Effective Date: May 3, 2018
The American Academy of Physical Medicine & Rehabilitation (“AAPM&R”, "we", "us", or "our") respects your privacy and is committed to protecting it through our compliance with this Privacy Notice. This Privacy Notice describes the categories of Personal Data we may collect and process from European Union (“EU”) and United Kingdom (“UK”) residents online and offline, and Personal Data (defined below) we receive about EU and UK residents from third-parties.
Please read this Privacy Notice carefully to understand our policies and practices regarding how we will treat your Personal Data. If our policies and practices regarding your Personal Data change, we will update this Privacy Notice.
This Privacy Notice is provided in a layered format so you can click through to the specific areas set out below.
1. WHAT PERSONAL DATA WE COLLECT ABOUT YOU
2. HOW WE COLLECT YOUR PERSONAL DATA
3. HOW WE PROCESS YOUR PERSONAL DATA
4. TO WHOM YOUR PERSONAL DATA IS DISCLOSED
5. IN WHAT COUNTRIES IS YOUR PERSONAL DATA PROCESSED
6. HOW WE SECURE YOUR PERSONAL DATA
7. HOW LONG WE STORE YOUR PERSONAL DATA
8. WHAT ARE YOUR PERSONAL DATA LEGAL RIGHTS
9. WHAT PRIVACY PRACTICES APPLY TO THIRD-PARTY LINKS ON OUR WEBSITES
10. GLOSSARY
11. HOW TO CONTACT US
1. WHAT PERSONAL DATA WE COLLECT ABOUT YOU
The categories of Personal Data we may collect about you are:
- Identity Data including first name, maiden name, last name, username or similar identifier, title, and date of birth.
- Contact Data including address, email address and telephone number.
- Financial Data including bank account and payment card details.
- Transaction Data including details about payments to and from you and other details of products and services you purchase from us.
- Technical Data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Profile Data including your username and password on our website, your purchases or orders, your interests, preferences, feedback and survey responses.
- Usage Data including information about how you use our websites, products and services.
- Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.
- Photograph and Recordings Data including photographs, video and audio recordings in which you are identifiable.
- Background Data including gender, degrees, licensure, certification, subspecialty certification, National Provider Identifier (NPI) number, opioid prescriber number, residency and/or fellowship graduate date, practice setting, services and procedures, areas of care, size of practice, community networks, etc.
- Racial/Ethnicity Data in particular, the race in which you identify yourself.
- Health Data in particular information you provide us in connection with your request for a dietary or disability accommodation.
We also process aggregated data, which is data derived from your Personal Data for statistical purposes. Aggregated data is not considered Personal Data because it does not directly or indirectly reveal your identity. We are not required to maintain, acquire, or possess information to identify you in all circumstances. This Privacy Notice does not restrict our collection and processing of aggregated data. However, if we combine or connect aggregated data with your Personal Data so it can directly or indirectly identify you, we treat the combined data as Personal Data, which will only be processed in accordance with this Privacy Notice.
Data We Do Not Collect. Except as provided below, and then only with your consent, we do not collect any Special Categories of Personal Data (as defined by the GDPR) about you (i.e., details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
With your consent we collect information from you regarding Racial/Ethnicity Data. We will only use this information to assess: (i) the involvement of individuals of different races and ethnicities with our organization; and (ii) how we can better-serve individuals of different races and ethnicities, and better serve the specialty.
If you request an accommodation because of your health or a disability at our Annual Assembly or other events, we may need some information regarding your health to assess your request and possible accommodations. Whether you provide this information is your choice and we will only collect this information with your consent.
We will not collect information regarding your race/ethnicity or health from anyone other than you.
We do not collect any information about criminal convictions and offenses.
Neither our website, nor any of the products or services we provide, are intended for anyone under the age of 16. We do not knowingly collect or process Personal Data of children under age 16. If you are under age 16, do not provide any information about yourself to us. If we learn we possess Personal Data from a child under age 16 without verification of parental consent, we will delete that data. If you believe we possess Personal Data of anyone under age 16, please contact us as set forth in Section 11 below.
