.org.
- Data Processor - any other organization that processes personal data on behalf of the Data Controller.
Rights of the Data Subject
- Right to be Informed - A data subject has the right to know whether personal information is being processed; where; and for what purpose. This information is outlined in the section below titled "Information We Collect About You" and "How we Use Your Information".
- Right to Access - A data subject has a right to access the information about them that is stored by the Data Controller. This information is outlined in the section below titled "Information We Collect About You" and "How we Use Your Information".
- Right to Rectification - A data subject has the right to correct any errors in the data about them.
- Right to Restrict Processing - A data subject has the right to request that data not be processed, and yet also not be deleted by the Data Controller.
- Right to Object - A data subject has the right to opt out of marketing, processing based on legitimate interest, or processing for research or statistical purposes.
- Right to be Forgotten - Also known as the right to revoke consent, the right to be forgotten states that a data subject has the right to request erasure of data, the cessation of processing by the controller, and halting processing of the data by third party processors. The conditions for this, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data" when considering such requests. This information is outlined in the sections below titled "Accessing and Correcting Your Information".
- Data Portability - A data subject has the right to receive a copy of their data in a 'commonly used and machine readable format.' This information is outlined in the sections below titled "Your Choices About Use and Disclosure of Your Information" and "Accessing and Correcting Your Information".
Responsibilities of the Data Controller and Data Processors
- Privacy by Design - 'The controller shall..implement appropriate technical and organisational measures..in an effective way.. in order to meet the requirements of this Regulation and protect the rights of data subjects'. Article 23 of the GDPR calls for controllers to hold and process only the data absolutely necessary for the completion of its duties, as well as limit the access to personal data to those who need it to carry out these duties.
- Breach Notification - The Data Controller must notify the appropriate data processing authority and any affected end user of any breach that might result in 'risk to the rights and freedoms of individuals' within 72 hours of becoming aware of the breach. A Data Processor must notify the Data Controller of any breach 'without undue delay.'
- Data protection officer - A Data Controller or Processor must appoint a Data Protection Officer when: a Data Controller represents a public authority; or the core operations of the Controller require regular and systematic monitoring of Subjects on a large scale; or when the Controller's core operations depend on processing a large scale of special categories of data (including but not limited to health data, criminal conviction information, etc). The Drupal Association's core operations do not require the Association to establish a Data Protection Officer.
Information We Collect About You
We collect several types of information from and about you, including:
1. Your name, email address, school (if applicable) profession and password. We treat this information as "Personally Identifiable Information" or "PII". We never store passwords in plain text format, only secure password hashes.
2. Non-personally identifiable information, such as demographic information about you, information about your computer system or device, your preferences, your online activity, and your location information ("Non-Personally Identifiable Information" a "Non-PII"). Non-PII, by itself, does not identify you, but it can be combined with other information in way that allows you to be identified. If this happens, we will treat the combined information as PII.
We may collect information from or about you in the following ways:
- Information Provided by You. We collect information provided by you when you (1) create your public profile; (2) communicate with us or request information about or from us by e-mail or other means; (3) fill out forms or fields on the Websites; (4) sign-up for any of our newsletters, materials or our services on the Websites.
- Automatic Information Collection. We also use automatic data collection technologies to collect and store certain information about your equipment, browsing actions and patterns when you interact with the Websites through your computer or mobile device. In addition, we may allow third party ad networks to use automatic data collection technologies to collect similar information about you for purposes of providing interest-based ads.
Service providers and partners
We use a number of service providers to help us operate the sites and provide high quality user experience to our visitors. Some of those providers can access Non-PII about you via automatic data collection technologies.
- We use ReCaptcha for spam detection and prevention. When you request an account on HandSurgeryResource.org or HandSurgeryPrimer.org, you accept the ReCaptcha terms of service and privacy policy.
- We use Constant Contactto send Newsletter emails to users who subscribe to receive them. You can review Constant Contact's privacy policy for information on how they manage user data.
