American Society of Hematology

Privacy Policy

Published on: April 23, 2019

  1. Your Rights and Choices
  2. Changes to this Privacy Policy
  3. Contact and Electronic Communications
  4. Mission of ASH
  5. Information We Collect About You
  6. Log Information.
  7. How We Use Information
  8. Sharing and Disclosure
  9. Credit Card Information
  10. Controlling Your Information
  11. Opt Out and Opt In
  12. Children
  13. Cookies and Tracking
  14. Third-Party Links and Websites
  15. Social Media and Community Platforms
  16. How We Protect Your Information
  17. California Residents Rights (As provided by California Civil Code Section 1798.83)
  18. Information Regarding Commercial Electronic Messages ("CEM") in Canada
  19. General Data Protection Regulations (GDPR)

PLEASE READ THIS PRIVACY STATEMENT AND NOTICE OF PRIVACY PRACTICES CAREFULLY. This Privacy Statement and Notice of Privacy Practices ("Privacy Policy") sets forth the privacy practices of the American Society of Hematology ("we" or "us" or "ASH"). This Privacy Policy is intended to be applicable to all data collection by ASH and shall apply to your use of this website, your downloading and use of our mobile applications, or to any pages, facilities, services, or capabilities accessible on or by any top-level ASH domain owned by us including but not limited to the following www.hematology.org, www.ashacademy.org, www.ashondemand.org, www.scdcoalition.org, www.bloodjournal.org, www.ashclinicalnews.org, www.bloodadvances.org, www.ash-sap.org, any subsite, subdomain, subdirectory, virtual site, or virtual directory thereof (each, a "Site" and collectively the "Sites").

This Privacy Policy does not apply to your use of any third-party website that may contain a link to a Site or any websites, applications or other information collected or used by any affiliate of ASH. Please visit the privacy policies of any such entities for information regarding your use of their sites and how they handle your personal information.

This Privacy Policy describes how ASH treats your use of the Sites, including the collection, storage, transfer, sharing and handling of your personally identifiable information ("Personally Identifiable Information" or "PII") and your non-personally identifiable information ("Non Personally Identifiable Information" or "NPII") when you utilize the Sites. This Policy also applies to the processing of personal data of individuals located in the European Union. If you are located in the European Union, if the processing of your data is subject to the laws of a member state of the European Union by virtue of public international law, if your information is otherwise governed by European Union Law, or the processing activities are related to the offering of goods or services to data subjects in the European Union or the monitoring of individuals’ behavior that takes place within the European Union, please review carefully the “General Data Protection Regulation (GDPR)” section below for more information regarding your rights and our activities relating to your personal data. If the GDPR section is applicable to your information, then other sections in this Privacy Policy still may apply to you but are subject to (and considered modified by) the GDPR section.

This Privacy Policy is incorporated as part of the Terms and Conditions that apply with respect to your use of the Sites and your submission of information to ASH. This Privacy Policy is not the only policy or 22agreement applicable to you. Please visit our Terms page for additional terms and conditions applicable to ASH’s services.

By providing us your information, you acknowledge that you have read this Privacy Policy and that you consent to ASH's privacy practices as described in this Privacy Policy. You affirm your consent when you click through and accept the terms of this document on your initial visit to a Site and by submitting content or materials to us through our Sites or when you become a member of ASH.

This Privacy Policy is not intended to, and does not, create any contractual or other legal right in or on behalf of any person. The information you provide to ASH when you become a member is also governed by the terms and conditions of your membership. In the event of a conflict between this Privacy Policy and any term(s) of your membership, the terms of your membership will govern.

Your Rights and Choices

You may have certain rights regarding the PII we maintain about you. We offer you certain choices about what personally identifiable information we collect from you, how we use that information, and how we communicate with you. You may refrain from submitting information directly to us, although doing so may impact our ability to provide the products, services, and information you request.