2. HOW WE COLLECT YOUR PERSONAL DATA
As discussed in this Section, we use different methods to collect your Personal Data:
Data You Provide Us. You may give us your Personal Data both online and offline by submitting forms to us, or by corresponding with us, through our websites www.aapmr.org, me.aapmr.org, members.aapmr.org, www.phyzforum.org (phyzforum.aapmr.org), www.pmrismorethan.org, registry.aapmr.org, contracted, third-party websites related to our Annual Assembly, email, phone, or other means. For example, you may provide us Personal Data when you:
- register for membership;
- register for our events;
- access our products or services;
- create an account on our websites;
- subscribe to our publications;
- request marketing materials from us;
- enter search queries on our websites;
- when you download and use our Mobile Application(s);
- enter a competition, promotion, or survey provided by us;
- contact us;
- serve as a volunteer;
- provide it to us at an event or meeting; or
- provide us with feedback.
You may also provide information to be published or displayed (collectively “post” or “posted”) on various areas of our websites, or transmitted to other users of our websites or third parties (collectively “User Contributions”). All areas of the websites in which User Contributions are posted should be considered public and not confidential, even if those areas are limited to a particular audience. Once you post a User Contribution, you should assume everyone in the world can see it and will have access to it and you will be unable to delete or revise it. In addition, we have no control over what other users of the websites may do with your User Contributions. Accordingly, you should not post anything you wish to keep confidential or are required by law or otherwise to keep confidential. YOU ARE SOLELY RESPONSIBLE FOR WHAT YOU POST AND FOR THE CONSEQUENCES OF YOUR USER CONTRIBUTIONS POSTED ON OUR WEBSITES.
You may choose to download our Mobile Application(s) to your mobile device (e.g., cellphone, tablet). If you choose to download our Mobile Application, your name, and if you provide it to us, your picture (“User Profile”) are prepopulated in the Mobile Application(s). In the Mobile Application(s)’s setting, you can choose to make your User Profile public and allow other parties who download the Mobile Application(s) to view: (i) your User Profile, and (ii) if you check-in to events using the Mobile Application(s), a record of the events you attend.
Data We Collect Through Automatic Data Collection Technology. As you navigate through and interact with our websites, we may use automatic data collection technology to collect certain information about you, your equipment, and your browsing actions and patterns, including: (i) whether you are a new or existing user; (ii) content viewed; (iii) frequency, duration, and date of content viewed; (iv) your searches; (v) your IP address; (vi) your operating system; (vii) your device type; (viii) your network; (ix) your browser type; and (x) your server connection speed.
We may also use this technology to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking).
The information we collect automatically helps us improve our websites, and deliver a better and more personalized service by enabling us to:
- Estimate our audience size and usage patterns;
- Store information about your preferences and interests, allowing us to customize our websites and marketing according to your individual interests; and
- Recognize you when you return to our websites.
The technology we use for this automatic data collection may include:
- Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of our websites. Unless you have adjusted your browser setting so it will refuse cookies, our system will issue cookies when you direct your browser to our websites.
- Flash Cookies. Certain features of our websites may use local stored objects (or flash cookies) to collect and store information about your preferences and navigation to, from and on our websites. Flash cookies are not managed by the same browser settings as browser cookies. To learn how to manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or refuse Flash cookies, please note some parts of our websites may be inaccessible or not function properly.