- We use Google Analytics to analyze traffic to the Website, you can review the Google privacy policy for more information.
Automatic Information Collection Technologies
The information that we collect about your equipment, browsing actions and patterns includes, but is not limited to, traffic data, location data, logs, the resources that you access, search queries, as well as information about the computer or device you are using and the Internet connection, including your IP address, operating system and browser type.
This automatically collected information typically does not include PII, but we may maintain it or associate it with your personal information collected in other ways. Collection of this type of information helps us to improve the Websites and to deliver a better and more personalized service by enabling us to, among other things: (1) estimate our audience size and usage patterns; (2) speed up your searches; and (3) recognize you when you return to this Website.
The automatic collection technologies we or our service providers use for this automatic information collection may include:
- Cookies (or browser cookies). The Websites may use two types of cookies (small data files placed on the hard drive of your computer when you visit a website): a "session cookie," which expires immediately when you end your browsing session and a "persistent cookie," which stores information on your hard drive so when you end your browsing session and return to this website later, the cookie information is still available.
Third Party Advertising Partners and Interest-Based Ads
We may use third party ad networks to display advertisements on the Websites. These third parties also may use cookies, web beacons and other automatic collection technologies to collect information about you when you visit the Websites for purposes of determining your preferences in order to deliver interest-based advertising and other targeted content to you.
We do not provide any PII to these third party advertising partners, but they may combine the non-PII collected on the Websites with PII they collect directly from you or receive from other sources. We do not have access to or control over the automatic collection technologies that these third party advertisers or any third party websites may use, and the information practices of these third party advertisers and third party websites are subject to these parties' respective privacy policies, not this Privacy Policy.
Links to Third Party Websites and Social Media Widgets
The Websites and some of our electronic communications to you, may contain links to other websites that are owned and operated by third parties. Links to third parties from the Websites are not an endorsement by us. We do not control, and are not responsible for, the privacy and security practices of these third parties. We recommend that you review the privacy and security policies of these third parties to determine how they handle information they may collect from or about you.
The Websites may also include social media features, such as the Facebook Like button, Google Plus, and Twitter widgets. These features may collect information about your IP address and the page you are visiting on the Websites, and they may set a cookie to make sure the feature functions properly. Your interactions with these features and the information from or about you collected by them are governed by the privacy policies of the companies that provide them.
How We Use Your Information
We use your information, including any PII, to:
- Provide information and services requested by you;
- Provide customer support, including responding to your requests and questions and troubleshooting and resolving problems or complaints;
- Verify the information you provide to us;
- Communicate with you;
- Understand and anticipate your use of or interest in, our services, and content, and the products, services, and content offered by others;
- Develop and display products, services, and content tailored to your interests on our websites and other websites;
- Provide you with promotional materials and Newsletters in case you opt-in to receive those;
- Measure the overall effectiveness of our online, content, and programming, and other activities;
- Manage our business and operations;
- Protect the security and integrity of the Websites;
- Carry out our obligations and enforce our rights arising from any contracts entered into between you and us; and
- Fulfill any other purposes for which you provide your information and for any other purpose as described to you at the time your information is collected or for which your consent is given.
Disclosure of Your Information
We may disclose and share aggregated non-PII about you at our discretion.
We may disclose or share your PII only in limited circumstances:
- With any Hand Surgery Resource employee or agent for support of our internal and business operations or to respond to a request made by you.
- We may disclose information we collect from or about you when we believe disclosure is appropriate to comply with the law, to enforce agreements, or to protect the rights, property, or safety of users of the Websites, the Company, or other persons or organizations.
- If some or all of our business assets are sold or transferred as a result of any corporate change (merger, consolidation, reorganization, bankruptcy, etc.), we may transfer the corresponding information regarding our customers and users of HandSurgeryResource.org and HandSurgeryPrimer.org, including PII. We also may retain a copy of such information. Nothing in this Privacy Policy is intended to interfere with our ability to transfer all or part of our business, equity interests, or assets (including the Websites) to an affiliate or unaffiliated third party at any time, for any purpose, without any limitation, and without notice or any compensation to you.