Changes to this Privacy Policy

ASH reserves the right to revise or update this Privacy Policy at any time, and you agree to be bound by those revisions or updates. ASH will notify you of any changes to the Privacy Policy by posting the revised or updated Privacy Policy and its "Last Modified" date on the Sites. You should check the Sites regularly for updates. Your continued use of the Sites constitutes your consent and acceptance of the new Privacy Policy and its revisions or updates once posted.

Contact and Electronic Communications

By providing your information on our Sites and/or registering to become a member you agree that we can communicate with you electronically regarding any legal, regulatory, technical, security, privacy, administrative or consumer notification obligation relating to your use of the Sites or regarding your membership. We may use your email address to confirm your request, to send you notice of payments, to send you information about changes to our products and services, and to send notices and other disclosures as described above or as required by law. Generally, users cannot opt-out of these communications, but they will be primarily informational in nature rather than promotional.

If you have any specific questions about this Privacy Policy, you can contact:

American Society of Hematology
  Attn: Privacy Officer
  2021 L Street NW, Suite 900
  Washington, DC 20036

You also may contact the ASH Customer Relations Department by phone at 866-828-1231 (U.S. toll free) or 001-202-776-0544 (for International callers), Monday through Friday from 8:30 a.m. to 5:00 p.m. Eastern time.

Mission of ASH

With more than 17,000 members from nearly 100 countries, the American Society of Hematology is the world's largest professional society serving both clinicians and scientists around the world who are working to conquer blood diseases. ASH's mission is to further the understanding, diagnosis, treatment, and prevention of disorders affecting the blood, bone marrow, and the immunologic, hemostatic and vascular systems, by promoting research, clinical care, education, training, and advocacy in hematology.

Information We Collect About You

Here are some examples and explanations of the ways in which we may collect, store, transfer, share or otherwise make your PII available to ASH.

  • Participation and Engagement History. When you use our services and/or become a member of ASH we track your participation and engagement history and in some circumstances make this information available to other members of ASH or to the general public. Participation history may include information about your committee membership and participation generally in the mission of ASH. We maintain PII on all of our members that can be accessed through a secure online member directory. Inclusion in this directory is AUTOMATIC unless you OPT OUT in the membership options account settings. Inclusion in this directly means your information may be accessed only by other current ASH members through a password-protected, members-only area of the Sites.
  • We also offer a voluntary, publicly accessible online directory of members through a section on our Site called "Find a Hematologist". Inclusion in this directory is based upon an affirmative OPT IN selection in address field table in your account settings. The Find a Hematologist directory allows patients and other members of the public to search for hematologists and provides users with contact information for members who have chosen to be listed in the directory. You may choose to OPT OUT of this directory at any time by accessing their membership profile and adjusting your account settings accordingly.
  • Survey Data. The gathering of this information may include analysis and sharing of online surveys for which you may choose to participate.
  • Contribution and Payment Information. We collect information on the amount of contributions you have made to ASH and your purchase history from the Sites.
  • Award and Grant Recipient Data. When you accept an award or grant from ASH, we track your acceptance and engagement with the award/grant program and with your permission we may make your name, institution, and in some cases, your project topic, available to the general public.

"NPII" can be technical information or it can be demographic information, such as your age, gender, or interests. Non-personally identifiable information may also mean aggregated, non-identifiable or anonymized information. Non-personally identifiable information does not identify you personally. If you do provide us with non-personally identifiable information, we may use it for the purposes described in this statement or where it is collected, or any other legal purpose.

Log Information

When you use our services or view content provided by ASH we automatically collect and store certain information in our server logs. This type of information includes details of how you used our service, IP address information described below, web pages that have been viewed by a visitor, domain type, device event information such as crashes, system activity, hardware, settings, browser type or version, browser language, the date and time of your request and referral URL.

  • Internet Protocol (IP) address.

Your "IP address" is a number that lets computers attached to the Internet know where to send you data, such as the screens and pages of our services that you view. We use this information to deliver our screens and pages to you upon request, to tailor our services to the interests of you and our other visitors, and to measure traffic to and within our services.

  • Demographic Information.