- Web Beacons. Pages of our websites and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages, or opened an email, and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Third parties or publicly available sources. We may process your Personal Data that is collected from various third parties and public sources, as follows:
Categories of Personal Data Collected |
Third-Party Sources |
Identity and Contact Data |
Publicly available sources (e.g., LinkedIn, Facebook) |
Identity and Contact Data |
Employer (e.g., where you are an employee of an organization with whom we contracted and that organization lists you as their contact for the contract) |
Identity and Contact Data |
Contractors we engaged to collect information from you on our behalf. |
Identity and Contact Data |
American Board of Physical Medicine and Rehabilitation (“ABPMR”) |
Identity and Contact Data |
Mexican Society of Physical Medicine and Rehabilitation |
3. HOW WE PROCESS YOUR PERSONAL DATA
After collecting your Personal Data, we process it in one or more ways. Processing includes operations performed on Personal Data, including collecting, recording, organizing, structuring, storing, altering, retrieving, consulting, using, disclosing, restricting, erasing or destroying the same.
We will only process your Personal Data when we have a lawful basis to do so. Most commonly, we will process your Personal Data in the following circumstances:
- Where processing is necessary for the performance of a contract we have with you, or in order to take steps at your request prior to entering into a contract with you;
- Where processing is necessary for the purpose of our legitimate interests, except where our interests are overridden by your interests or fundamental rights and freedoms;
- Where processing is necessary for our compliance with a legal obligation; or
- Where you provide consent to the processing for specific purposes.
Purposes For Which We Will Process Your Personal Data. The following table depicts how we may process your Personal Data, and the lawful bases upon which we rely. As noted below, we may rely on different lawful bases to process your Personal Data.
Purpose/Activity |
Personal Data Categories |
Lawful Basis for Processing, Including Basis of Legitimate Interest |
To provide you with contracted products or services |
Identity Data
Contact Data
Background Data
Technical Data
Financial Data
Transaction Data
Marketing and Communications Data |
Contract |
Marketing our goods and services to you |
Identity Data
Contact Data
Background Data
Technical Data
Profile Data
Usage Data
Marketing and Communications Data |
Legitimate Interest (marketing our goods and services to individuals with whom we have a prior relationship to grow our organization) |
Sharing your personal data with other organizations and individuals to contact you about their goods or services |
Identity Data
Contact Data
Marketing and Communications Data |
Consent |
To enable you to partake in a prize drawing, competition, or complete a survey |
Identity Data
Contact Data
Profile Data
Background Data
Usage Data
Marketing and Communications Data |
Legitimate Interest (to study how customers use our products/services, to develop them and grow our organization) |
To maintain a historical record of our events and activities |
Identity Data
Contact Data
Photograph and Recordings Data
|
Legitimate interest (to maintain a historical record of our events and activities) |
To report on our events and activities |
Identity Data
Contact Data
Photograph and Recordings Data |
Legitimate interest (to report on our events and activities; promote our events and activities, our organization and its purpose; and maintain a historical record of our events and activities)
|
To promote our organization, its purpose, and its events and activities |
Identity Data
Contact Data
Background Data
Usage Data
Technical Data
Photograph and Recordings Data
|
Legitimate interest (to promote our organization, its purpose, and its events and activities to individuals with whom we have a relationship)
|
To include it in your User Profile |
Identity Data
Contact Data
Background Data
Marketing and Communications Data
Photograph and Recordings Data |
Contract |
To assess: (i) the involvement of individuals of different demographics with our organization; and (ii) how we can better-serve individuals of different demographics. |
Background Data |
Legitimate interest (to promote the organization, its goods and services; advance our organization’s purpose) |
To facilitate networking between our members and other individuals and organizations involved in our events and activities. |
Background Data
|
Legitimate interest (facilitate networking between our members and other individuals and organizations involved in our events and activities) |
To assess: (i) the involvement of individuals of different races/ethnicities with our organization; and (ii) how we can better-serve individuals of different races/ethnicities. |
Racial/Ethnicity Data |
Consent
|
To facilitate networking between our members and other individuals and organizations involved in our events and activities. |
Racial/Ethnicity Data |
Consent
|
To assess your request for accommodations based on your health or a disability |
Health Data
|
Consent
|
Cookies and Web Beacons |
Marketing Communications Data |
Legitimate Interest (to promote the organization, its goods and services; advance our organization’s purpose)
|
Processing For Contracts. In order for us to perform a contract to which you are a party, we may need to process your Personal Data. If you fail to provide us Personal Data necessary for us to perform a contract, we will be unable to provide the products or services under the contract. However, our performance of a contract, including the provision of a service, will never be conditioned on your consent to the processing of your Personal Data that is not necessary for the performance of the contract.