Your Choices About Use and Disclosure of Your Information
We strive to provide you with choices regarding our use of your personal information. Below are some mechanisms that provide you with control over your information:
- Promotional and Informational e-mails. We do not send any promotional or informational emails without your opt-in first. If you do not wish to receive promotional e-mails from us, follow the unsubscribe process at the bottom of the promotional e-mail.
- Note that even if you opt-out, you may still receive transactional e-mails from us (e.g., e-mails related to the completion of your registration, correction of user data, password reset requests, notification/alert/reminder e-mails that you have requested, and any other similar communications essential to your transactions on the Websites).
- Automatic Information Collection Technologies and Advertising. The "help" function of your browser should contain instructions on how to set your browser to not accept new cookies, to notify you when a cookie is issued, or how to disable cookies altogether. If you disable or refuse cookies, please note that some parts of the Websites may be inaccessible or not function properly.
- Google Analytics. You can opt out from Google Analytics tracking via your browser privacy settings or by using a browser addon.
Accessing and Correcting Your Information
The appropriate method(s) for accessing your information, if any, will depend on which of our websites and services you have visited or used. Depending on the website and service, you may have the ability to view or edit some of your information online, by logging into the website and visiting your account profile page. If you remove information from your user profile, it will stay in backups on our servers for 2 weeks, after which it will be completely removed.
To request access to, correct, or delete any personal information that you have provided to us you may contact us at ??. You may also request a notice disclosing the categories of personal information we have shared with third parties for their direct marketing purposes during the preceding calendar year by contacting ???
We cannot delete your personal information except by also deleting your account. We also may not accommodate a request to change or delete information if we believe the change would violate any law or legal requirements or any other applicable agreement between you and us, or cause the information to be incorrect.
Upon deletion all private and personally identifying information from your profile will be deleted. The data will stay in backups on our servers for 2 weeks, after which it will be completely removed.
Once deleted, your account is gone and can not be restored.
Protection of Your Information
We use reasonable security measures to protect your information collected through the Websites. We do not store passwords in plain text format, only secure password hashes. However, no method of transmission or electronic storage is 100% safe, and we cannot guarantee absolute security. Therefore, your use of the Websites is at your own risk and we do not promise or guarantee, and you should not expect, that your information will always and absolutely remain private and secure. We are not responsible for the circumvention of any privacy settings or security measures contained on or concerning the Websites. You are also responsible for taking reasonable steps to protect your personal information against unauthorized disclosure or misuse.
Visiting this Website from Outside the United States
If you are visiting the Websites from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated. The information protection laws of the United States might not be as comprehensive or protective as those in your country. By using the Websites and our services, you understand that your information may be transferred to our facilities and to third parties as described in this Privacy Policy.
Changes to this Privacy Policy
We may update or amend this Privacy Policy at any time. This Privacy Policy will reflect the date it was last updated or amended. If we make any material amendments, we will notify you by sending an email to the address associated with your user account, and/or posting a notification on HandSurgeryResource.org or HandSurgerPrimer.org as the updated Privacy Policy is being published on the Websites. All amendments will take effect immediately upon our posting of the updated Privacy Policy on the Websites. Your continued use of the Websites will indicate your acceptance of the changes to the Privacy Policy.
Contacting Us
If you have questions or concerns about this Privacy Policy, our information practices, or wish to make a request regarding your information, please contact us at any of the following:
Main Toll Free 1-855-208-9838
Main Local Number 1-631-973-HAND (4263)
Hand Surgery Resource
Suite 215 Box 208
25 Health Sciences Drive
Stony Brook, NY 11790
E-mail:
LCHurst100@handsurgeryresource.org
LCHurst100@gmail.com