"Demographic information" may be your gender, age, zip code, and interests. We may collect such information about you through our services and use it to provide you with personalized services and to analyze trends to ensure that our services and the information on them is targeted to meet your needs. Certain demographic information may be deemed PII or otherwise receive additional protections under certain laws. Please note that we also consider aggregated information that is not personally identifiable to be non-personally identifiable information.

  • Device Information.

"Device Information" may include information we collect such as your hardware model, operating system version, unique device identifiers and mobile network information including phone number. We may associate your device identifiers or phone number with your account.

  • Location Information.

When you use ASH services we may collect and process information about your actual location. We use various technologies to determine location, including IP Address, Global Positioning Systems and other sensors that may provide ASH with information about nearby devices, Wi-Fi access points and cell towers.

How We Use Information

Personally Identifiable Information. If you do provide us with personally identifiable information, we will only use it for the purposes described in this statement or where it is collected.

We use personally identifiable information to provide you with services, to develop our membership and to provide members with certain opportunities, for Site troubleshooting and maintenance, to communicate with you about your membership, opportunities and our services, or to conduct marketing and fundraising research. We also use personally identifiable information in our services to:

  • help us create and publish content most relevant to you;
  • allow you access to certain areas of our Sites;
  • register you as a Member and develop your profile and enable you to take advantage of the personalized features of our Sites;
  • make our membership mailing list available to outside groups for educational purposes, including mailings about grant opportunities that could be beneficial to members, educational publications (e.g., medical textbooks, scientific journals), and educational programs or courses.
  • alert you to special offers, updated information, and our other new services or those of other third-parties;
  • forward promotional materials and to fulfill the terms of such promotion;
  • complete a transaction or service requested by you;
  • target our services to your needs;
  • identify you as a poster or provider of content;
  • contact you in response to sign up forms such as "Contact Us" or "Order Inquiry"; and allow you to register for meetings, submit abstracts, apply for award and grant programs, and to request additional information.

Non-personally identifiable information. We may use non-personally identifiable information for the purposes described in this Privacy Policy or where it is collected, or any other legal purpose, including, when and where applicable, combining non-personally identifiable information with personally identifiable information.

Reports. We periodically prepare analyses and reports reflecting visitor and member use of the services. In preparing these reports, we may combine and analyze the personal information you provide to us with information from other sources. However, these reports will only include aggregated information about visitors and members. The information in these reports will not identify individuals. Any business partner with whom such reports may be shared will also not be able to contact you from the information contained in the reports.

Sharing and Disclosure

Personally identifiable information. Primarily, we may share or disclose your personally identifiable information in the following instances:

  • To fulfill a service to you.
  • To offer you products from our affiliates, strategic partners, agents, or from third-party marketers and other unaffiliated parties that we believe may be of interest to you, or to assist such parties for research, administrative, and/or business purposes.
  • These parties may contact you with an offer or advertisement related to a product or service, or they may use such information for their own research, administration or business purposes.
  • To unaffiliated third-party service providers, agents, or independent contractors who help us maintain our services and with other administrative services (including, but not limited to, order processing and fulfillment, providing customer service, maintaining and analyzing data, sending customer communications on our behalf, and entry collection, winner selection and prize fulfillment for contests, sweepstakes, and other promotions). We seek to ensure that such unaffiliated third-parties will not use your personally identifiable information for any purpose other than that for which they are responsible. However, we cannot guarantee that they will not use it for any other purpose.
  • To complete your purchase. If you choose to make a purchase on or through our services, we may ask you for your credit card number, billing address, and other information in connection with completing such purchase, and we may use such information to fulfill your purchase. We may also provide such information, or other personally identifiable information provided by you, to unaffiliated third-parties to complete your purchase (for example, to process your credit card).
  • To comply with law, or in the good faith belief that such action is necessary to conform to the requirements of law, or comply with legal process served on us, and to protect and defend our rights or property, including our rights and property and our services, or act in urgent circumstances to protect the personal safety of you and our other visitors.
  • To third parties as part of a corporate reorganization process including, but not limited to, mergers, acquisitions, and sales of all or substantially all of our assets.
  • To track and analyze non-identifying, aggregate usage and volume statistical information from our visitors and customers and provide such information to third parties.
  • To protect against fraud and potential fraud. We may verify the information you provide using our services through third parties. In the course of such verification, we may receive additional personally identifiable information about you from such services. In particular, if you use a credit card or debit card to purchase services with us, we may use card authorization and fraud screening services to verify that your card information and address match the information you supplied to us, and that the card has not been reported as lost or stolen.

