Last updated: 25 May 2018
We value your privacy and strive to protect your personal information. Please read this Policy to understand what types of information we collect from you, for what purposes and what choices you have regarding our collection of your information.
Hand Surgery Resource serves an international community, and so we are committed to complying with any applicable data protection laws and regulations, such as the EU's General Data Protection Regulation(GDPR).
Plain Language Summary
In plain language, regulations such as GDPR define the following roles, rights, and responsibilities:
- Data Subject - this is you, the end user.
- Data Controller - this is us, Hand Surgery Resource as the owners and operators of HandSurgeryResource.org and HandSurgeryPrimer.org.
- Data Processor - any other organization that processes personal data on behalf of the Data Controller.
Rights of the Data Subject
- Right to be Informed - A data subject has the right to know whether personal information is being processed; where; and for what purpose.
This information is outlined in the section below titled "Information We Collect About You" and "How we Use Your Information".
- Right to Access - A data subject has a right to access the information about them that is stored by the Data Controller.
This information is outlined in the section below titled "Information We Collect About You" and "How we Use Your Information".
- Right to Rectification - A data subject has the right to correct any errors in the data about them.
- Right to Restrict Processing - A data subject has the right to request that data not be processed, and yet also not be deleted by the Data Controller.
- Right to Object - A data subject has the right to opt out of marketing, processing based on legitimate interest, or processing for research or statistical purposes.
- Right to be Forgotten - Also known as the right to revoke consent, the right to be forgotten states that a data subject has the right to request erasure of data, the cessation of processing by the controller, and halting processing of the data by third party processors.
The conditions for this, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent.
It should also be noted that this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data" when considering such requests.
This information is outlined in the sections below titled "Accessing and Correcting Your Information".
- Data Portability - A data subject has the right to receive a copy of their data in a 'commonly used and machine readable format.'
This information is outlined in the sections below titled "Your Choices About Use and Disclosure of Your Information" and "Accessing and Correcting Your Information".
Responsibilities of the Data Controller and Data Processors
- Privacy by Design - 'The controller shall..implement appropriate technical and organisational measures..in an effective way.. in order to meet the requirements of this Regulation and protect the rights of data subjects'. Article 23 of the GDPR calls for controllers to hold and process only the data absolutely necessary for the completion of its duties, as well as limit the access to personal data to those who need it to carry out these duties.
- Breach Notification - The Data Controller must notify the appropriate data processing authority and any affected end user of any breach that might result in 'risk to the rights and freedoms of individuals' within 72 hours of becoming aware of the breach.
A Data Processor must notify the Data Controller of any breach 'without undue delay.'
- Data protection officer - A Data Controller or Processor must appoint a Data Protection Officer when: a Data Controller represents a public authority; or the core operations of the Controller require regular and systematic monitoring of Subjects on a large scale; or when the Controller's core operations depend on processing a large scale of special categories of data (including but not limited to health data, criminal conviction information, etc).
The Drupal Association's core operations do not require the Association to establish a Data Protection Officer.
Information We Collect About You
We collect several types of information from and about you, including:
1. Your name, email address, school (if applicable) profession and password. We treat this information as "Personally Identifiable Information" or "PII". We never store passwords in plain text format, only secure password hashes.
2. Non-personally identifiable information, such as demographic information about you, information about your computer system or device, your preferences, your online activity, and your location information ("Non-Personally Identifiable Information" a "Non-PII"). Non-PII, by itself, does not identify you, but it can be combined with other information in way that allows you to be identified. If this happens, we will treat the combined information as PII.
We may collect information from or about you in the following ways:
- Information Provided by You. We collect information provided by you when you (1) create your public profile; (2) communicate with us or request information about or from us by e-mail or other means; (3) fill out forms or fields on the Websites; (4) sign-up for any of our newsletters, materials or our services on the Websites.
- Automatic Information Collection. We also use automatic data collection technologies to collect and store certain information about your equipment, browsing actions and patterns when you interact with the Websites through your computer or mobile device. In addition, we may allow third party ad networks to use automatic data collection technologies to collect similar information about you for purposes of providing interest-based ads.
Service providers and partners
We use a number of service providers to help us operate the sites and provide high quality user experience to our visitors. Some of those providers can access Non-PII about you via automatic data collection technologies.
Automatic Information Collection Technologies
The information that we collect about your equipment, browsing actions and patterns includes, but is not limited to, traffic data, location data, logs, the resources that you access, search queries, as well as information about the computer or device you are using and the Internet connection, including your IP address, operating system and browser type.
This automatically collected information typically does not include PII, but we may maintain it or associate it with your personal information collected in other ways. Collection of this type of information helps us to improve the Websites and to deliver a better and more personalized service by enabling us to, among other things: (1) estimate our audience size and usage patterns; (2) speed up your searches; and (3) recognize you when you return to this Website.
