Last updated on 1/15/2020
This Privacy Statement (the "Statement") sets out how we, Society of Corporate Compliance & Ethics (SCCE) (DBA Health Care Compliance Association (HCCA) and/or Compliance Certification Board (CCB)) headquartered at 6500 Barrie Rd Ste 250, Minneapolis, MN 55435 and our group companies, subsidiaries and associated offices worldwide ("HCCA"/"SCCE"/"CCB", "we", "us", "our", etc.), collect and use the personally identifiable information of our website users, members, attendees and speakers at our conferences and other users of our websites and services (each a "User", "you", "your", etc.). By using our services and, where applicable, by providing consents for specific purposes, you consent to the use of your data as described in this Statement.
Collection of your Personal Information
We collect personally identifiable information, such as your e-mail address, first and last name, position, employer details, home or work address or telephone number and other information. We also collect anonymous demographic information, which is not unique to you, such as your ZIP code, gender, preferences, interests and favorites.
There is also information about your computer hardware and software that is automatically collected by us. This information can include: your IP address, browser type, domain names, access times and referring website addresses. This information is used by us for the operation of our services, to maintain quality of the services, and to provide general statistics regarding use of our websites.
Most of the above mentioned information will constitute "Personally Identifiable Information' or "Personal Data" , depending on the extent to which such information is protected by privacy or data protection laws in the relevant country.
Please keep in mind that if you directly disclose Personally Identifiable Information through our public discussion or message boards, this information may be collected and used by others.
Use of your Personally Identifiable Information
We will only process your Personally Identifiable Information, in accordance with applicable law, for the following purposes:
- to operate our websites and deliver the services you have requested, including, without limitation, our interactive services which you use;
- sending you personalized marketing communications to inform you of other products or services available from us and our affiliates, exhibitors and partners;
- to contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered;
- responding to your queries;
- confirmation of registration or purchase
- to include the name, title, employer of our new members in our magazine;
- to include your name, title, employer, phone number and mailing address in our Members’ Directory for access by other members;
- to create marketing materials including images or video footage of you as an attendee of our conferences
- to verify with third party testing centers your attendance and the results of your exams if applicable
- handling any job application that you may make to us;
- enabling our suppliers and service providers to carry out certain functions on our behalf, including statistical analysis, verification, technical, logistical or other functions;
- ensuring the security of our business, preventing or detecting fraud or abuses of our website;
- developing and improving our products and services, for example, by reviewing visits to our website and its various subpages to ascertain demand for specific content; and
- to comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.
- The legal basis for us processing your Personally Identifiable Information for the purposes described above will typically be because you have provided us with your consent. However, we may also rely on other legal grounds, for example, where the processing is necessary:
- to fulfill a contract that we may have in place with you;
- for the legitimate business interests of us and our affiliates, exhibitors or partners; or
- for compliance with our legal obligations.
California Privacy Rights
Under certain data privacy regulates (e.g. the California Consumer Protection Act “CCPA”), a consumer / individual may have certain rights with regards to his/her/their personal information. If you have any questions as to your right or would like to exercise any of your rights as a consumer, please contact us through the following link: Request Form
Verification: in order to protect your Personal Data from unauthorized access or deletion, we may require you to verify your login credentials before you can submit a request to know or delete Personal Data. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Data for verification. If we cannot verify your identity, we will not provide or delete your Personal Data.
You may opt-out of our email marketing lists by following the directions at the bottom of our emails. SCCE has a number of products in which we allow you to opt-out selectively. To remove a specific postal or email address from all of SCCE’s marketing communications, you may send a request to email@example.com. If you are contacted by our exhibitors or our partners please opt out with them directly and where such request is received by us, we will endeavor to pass on to such partners.
Opting-out of promotional mailings will not affect delivery of your subscription-based products.
Disclosure of your Personal Data
There are circumstances where we wish to disclose or are compelled to disclose your Personally Identifiable Information to third parties. This will only take place in accordance with the applicable law and for the purposes listed above. These scenarios include disclosure:
- to our subsidiaries
- to our exhibitors and other partners who request a conference attendee list on a one-time basis for marketing purposes. All such third parties are prohibited from using your Personally Identifiable Information, except for specific and limited marketing purposes and to provide services to us, and they are required to maintain the security and confidentiality of your information. Please opt-out if you no longer consent to your information being shared in this way; if applicable
- to our exhibitors who you permit to scan your badge at a conference, if applicable
- to our members accessing our Members’ Directory; (access restricted to members only)
- to other Users or the public as you may request using our interactive services, or as is necessary in order to resolve any disputes in relation to your contributions to our websites and services;
- to our outsourced service providers or suppliers to facilitate the provision of our services, for example, the disclosure to our database hosting provider for the safe keeping of your Personally Identifiable Information, webhosting provider through which your Personally Identifiable Information may be collected;
- to third party testing centers to facilitate your attendance of exams; if applicable
- to third party service providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons;
- to another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganization, change of legal form, dissolution or similar event. In the case of a merger or sale, your Personally Identifiable Information will be permanently transferred to a successor company;
- to public authorities where we are required by law to do so; and
- to any other third party where you have provided your consent.