Change of Purpose. If we decide to process your Personal Data for a purpose other than that for which it was collected, we will provide you, prior to further processing, additional information regarding the new purpose to ensure the Personal Data is processed fairly and transparently and in accordance with applicable law.
4. TO WHOM YOUR PERSONAL DATA IS DISCLOSED
We may provide your Personal Data to the following third-parties:
- Our employees;
- Our third-party service providers who provide the following types of services to us:
- Marketing, communication and advertising services
- Market research services
- Meeting services
- Testing services
- Membership Services
- Accounting services
- Technology services
- Educational services
- etc.
- A successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other transfer of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceedings;
- Third-parties to market their products or services to you, if you consent;
- Government authorities and other persons, to the extent required by applicable law; and/or
- Certification and licensing bodies
5. IN WHAT COUNTRIES IS YOUR PERSONAL DATA PROCESSED
Your Personal Data may be processed in the following countries which the European Commission determined either do or do not have adequate data privacy safeguards.
Country |
Adequate Data Privacy Safeguards |
USA |
No |
6. HOW WE SECURE YOUR PERSONAL DATA
Taking into account the state of the art, costs of implementation, nature, scope, context and purpose(s) of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. Unfortunately, the transmission of information via the internet is not completely secure, but we do our best to protect your Personal Data.
7. HOW LONG WE STORE YOUR PERSONAL DATA
We will retain your Personal Data for as long as necessary to fulfil the purposes for which we collected it; including to satisfy any legal, accounting, or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some instances, you may ask us to delete your Personal Data. For more information, see
Request Erasure of your Personal Data below for further information.
In some instances, we may anonymize your Personal Data (so it can no longer be associated with you) for research or statistical purposes; in which case, we may use this information indefinitely without further notice to you.
8. WHAT ARE YOUR PERSONAL DATA LEGAL RIGHTS
You have certain rights with respect to your Personal Data under the General Data Protection Regulation (GDPR). Please click on the links below to find out more about these rights:
[Request access to your Personal Data]
[Request correction of your Personal Data]
[Request erasure of your Personal Data]
[Object to processing of your Personal Data]
[Request restrictions on the processing of your Personal Data]
[Request the transfer of your Personal Data]
[Withdraw consent to process your Personal Data]
How to exercise your rights:
- You can always Contact Us to exercise your legal rights.
- In connection with certain communications from us, we may provide you with a mechanism to opt-out of receiving similar communications from us in the future.
- In some instances, we may provide you with an online portal through which you can make certain choices about how we process your Personal Data.
- As discussed above, with respect to cookies, you may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of our websites.
- As discussed above, with respect to Flash cookies , you may disable or refuse to accept Flash cookies by activating the appropriate Flash player settings. However, if you select this setting, you may be unable to access certain parts of our websites.
- As discussed above, with respect to Web beacons , you may refuse to accept Web beacons by installing a browser plug-in that blocks them. However, if you select this setting, you may be unable to access certain parts of our website(s) or view certain text and images in our emails.
- You have the right to lodge a complaint with an appropriate supervisory authority if you believe our processing of your Personal Data is inconsistent with the requirements of applicable law.
Usually, There Is No Fee Required To Exercise Your Personal Data Rights. You will not have to pay a fee to excise your rights, nor is the purchase of products or services a condition for you to exercise your rights. You are also entitled to receive a copy of your Personal Data undergoing processing. However, if in exercising your rights, your request is unfounded, repetitive or excessive, we may charge reasonable fees taking into account the administrative costs of providing the information or taking the requested action. We may also refuse to act on the request. If you request more than one copy of your Personal Data, we may also charge you reasonable fees based on our administrative costs to provide you copies.
