Types of Information Collected
Types of Information Collected From Unregistered Visitors
Visitors can access the home pages and browse some areas of the CCO Web sites without disclosing any personally identifiable information. We do track information provided to us by your browser, including the Web site you came from (known as the “referring URL”), the type of browser you use, the time and date of access, and other information that does not personally identify you. You must register with us to access most CCO materials and programs.
Information Collected When Users Register
Users registering with a CCO Site are asked to provide identifying information, such as name, contact information, and other information. Our registration screen clearly labels which information is required for registration and which information is optional and may be given at the user’s discretion. You will also be given a choice about whether or not you want to receive email notices from CCO.
Information From Outside Sources
We may also collect information about physicians or other healthcare professionals who register for CCO Sites through other sources in order to verify their licensure status and identity. In some cases, we may ask visitors for information after they register, such as credit card information. Where necessary (for example, to process a symposium registration request), we or our authorized processors may contact financial or credit organizations to confirm credit card data. All credit card data are secured using a secure payment gateway provided by a third party to prevent unauthorized access to that information.
In addition, we automatically gather certain information about you as you interact with the CCO Sites, such as your IP address and referring URL. CCO reserves the right to use this information to personalize its offerings and presentations to you, facilitate your movements throughout our Web sites, provide personalized services, and communicate with you individually.
Your Web browser can be set to allow you to control whether you will accept cookies, reject cookies, or to notify you each time a cookie is sent to you. If your browser is set to reject cookies, Web sites that are cookie enabled will not recognize you when you return to the Web site, and some Web site functionality may be lost. The Help section of your browser will tell you how to prevent your browser from accepting cookies.
Although cookies do not normally contain personally identifiable information, if you are a registered user, we may associate your registration information with cookies our Web site places on your computer’s hard drive. Associating a cookie with your registration data allows us to offer increased personalization and functionality. For example, you can elect to have our Web site “remember” your user name and password and bypass the sign-in process on each visit to the site. Without cookies, this functionality is not possible.
Use and Disclosure of Information
We will not disclose or share your personally identifiable information without your consent, except as detailed below. We may send you promotional or informational messages by email, fax, or text messaging, if you consent to same. We may use your data, including personally identifiable information, in order to maintain and update our records and track your usage of our products and services. We may also use aggregate data about users for program and/or product use analysis, program development, and site improvement. We may also use it for market analysis and provide information from our Web sites in aggregate form, with identifying information removed, to third parties. For example, we may tell a sponsor what percentage of our registered users resides in a particular geographical area or their practice specialty. Depending on an agreement with third parties, we may or may not charge for this information.
CCO may disclose personally identifiable information or more specific data about users to accrediting bodies as is required to grant continuing education or other forms of credit for programs successfully completed or aggregated data to corporate sponsors to analyze the demographics and practice patterns of healthcare professionals visiting the sponsored programs. In addition, we may disclose personally identifiable information to a sponsor so that it can comply with applicable laws. For example, if a commercial supporter who provides grant support for an educational activity requests personally identifiable information on users to enable it to comply with the US federal “Sunshine Act,” we are obligated to provide that information. Registering to access a CCO Site constitutes consent to such disclosure.
Marketing and Advertising
We may target our advertising or marketing activities based on information we have about users. For example, a user may receive promotional information for programs on hepatitis-related issues if it is known that user may have an interest in that information. In no case will the advertiser or sponsor have access to any individually identifiable information about a specific user.
We may also personalize CCO Sites based on your interests. For example, you may be provided with content based on information you have shared with us, your previous Web site behavior, or information we may have gained from your interactions with a third party that shares information with us. In addition, we may use information for our own internal marketing, research, and related purposes.
We may send offers to selected groups of users on behalf of other groups. When we do this, we do not give out your name and address. We provide a variety of mechanisms for you to tell us you do not want to receive such communications.
Companies and People Who Work With Us
We contract with other companies and individuals to help us provide services. For example, we may host some of our sites on another company's computers, hire technical consultants, or work with companies to remove repetitive information from customer lists, analyze data, provide marketing assistance, and provide customer service. In addition, as a healthcare professional, we may validate your licensure status and other information against available databases that list licensed healthcare professionals. In order to perform their jobs, these other companies may have access to personal information about our users. We require our employees and all such companies and contractors to comply with the terms of our privacy policies, to limit their access to any information to the minimum necessary to perform their obligations, and not to use such information for any purpose other than fulfilling their responsibilities to us or servicing orders or requests you have made.
We partner with various companies that provide a variety of medical education and communications services. We share personal information about our users with these partner companies to permit them to contact our users concerning medical education services that may be of interest or surveys for remuneration. Any communications from our partner companies will provide a method for declining further communications. We reserve the right to transfer all databases and information, including personally identifiable information, to any successor entity or company that acquires all or the relevant part of CCO operations or business without your consent and without notice to you.
Public Forums and Other Online Resources
CCO may release registration and/or personal information when we believe release is required to comply with our legal obligations or the legal obligations of commercial supporters providing grant support for CCO programs. If we discover that a third party inadvertently disclosed personal information about any of our customers, we will take action to prevent further occurrences.
Other than as described above, CCO will not release personally identifiable information to a third party without the user's consent. Also, if we ask your consent to release information to a third party, we will use our best efforts to clearly define and limit the scope of your consent.
Electronic Communication and Anti-Spam Policy
CCO abides by all applicable state and federal laws governing electronic communication over the Internet, including the following:
CCO will send promotional or informational materials by email, fax, or text messages to those who have identified themselves as interested in CCO programs or are listed as a recipient on mailing lists secured from a third-party vendor.
CCO will maintain records demonstrating “opt-out” or “unsubscribe” requests and will apply this to third-party mailing lists when possible.
All electronic communications will include a way for the recipient to be removed from future distribution.
Electronic message headers will identify CCO as the sender and subject lines will accurately reflect the content of the message.
A postal address will be included in all commercial email messages from CCO.
All email communications will contain valid header information.
CCO will maintain a corporate email address in the form of firstname.lastname@example.org for inquiries and will respond to all emails sent to this address within three (3) business days.
Protection of Information
We have implemented technology and security policies, rules, and other measures to protect the personal data that we have under our control from unauthorized access, improper use, alteration, unlawful or accidental destruction, and accidental loss. We also protect your information by requiring that all our employees and others who have access to or are associated with the processing of your data respect your confidentiality.
CCO uses security methods to determine the identity of its registered users, so that appropriate rights and restrictions can be enforced for that user. Reliable verification of user identity is called authentication. CCO uses both passwords and usernames to authenticate users. Users are responsible for maintaining their own passwords. While we take reasonable precautions to protect the security of our user’s personal information from loss, misuse, unauthorized access or disclosure, alteration, or destruction, we cannot guarantee the total security of such data, or that we will be immune from hacking incidents or security breaches.
Storage of Health Information
Information in our data centers is backed up routinely in order to aid in the recovery of information in the event of accidental damage of information or due to a natural disaster. The backup media is stored in a physically secure storage facility.
Access to Information and Choices
Correction of Information
You may edit or correct your personal registration profile at any time. You can directly edit your profile on our Web site. Requests for deletion of your record may result in your removal from the registry, but we may keep certain demographic information about you for product improvement purposes.
Privacy Questions or Concerns