1.1 ASHG is committed to safeguarding the privacy of our website visitors, members, and all other ASHG stakeholders. To do so, we strive to engage in competent data management. We recognize that your privacy is important to you, and we therefore take the privacy of your personal information seriously as we work to advance our social purpose and the business underlying it.
1.2 This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and ASHG stakeholders.
1.3 This policy is broadly applied to all ASHG stakeholders as a guideline for ASHG’s intentioned behavior. This policy applies by law only to individuals in the European Union (EU) and European Economic Area (EEA) per the mandates of The General Data Protection Regulation (GDPR).
1.5 ASHG’s website incorporates privacy controls, which affect how we will process your personal data across all our websites while giving you the appropriate control over your personal information. By using the privacy controls, you can specify whether you would like to receive direct marketing communications and limit the publication of your information. You can access the privacy controls via unsubscribe links in emails and your membership directory preferences.
1.6 In this policy, “we”, “us” and “our” refer to the American Society of Human Genetics (ASHG).
2. How we use your personal data
2.1 In this Section 2 we have set out:
(a) the general categories of personal data that we may process;
(b) in the case of personal data that we did not obtain directly from you, the source and specific categories of that data;
(c) the purposes for which we may process personal data; and
(d) the legal bases of the processing.
ASHG takes your privacy seriously and only processes and collects data necessary for serving our members and advancing our mission.
2.2 We may process data about your use of our websites and services (“usage data“). Only data used for website functionality, such as IP addresses and session data, are collected on ASHG’s websites. This usage data may be processed for the purposes of analyzing the use of the website and services, as well as for carrying out services for you. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website services and offering services to appropriate ASHG stakeholders.
2.3 We may process your ASHG account data (“account data“). This data is information you submit to ASHG during the member joining process. Information that is required to process expectations of membership and other requested services includes your name, address, and email. Additional information, such as place of work, research designations, and academic rank, is voluntary and helps us understand the composition and needs of members and other stakeholders. The account data may be processed for the purposes of providing our services and communicating important advocacy, education, scientific development, and meeting-related content with you. You can change your communication settings with ASHG at any time to limit the correspondence. The legal basis for this processing is either by consent or contractual, namely your elective creation of an ASHG account and/or ASHG membership.
(a) ASHG uses member contact information to send information about meetings and membership benefits and discounts, such as voting privileges, award opportunities, funding agency requests for information, leadership opportunities, and other communication we feel would be of interest to you. Membership contact information is also used to contact members when necessary for administrative purposes. The online Membership Directory is provided for informational purposes, and members have the option to opt out of this listing if desired.
(b) ASHG may rent its Annual Meeting registration lists for one-time use by third parties promoting meetings, publications, or products of interest. ASHG only rents these lists to groups we feel have content or services relevant to our stakeholders. Members are only included on these lists if they opt in during the registration process. Opting into this communication is not required to register for the meeting. These rented lists are mailing addresses only and do not include email addresses, phone numbers, or any other data collected by ASHG.
2.4 We may process your personal data that are provided in the course of the use of our membership, education, advocacy, registration, and housing systems and services (“service data“). The service data may include name, email address, demographic information, date of birth, interests, specialties, educational details, and employment details. The service data may be processed for the purposes of operating our websites, providing our services, ensuring the security of our websites and services, maintaining back-ups of our databases, and communicating with you. The legal basis for this processing is the delivery of our contractual obligations, namely the provision of services you have requested or have paid for.
2.5 We may process information that you post for publication on our websites or through our services (“publication data“). The publication data may be processed for the purposes of enabling such publication and administering our websites and services. The legal basis for this processing is either consent (e.g. for abstract submissions, ASHG meeting presentation submissions) OR our legitimate interests, namely the proper administration of our websites and advancing our social purpose and the business underlying it.
2.6 We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website (“transaction data“). The transaction data may include your contact details, your card details, and the transaction details. The transaction data is processed for the purpose of supplying the purchased goods and services, like membership and annual meeting registration, and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our websites and advancing our social purpose and the business underlying it.
2.7 We may process information that you provide to us for the purpose of subscribing to our email notifications and newsletters (“notification data“). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. We use the information to share relevant notifications and news we believe would be of interest to you based on your expressed interests in ASHG’s mission and services. The legal basis for this processing is your consent.