What We May Need From You. When we have reasonable doubts concerning the identity of an individual making a request to exercise his/her rights, we may request additional information necessary for us to confirm the requestor’s identity.
Our Response. Within one month of receiving a request to exercise your rights, we will perform the requested action and/or acknowledge your request. If, based on the complexity and number of your requests or if we require additional time to verify the accuracy of your Personal Data, we require more than one month to perform the requested action, we will inform you that we require additional time and provide the reasons additional time is necessary. If your request to us is by electronic means, we will respond by electronic means, unless you request that we respond in a different manner.
If we refuse to perform any requested action because doing so would be inconsistent with applicable law, this Privacy Notice, or for any other reason, we will provide you an explanation for our refusal.
9. WHAT PRIVACY PRACTICES APPLY TO THIRD-PARTY LINKS ON OUR WEBSITES
Our websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control third-party websites and are not responsible for their privacy practices. If you would like to know about a particular website’s practice, we encourage you to read their privacy notice.
10. GLOSSARY
YOUR LEGAL RIGHTS
You have the Legal Right to:
Request access to your Personal Data. This enables you to be informed whether we are processing your Personal Data, and if we are, receive access to the Personal Data and the following information: (i) the purpose of the processing; (ii) the Personal Data categories; (iii) the recipients or categories of recipients to whom the Personal Data have been or will be disclosed - in particular, recipients in third countries or international organizations; (iv) where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period; (v) the existence of the right to request from us rectification or erasure of Personal Data or restriction of processing of Personal Data concerning you or to object to such processing; (vi) the right to lodge a complaint with a supervisory authority; (vii) where your Personal Data is not collected from you, any available information as to the source of your Personal Data; and (viii) the existence of automated decision-making, including profiling, referred to in GDPR Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected and submit a supplementary statement to us.
Request erasure of your Personal Data. This enables you to ask us to erase Personal Data when : (i) processing the Personal Data is no longer needed for the purposes for which it was collected or otherwise processed; (ii) the Personal Data was obtained based on consent, and we possess no other legal ground for processing; (iii) the Personal Data was processed based on our legitimate interests, and there are no overriding legitimate grounds for processing; (iv) the Personal Data is processed for direct marketing purposes; (v) the Personal Data has been unlawfully processed; or (vi) the Personal Data must be erased to comply with our legal obligation. Note, however, we may not be able to comply with your request of erasure for specific legal reasons, which reasons will be communicated to you, if applicable, in response to your request.
Object to processing of your Personal Data. This enables you to object to the processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your situation that makes you feel the processing impacts your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your Personal Data which override your interests, rights, and freedoms.
Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios if: (i) you want us to establish your Personal Data’s accuracy; (ii) our processing of your Personal Data is unlawful but you do not want us to erase it; (iii) you need us to hold Personal Data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (iv) you objected to our processing of your Personal Data but we need to verify whether we have overriding legitimate grounds to process the same.
Request the transfer of your Personal Data. We will provide you, or a third party you chose, your Personal Data in a structured, commonly used, machine-readable format. Note this right only applies to automated information you initially provided consent for us to process or where we used your Personal Data to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your Personal Data. This enables you to withdraw your consent to process your Personal Data. However, your withdrawal of consent does not affect the lawfulness of any processing carried out before the withdrawal.
11. HOW TO CONTACT US
We are the controller and are responsible for your Personal Data that we process. If you have any questions about this Privacy Notice, including any requests to exercise
Your Legal Rights , please contact us at:
American Academy of Physical Medicine & Rehabilitation
[Nicole C. Bradle, Director of Member Relations]:
[9700 W. Bryn Mawr, Suite 200, Rosemont, IL 60018:
[
memberservices@aapmr.org]:
Provided we can confirm your identity, we will also provide information regarding your rights over the phone if you contact us at (877) 227-6799.