International transfer of Personal Data
We may transfer your Personally Identifiable Information to a third party in countries outside the country in which it was originally collected for further processing in accordance with the purposes set out above. In particular, your Personally Identifiable Information may be transferred throughout our group and to our outsourced service providers located abroad.
In these circumstances we will, as may be required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organization, contractual or other lawful means. If you are located in the European Economic Area, you may contact us for a copy of the safeguards which we have put in place to protect your Personally Identifiable Information and privacy rights in these circumstances.
Retention of Personal Data
Your Personally Identifiable Information will be retained for as long as is reasonably necessary for the purposes listed above or as required by applicable local law. Please contact us for further details of applicable retention periods.
We may keep an anonymized form of your Personally Identifiable Information, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.
Security of your Personally Identifiable Information
We have implemented appropriate technical and organizational measures in accordance with industry standards to safeguard your Personally Identifiable Information. When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the Transport Layer Security (TLS) protocol. However, no security measure is completely secure (e.g. from malicious intrusion) and we are unable to guarantee complete security of your Personally Identifiable Information.
In order to improve the security of your Personally Identifiable Information and your User account, we would advise that you must choose a strong password to protect your account information and to change it regularly at reasonable intervals. Furthermore, you must exit from your User account at the end of each session, not allow your browser to save your login details and secure and limit access to your personal devices.
We may monitor your use of our websites and services, including our interactive and communications services by intercepting, blocking, recording or otherwise accessing systems whether on a continuous or occasional basis, as permitted by applicable law. For example, where allowed by applicable law we may monitor the content of any messages sent to your User account by another User or external party and how your devices access our websites and services.
We monitor in order to ensure compliance with our legal obligations and good practice, your compliance with our Terms and policies, to gather information as part of investigations by regulatory bodies or in connection with legal proceedings or requests, to ensure confidentiality of commercially sensitive information, to operate firewalls, prevent viruses, malicious code and the downloading or use of executable software code, to prevent the downloading, copying, distribution or other use of obscene, offensive or illegal material (such as pornographic, racist or other discriminatory content), to restrict access to third-party websites, blogs and bulletin boards in accordance with applicable systems use policies, and to prevent unauthorized access and modifications to our systems.
You should have no expectation of privacy when using our services, including our interactive and communications services, because it will be subject to monitoring as set out above. However, we will comply with local laws in relation to your privacy. For example, if you are based in Europe, as far as is reasonably practical, we will not monitor or access the content of private messages or correspondence. Where we believe that such monitoring is justified and lawful, we will limit the number of people who have access to the information concerned.
Interactive Services Complaints Procedure
If you believe that a User contribution posted on any of our interactive services is inaccurate or otherwise infringes upon your data privacy rights, please notify us by email to firstname.lastname@example.org.
A notice will be valid if it includes:
- documentation sufficiently confirming your identity;
- your contact details;
- a screenshot of the infringing material with a time and date stamp;
- a signed statement explaining how the material infringes upon your data privacy rights; and
- your suggestions as to how the infringing User should remedy his/her infringement.
Upon receipt of a valid notice, we will review your complaint and reply within 21 days. In our reply we may ask you for further information or inform you of what steps we have taken to resolve the matter.
Links to other websites
You should be aware that when you are on our website, you could be directed to other websites that are beyond our control. There are links to other sites from our website that may take you outside our service. We cannot guarantee that the privacy statements of these websites meet our standards. As always, we recommend reading the privacy statements of any new website you go to online.
Your rights and updating your Personally Identifiable Information
In certain countries, data protection law provides individuals with numerous rights, including the right to access, rectify, erase, restrict or object to the processing of, their Personally Identifiable Information. For more information about your rights, including your right to lodge a complaint, please visit the website of your local data protection authority.
If for any reason you wish to access, review, correct or delete the Personally Identifiable Information collected about you, you may do so by emailing: email@example.com. You must be able to provide sufficient proof of your identity. Once identified, we will be happy to review, update or remove your information, as appropriate.
Please note that this website is not intended for children under the age of 16.
Changes to this Statement
We will occasionally update this Privacy Statement to reflect company and customer feedback. We encourage you to periodically review this Statement to be informed of how we use your information.
If you notice any unlawful use of Personally Identifiable Information or if you believe that we have not adhered to this Statement, we would be grateful if you would notify us by email to firstname.lastname@example.org.