Non-personally identifiable information. We may share and disclose your non-personally identifiable information for the purposes described in this statement or where it is collected, or any other legal purpose, including, when and where applicable, sharing and disclosing non-personally identifiable information combined with personally identifiable information.

Legal Disclosure. We may disclose information about you and your use of services if we believe that such disclosure is reasonably necessary to:

  • Comply with the law and/or legal process where a formal request has been made (e.g. request from an administrative oversight agency, civil suit, subpoena, court order or judicial or administrative proceeding);
  • Protect or defend our rights and/or property or the rights and property of others;
  • Enforce our Terms, this Privacy Policy, and/or other agreements or policies;
  • Respond to claims that the content(s) of a communication violates the rights of another.
  • Also, circumstances may arise where, for business reasons, we may decide to reorganize, or divest all or part of our business through sale, assignment, merger or acquisition, or we may acquire a new business. In these circumstances, personal information may be shared with the actual or prospective purchasers or assignees or with the newly acquired business. In such an event, we shall provide notice of any material change to this Privacy Policy, or our services, in the manner described in the Changes to this Policy section of this Privacy Policy.

If you encounter a screen or page that requests information you do not want to share with us, do not enter the information and do not proceed with that screen or page. In addition to the above, we may use Cookies and other tracking technologies as explained below.

Credit Card Information

Users may be prompted to enter their credit card information, including, for example, when making purchases, renewing membership, or making a donation online. Any credit card information you may provide to us is secured during transmission over the Internet using industry-standard secure socket layer (SSL) encryption. We use your credit card information only to bill you for the products and services you order from us. We do not share your credit card information with anyone except as may be necessary or expedient to process your transactions or comply with law.

Controlling Your Information

As a convenience to our members, we provide a number of different opportunities to review and change information in your profile and to unsubscribe from our Services. For example, you can go to the website and log into your profile page to make desired changes.

Upon request we will attempt to delete such information, where technically feasible, after we receive a request from you to delete information. Please be advised that by requesting that your data be removed from our database, you will be unsubscribed from our services.

Please be advised that we may reject requests that are unreasonably repetitive, require disproportionate administrative or technical efforts, risk the privacy of other individuals or would be commercially unreasonable or impracticable.

We will retain your information for as long as your account is active or as needed to provide you services and as required by law, required for legal or operational purposes, to resolve disputes, or in accordance with our document retention policies and practices.

Please contact us if you wish to cancel your account or request that we no longer use your information to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Opt Out and Opt In

Opt-Out of Communications:

You may choose not to receive promotional email communications from us and can opt-out of:

  • receiving other types of communication from us, such as emails or updates regarding new services and products offered on or through our services and any new features or services on our services;
  • sharing or disclosing your personally identifiable information with third parties.

You may exercise your opt-out by ticking or un-ticking the appropriate box, if there is a checkbox where such information is collected, or by contacting us. You also may opt-out of receiving such emails by clicking on the "unsubscribe" link within the text of the applicable email. We will process your unsubscribe request as soon as possible, but please be aware that in some circumstances you may receive a few more messages until your request is processed.

Opt-Out of Third Party Mailings

While we make our membership mailing list available to outside groups for educational purposes, including mailings about grant opportunities that could be beneficial to members, educational publications (e.g., medical textbooks, scientific journals), and educational programs or courses, ASH members who do not wish to have their mailing addresses shared with outside parties in this manner may opt-out by contacting ASH Member Services at 202-776-0544 or CustomerService@hematology.org.