The automatic collection technologies we or our service providers use for this automatic information collection may include:
- Cookies (or browser cookies). The Websites may use two types of cookies (small data files placed on the hard drive of your computer when you visit a website): a "session cookie," which expires immediately when you end your browsing session and a "persistent cookie," which stores information on your hard drive so when you end your browsing session and return to this website later, the cookie information is still available.
Third Party Advertising Partners and Interest-Based Ads
Links to Third Party Websites and Social Media Widgets
The Websites and some of our electronic communications to you, may contain links to other websites that are owned and operated by third parties. Links to third parties from the Websites are not an endorsement by us. We do not control, and are not responsible for, the privacy and security practices of these third parties. We recommend that you review the privacy and security policies of these third parties to determine how they handle information they may collect from or about you.
The Websites may also include social media features, such as the Facebook Like button, Google Plus, and Twitter widgets. These features may collect information about your IP address and the page you are visiting on the Websites, and they may set a cookie to make sure the feature functions properly. Your interactions with these features and the information from or about you collected by them are governed by the privacy policies of the companies that provide them.
How We Use Your Information
We use your information, including any PII, to:
- Provide information and services requested by you;
- Provide customer support, including responding to your requests and questions and troubleshooting and resolving problems or complaints;
- Verify the information you provide to us;
- Communicate with you;
- Understand and anticipate your use of or interest in, our services, and content, and the products, services, and content offered by others;
- Develop and display products, services, and content tailored to your interests on our websites and other websites;
- Provide you with promotional materials and Newsletters in case you opt-in to receive those;
- Measure the overall effectiveness of our online, content, and programming, and other activities;
- Manage our business and operations;
- Protect the security and integrity of the Websites;
- Carry out our obligations and enforce our rights arising from any contracts entered into between you and us; and
- Fulfill any other purposes for which you provide your information and for any other purpose as described to you at the time your information is collected or for which your consent is given.
Disclosure of Your Information
We may disclose and share aggregated non-PII about you at our discretion.
We may disclose or share your PII only in limited circumstances:
- With any Hand Surgery Resource employee or agent for support of our internal and business operations or to respond to a request made by you.
- We may disclose information we collect from or about you when we believe disclosure is appropriate to comply with the law, to enforce agreements, or to protect the rights, property, or safety of users of the Websites, the Company, or other persons or organizations.
Your Choices About Use and Disclosure of Your Information
We strive to provide you with choices regarding our use of your personal information. Below are some mechanisms that provide you with control over your information:
- Promotional and Informational e-mails. We do not send any promotional or informational emails without your opt-in first. If you do not wish to receive promotional e-mails from us, follow the unsubscribe process at the bottom of the promotional e-mail.
- Note that even if you opt-out, you may still receive transactional e-mails from us (e.g., e-mails related to the completion of your registration, correction of user data, password reset requests, notification/alert/reminder e-mails that you have requested, and any other similar communications essential to your transactions on the Websites).
- Google Analytics. You can opt out from Google Analytics tracking via your browser privacy settings or by using a browser addon.
Accessing and Correcting Your Information
The appropriate method(s) for accessing your information, if any, will depend on which of our websites and services you have visited or used. Depending on the website and service, you may have the ability to view or edit some of your information online, by logging into the website and visiting your account profile page. If you remove information from your user profile, it will stay in backups on our servers for 2 weeks, after which it will be completely removed.
To request access to, correct, or delete any personal information that you have provided to us you may contact us at ??. You may also request a notice disclosing the categories of personal information we have shared with third parties for their direct marketing purposes during the preceding calendar year by contacting ???
We cannot delete your personal information except by also deleting your account. We also may not accommodate a request to change or delete information if we believe the change would violate any law or legal requirements or any other applicable agreement between you and us, or cause the information to be incorrect.
Upon deletion all private and personally identifying information from your profile will be deleted. The data will stay in backups on our servers for 2 weeks, after which it will be completely removed.
Once deleted, your account is gone and can not be restored.
Protection of Your Information
We use reasonable security measures to protect your information collected through the Websites. We do not store passwords in plain text format, only secure password hashes. However, no method of transmission or electronic storage is 100% safe, and we cannot guarantee absolute security. Therefore, your use of the Websites is at your own risk and we do not promise or guarantee, and you should not expect, that your information will always and absolutely remain private and secure. We are not responsible for the circumvention of any privacy settings or security measures contained on or concerning the Websites. You are also responsible for taking reasonable steps to protect your personal information against unauthorized disclosure or misuse.
Visiting this Website from Outside the United States
Main Toll Free 1-855-208-9838
Main Local Number 1-631-973-HAND (4263)
Hand Surgery Resource
Suite 215 Box 208
25 Health Sciences Drive
Stony Brook, NY 11790