2.8 We may process information contained in or relating to any communication that you send to us (“correspondence data“). The correspondence data may include the communication content and metadata associated with the communication. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our websites and advancing our social purpose and the business underlying it, as well as communications with users.
2.9 We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defense of legal claims, obtaining or maintaining insurance coverage, and managing risks. The legal basis for this processing is our obligation to meet legal or contractual requirements, the protection and assertion of our legal rights, your legal rights and the legal rights of others, as well as protecting the organization against risks.
2.10 In addition to the specific purposes for which we may process your personal data set out in this Section 2, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
2.11 Please do not supply any other person’s personal data to us unless we prompt you to do so and the individual has consented to having their data shared.
3. Providing your personal data to others
3.1 We may disclose your personal data to companies that we work with in advancing our social purpose and the business underlying it (including our subcontractors, suppliers, and vendors) insofar as reasonably necessary for the purposes set out in this policy. Registration for the annual meeting through a third-party software is an example of this.
3.2 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
3.3 In cases where pursuing ASHG’s vision involves partnering with an outside organization and sharing personal data, we will request the appropriate permission from the applicable individuals. This applies in cases like our joint membership option with the European Society of Human Genetics.
3.4 Financial transactions relating to our websites and services may be handled by our payment services providers, Authorize.net, and the payment service providers of our subcontractors and suppliers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. Financial information will in no way be used for marketing purposes, nor will they be shared with any third parties unless the third party manages the billing for ASHG. You can find information about the payment services providers’ privacy policies and practices at https://www.authorize.net/company/privacy/.
3.6 In addition to the specific disclosures of personal data set out in this Section 3, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
3.7 If in the future we intend to process your personal data for a purpose other than that for which it was collected, we will provide you with information on that purpose and any other relevant information.
4. Retaining and deleting personal data
4.1 This Section 4 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data while maintaining the integrity of our stakeholders’ information.
4.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
4.3 Personally identifiable data (not including the data covered below in Section 4.3) will be retained for a minimum period of five years and maximum period of seven years.
4.4 Personally identifiable data related to website usage (e.g., cookies) will be kept for a minimum period of 26 months and a maximum period of 50 months.
4.5 Notwithstanding the other provisions of this Section 4, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
5.1 We may update this policy from time to time by publishing a new version on our website.
5.2 We may notify you of changes to this policy by email.
6. Rights under GDPR
6.1 Under GDPR, EU- and EEA-based website visitors and stakeholders have the right to request access to one’s data, amend (rectify) this data, limit our processing of this data, withdraw this data, and have the data shared with you in a timely manner via a commonly-used, machine-readable format.
6.2 Although only bound by law to provide these services to EU-based individuals, ASHG values the privacy and protection of all our stakeholders.
6.3 To the extent that the legal basis for our processing of your personal data is:
(a) consent; or
(b) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
6.4 If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
6.5 To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
6.6 You may exercise any of your rights in relation to your personal data by written notice to us.
7. About cookies
7.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
7.2 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies. Only data used for website functionality, such as IP addresses and session data, are collected on ASHG’s websites. These data are used only for internal analysis of website usage and traffic and for the improvement of ASHG programs through website functionality. Session data allows website users to complete actions like submitting abstracts.
8. Cookies used by our service providers
9. Managing cookies
9.1 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
9.2 Blocking all cookies will have a negative impact upon the usability of many websites.
10. Our details
10.1 Our websites are owned and operated by the American Society of Human Genetics.
10.2 Our principal place of business is at 6120 Executive Boulevard, Suite 500, Rockville, MD 20852.
10.3 You can contact us:
(a) by post, to the postal address given above;
(b) using our website contact form;
(c) by email, using the email address of our data protection point of contact, listed in Item 13 below.
11. Data protection point of contact
11.1 For any issues related to data protection please contact: Amanda Olsen at firstname.lastname@example.org.
11.2 This contact may be changed as needed by ASHG.
12. Copyright and Trademark Notices
The content of material provided by ASHG is copyrighted by ASHG or used by ASHG under license. ASHG and its licensors retain all copyrights and other proprietary rights in or relating to any content, including any software, provided. All rights are reserved and such content may not be reproduced, downloaded, modified, published, displayed, disseminated, or transferred, in any form or by any means, except with the prior written agreement of ASHG. You may not sell, transfer, reproduce, transmit, distribute, perform or display such content for any commercial purpose without the prior express written consent of ASHG.