Children

The Sites and services are not intended for use by children. We do not intentionally gather personally identifiable information about visitors who are under the age of 13. If a child has provided us with personally identifiable information, a parent or guardian of that child may contact us to have the information deleted from our records. If you believe that we might have any information from a child under age 13, please contact us at CustomerService@hematology.org. If we learn that we have inadvertently collected the personal information of a child under 13, or equivalent minimum age depending on jurisdiction, we will take steps to delete the information as soon as possible.

Cookies and Tracking

In connection with the services, we or other parties may use cookies, web beacons, or other technologies that store or track information related to your use of the services.

For some of our Sites, we may post a Cookie Policy that is Site specific. We do this in order to best describe the use of cookies for Sites that are administered by our third party vendor partners. By posting a separate and site specific policy on these selected Sites, we are able to provide transparency to you and describe in detail where the use of cookies is configured in a way that is different than how ASH typically manages cookies on its Sites. The reasons for this is that some of our third party site administrators are in the process of developing and upgrading their compliance and technical use capabilities in the interest of providing maximum choice to visitors to the Sites. These Sites include www.bloodjournal.org, www.bloodadvances.org, www.ash-sap.org and asheducationbook.hematology.org. For these Sites, we will continue to update you as the technical and compliance capabilities are enhanced and additional choices regarding the use of cookies becomes available to you.

Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. Our Services do not support Do Not Track requests at this time, which means that we collect information about your online activity while you are using our Services. We do not collect online activity after you leave our Services.

Third-Party Links and Websites

Our Sites may contain links to third-party services. While we endeavor to work with third parties that share our respect for user privacy, we are not responsible for the websites or privacy practices of such third-parties. In addition, this Privacy Policy is not intended to describe data handling procedures for information collected by other linked websites or business partners. You are responsible for knowing when you are leaving our Sites to visit a third party website and for reading and understanding the terms of use and privacy policy statements for each such third party.

Social Media and Community Platforms

Any information, communications, or material of any type or nature that you submit to the Sites (including, but not limited to, any ASH Sites contained on a social media platform or website such as Facebook, Instagram or Twitter) by email, posting, messaging, uploading, downloading, or otherwise (collectively, a Submission), is done at your own risk and without any expectation of privacy. ASH cannot control the actions of other users of any social media platform or website and ASH is therefore not responsible for any content or Submissions contained on such sites and platforms. By visiting any ASH Site that is contained on a social media platform or website, you are representing and warranting to ASH that you have reviewed the applicable Privacy Policy and terms of use of such platform or website and that you will abide by all such provisions contained therein. We may provide public areas on our services, such as forums and chat rooms, where you can post information about yourself and others. Please exercise discretion and use caution with respect to your information, especially in such public areas. We do not control who reads postings on our services, or how they may use or disclose such information. If you choose to voluntarily disclose information on public portions of our services, that information will be publicly available and can be collected and used by others. For example, if you post your email address, you may receive unsolicited messages. PLEASE BE EXTREMELY CAREFUL WHEN DISCLOSING ANY INFORMATION ABOUT YOURSELF OR OTHERS IN PUBLIC AREAS OF OUR SERVICES. WE ARE NOT RESPONSIBLE FOR THE USE OR DISCLOSURE OF SUCH INFORMATION.

How We Protect Your Information

ASH maintains reasonable and appropriate measures to protect your information from loss, misuse and unauthorized access, disclosures, alterations and destruction taking in to account the risk involved in the processing and the nature of PII. Unfortunately, no site, server or database is completely secure or "hacker proof." We therefore cannot guarantee that information about you will not be disclosed, misused or lost by accident or by the unauthorized acts of others.

California Residents Rights (As provided by California Civil Code Section 1798.83)

A California resident who has provided personal information to a business with whom he/she has established a business relationship for personal, family, or household purposes ("California customer") is entitled to request information about whether the business has disclosed personal information to any third parties for the third parties' direct marketing purposes. In general, if the business has made such a disclosure of personal information, upon receipt of a request by a California customer, the business is required to provide a list of all third parties to whom personal information was disclosed in the preceding calendar year, as well as a list of the categories of personal information that were disclosed.

California customers may request further information about our compliance with this law by e-mailing CustomerService@hematology.org. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this e-mail address.

Information Regarding Commercial Electronic Messages ("CEM") in Canada

Canada's Anti-Spam Law requires that the Company obtain the express consent of Canadian citizens before sending an electronic message such as an email that contains a promotion about our products. We will ask you for your explicit consent when you provide us with your email address or other personal information through which we intend to encourage your participation in a commercial activity, such as a promotion for our products.

If you explicitly consent to receiving CEM, each communication sent to you will contain an option to unsubscribe to the communications or to revoke your consent to receive CEM. Alternatively, you can contact us at the address or email provided below in the "Contact Us" section to be removed from our mailing lists.

General Data Protection Regulations (GDPR)

In the event that we collect Personal Data (as defined in the GDPR) that is subject to the GDPR, this section will apply. Terms in this section are to be understood in a manner consistent with GDPR including the definition of such term in the GDPR. Such term may have a different definition or meaning in other portions of this Privacy Policy because GDPR may not apply to those sections.

Identification of Data Controller:

The Data Controller is the American Society of Hematology. ASH is located at 2021 L Street NW in Washington, DC. You may contact the ASH Customer Relations Department by phone, please call 866-828-1231 (U.S. toll free) or 001-202-776-0544 (for International callers), Monday through Friday from 8:30 a.m. to 5:00 p.m. Eastern time.

Identification of Data Protection Officer and Contact Details

You may contact the Data Privacy Officer by phone, 001-202-776-0544, Monday through Friday from 8:30 a.m. to 5:00 p.m. Eastern time, by email: dpo@hematology.org or by mail at 2021 L St., NW, Suite 900, Washington, DC 20036.

Identification of Primary Member State Supervisory/Data Protection Authority

You have the right to lodge a complaint regarding the processing of your Personal Data with us by contacting our Data Protection Officer listed above. You also may lodge a complaint with the Data Protection Authorities in the Member State where you habitually reside, work, or where an infringement occurred. You can find a list of Data Protection Authorities here.

Identification of Data Protection Representative

We have appointed DPR Group as our Data Protection Representative in the European Union so that you can contact our Representative directly in your home country. DPR Group has locations in each of the 28 EU countries.

If you want to raise a question to ASH, or otherwise exercise your rights in respect of your personal data, you may do so by contacting our Data Protection Officer listed above or by:

  • sending an email to DPR Group at hematology@dpr.eu.com,
  • contacting DPR Group on its online webform at www.dpr.eu.com/ hematology, or
  • mailing your inquiry to DPR Group at the most convenient of the addresses set forth below.

PLEASE NOTE: when mailing inquiries, it is ESSENTIAL that you mark your letters for “DPR Group” and not “American Society of Hematology” or your inquiry may not reach us. Please refer clearly to American Society of Hematology in your correspondence. On receiving your correspondence, ASH is likely to request evidence of your identity to ensure your personal data and information connected with it is not provided to anyone other than you.

If you have any concerns about how DPR Group will handle the personal data it will require to undertake its services, please refer to DPR Group’s privacy notice at https://www.dpr.eu.com/legal-privacy.

Country Address
Austria DPR Group, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
Belgium DPR Group, Place de L'Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium
Bulgaria DPR Group, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria
Croatia DPR Group, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia
Cyprus DPR Group, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus
Czech Republic DPR Group, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic
Denmark DPR Group, Lautruphøj 1-3, Ballerup, 2750, Denmark
Estonia DPR Group, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia
Finland DPR Group, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland
France DPR Group, 72 rue de Lessard, Rouen, 76100, France
Germany DPR Group, 3rd and 4th floor, Altmarkt 10 B/ D, Dresden, 01067, Germany
Greece DPR Group, 24 Lagoumitzi str, Athens, 17671, Greece
Hungary DPR Group, EMKE Building, Rákóczi Út 42, Budapest, 1072, Hungary
Ireland DPR Group, Phoenix House, Monahan Road, Cork, T12 H1XY, Republic of Ireland
Italy DPR Group, BPM 335368, Via Roma 12, 10073 , Ciriè TO, Italy
Latvia DPR Group, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia
Lithuania DPR Group, Vilniaus g.31, Vilnius, LT- 01402, Lithuania
Luxembourg DPR Group, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg
Malta DPR Group, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta
Netherlands DPR Group, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands
Poland DPR Group, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland
Portugal DPR Group, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal
Romania DPR Group, World Trade Centre, Piata Montreal no 10, Entrance F, 1st Floor, Sector 1, Bucharest, 11469, Romania
Slovakia DPR Group, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia
Slovenia DPR Group, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia
Spain DPR Group, Puerta de las Naciones, Ribera del Loira 46, Madrid, 28042, Spain
Sweden DPR Group, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden
United Kingdom DPR Group, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom

Processing Purposes:

ASH processes your Personal Data for the following lawful purposes and based upon the legal justification set forth in the parenthetical:

      Your submission of Personal Data to complete your membership application. (CONSENT)
      Your submission of Personal Data to complete the sale of ASH publications, Webcasts and to obtain CME Test Credit. (CONTRACT)
      Processing Personal Data associated with your participation as a Speaker or in association with your submission of content for ASH’s annual meeting (CONSENT)
      Your submission of Personal Data for Registration at ASH’s annual meeting. (CONSENT)
      Your submission of abstracts for ASH’s “Blood” publication (CONSENT)
      Your submission of Personal Data to our third party vendors for enrollment in our awards program (CONSENT, CONTRACT)
      Your submission of Personal Data to our third party vendors for services like our Resume Listing Feature. (CONSENT)

Legal Basis for Processing:

We process your Personal Data with your consent or subject to the performance of a contract to which you as the data subject are a party or alternatively in order to take steps at your request to enter into an agreement with ASH. You have the right to withdrawal your consent at any time. The Personal Data collected by ASH originates from the individual providing his/her Personal Data (either directly or through a clinical site) or, in the cases of the submission of abstract data, from such individual and other publically available sources.

Categories of Personal Data:

Generally, we collect the following data elements from you when we process your Personal Data for the purposes we described in this policy. We process:

  • Your first and last name
  • Date of birth
  • A description of your professional associations and affiliations
  • Your clinical and research interests
  • Partial credit card information as part of a tokenized payment transaction
  • Abstract text and image data from abstracts you submit or share with ASH

Recipients of Personal Data:

We share your Personal Data with our third party vendor partners on the basis of the consent you provide to us or in order to fulfil our contractual obligations as part of the services we provide to you when you decide to engage with us. The recipients of your Personal Data include our third party data processors, which include but are not limited to our software as a service partners consisting of our third-party database administrators, lead management vendors, third party application developers, attendee, exhibitor and registration vendors, and third party digital content managers. When we share your Personal Data with these third party vendors, we do so subject to a Data Protection Agreement to ensure that they are in compliance with the requirements of the GDPR.

These recipients process Personal Data for the below purposes:

Processing Purposes:

  • To fulfill a service to you in furtherance of your choices in order to fulfil the terms of a contractual agreement between you and ASH.
  • Subject to your choices, in order to offer you products from our affiliates, strategic partners, agents, or from third-party marketers and other unaffiliated parties that we believe may be of interest to you, or to assist such parties for research, administrative, and/or business purposes.
  • Subject to the execution of a data protection agreement, to unaffiliated third-party service providers, agents, or independent contractors who help us maintain our services and with other administrative services (including, but not limited to, order processing and fulfillment, providing customer service, maintaining and analyzing data, sending customer communications on our behalf, and entry collection, winner selection and prize fulfillment for contests, sweepstakes, and other promotions).
  • To comply with law, or in the good faith belief that such action is necessary to conform to the requirements of law, or comply with legal process served on us, and to protect and defend our rights or property, including our rights and property and our services, or act in urgent circumstances to protect the personal safety of you and our other visitors. To the extent permitted, ASH will inform Data Subjects before making such disclosure and provide it with a reasonable opportunity to object to such disclosure.
  • To third parties as part of a corporate reorganization process including, but not limited to, mergers, acquisitions, and sales of all or substantially all of our assets. To the extent permitted, ASH will inform Data Subjects before making such disclosure and provide it with a reasonable opportunity to object to such disclosure.
  • Subject to your choices and your consent to track and analyze non-identifying, aggregate usage and volume statistical information from our visitors and customers and provide such information to third parties.

Onward Transfer:

ASH will not disclose Personal Data to a third party except as stated below:

ASH may disclose Personal Data to subcontractors and third-party agents. Before disclosing Personal Data to a subcontractor or third-party agent, ASH will obtain assurances by contractual agreement from the recipient that it will: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the subcontractor or third-party agent is obligated to provide at least the same level of privacy protection as is required by the GDPR; (iii) take reasonable and appropriate steps to ensure that subcontractors and third-party agents effectively process the personal information transferred in a manner consistent with the organization’s obligations under the GDPR; (iv) require subcontractors and third-party agents to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the GDPR; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with subcontractors and third-party agents to the Supervisory Authorities upon request.

ASH may also be required to disclose, and may disclose, Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements, or in the event of a merger or acquisition.

Data Integrity:

ASH is responsible for ensuring that (a) Personal Data collected is accurate, complete, current and reliable for its intended uses; and (b) Personal Data is retained only for as long as is necessary to accomplish the legitimate business purposes disclosed to the Data Subject and for any compatible purposes. ASH will cooperate with reasonable requests for assistance in meeting these obligations.

Retention of Personal Data:

Personal Data obtained by ASH is adequate, relevant and not excessive in relation to the purposes described in this Privacy Policy. The Personal Data is processed for purposes specified herein and will only be processed consist with these purposes described herein. ASH will request only the minimum amount of information required to perform the applicable services and will retain such information only for as long as necessary to provide the services or for compatible purposes, such as to provide additional services, to comply with legal requirements, or to preserve or defend ASH’s legal rights.

Right of Access to your Personal Data

Data Subjects have the right to access the Personal Data an organization holds about them. If such Personal Data is inaccurate or processed in violation of the GDPR, a Data Subject may also request that Personal Data be corrected, amended, or deleted. When ASH receives Personal Data, it does so on behalf of the individual submitting such Personal Data. To request access to, or correction, amendment or deletion of, Personal Data, Data Subjects should contact ASH’s Data Protection Officer. ASH will cooperate with all reasonable requests to assist Data Subjects to exercise their rights under the GDPR.

Choice

Data Subjects have the right to opt out of (a) disclosures of their Personal Data to third parties not identified at the time of collection or subsequently authorized, and (b) uses of Personal Data for purposes materially different from those disclosed at the time of collection or subsequently authorized. Data Subjects who wish to limit the use or disclosure of their Personal Data should submit that request to ASH’s Data Protection Officer. ASH will cooperate with the Data Subjects’ instructions regarding Data Subjects’ choices.

Security:

See “How We Protect Your Data” above for further information about our security practices.

Transfers to the United States from the European Union:

ASH is a 501(c)(3) non-profit organization under Massachusetts law and is not subject to the jurisdiction of the Federal Trade Commission and is therefore ineligible to participate in the Privacy Shield. In using the Sites, your Personal Data will be transferred to the United States, which is not recognized as a country having adequate safeguards for the protection of Personal Data. ASH relies on Article 49 of the GDPR for transfers data collection from Data Subject in the EU and EEA. Transfers are made to ASH only if the data subject has explicitly consented to the proposed transfer after having been informed of the possible risks of such transfers. Additionally, ASH transfers data as necessary for the performance of a contract between you as the data subject and ASH as the Controller, to data processors who have an agreement with ASH that includes protecting your privacy and the security of your data, and in cases where your Personal Data is necessary for the implementation of pre-contractual measures taken in accordance with your requests. Finally, ASH transfers Personal Data in order to advance the science of Hematology, which is important to the interests of the public.

Last Modified: April 22, 2019.

back to top