The Multinational Association of Supportive Care in Cancer respects your privacy and is committed to protecting your Personal Information (defined below). This privacy notice will let you know how we collect, use, process, maintain, and share your Personal Information on and offline, as well as your choices regarding the use, access, and correction of your Personal Information. What Personal Information we collect may vary based on your interaction with us and requests for our Services.
We encourage you to read this privacy notice together with any other privacy notice we may provide on specific occasions when we are collecting or using Personal Information about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
This privacy notice is provided in a layered format so you can click through to the specific areas set out below.
I. Important Information and Who We Are
II. Categories of Personal Information We May Gather About You
III. How Your Personal Information is Received, Collected, and Used
IV. How We Might Use Your Personal Information
V. Who We Might Share Your Personal Information With
VI. International Transfers (EU/EEA, UK, and Other Applicable Jurisdictions)
VII. Data Integrity and Security
VIII. Minimization, Retention, and Deletion of Personal Information
IX. EU/EEA-Specific and UK-Specific Clauses
X. Acceptance and Changes to This Policy
I. Important Information and Who We Are
As a not-for-profit organization, the Multinational Association for Supportive Care in Cancer (“MASCC”, “we”, “us” or “our”) uses Personal Information to advance its mission to promote optimal supportive care for all people around the world who are experiencing cancer, its treatment, or its long-term effects. This Privacy Notice aims provide information on how MASCC receives, collects, and processes your Personal Information in connection with our website mascc.org, mobile applications (or “apps”), and tools (including the MASCC Antiemesis Tool (MAT), the MASCC Oral Agent Teaching Tool (MOATT), MASCC EGFR Inhibitor Skin Toxicity Tool (MESTT), Annual Meeting apps and our clinical apps), social media channels, electronic newsletters, and other MASCC Digital Properties (“Digital Properties”), our journals (e.g., Supportive Care in Cancer), magazines, newsletters and our other print publications, our fundraising, volunteering activities, study groups, grants, and any of our other products or Services (for example, our conferences meetings, and other events, marketing and promotions, surveys, research, and the like). These are collectively referred to as “Services” throughout this privacy notice. Data and privacy laws in certain jurisdictions differentiate between the “controller” and “processor” of information. MASCC is the controller and responsible for its websites.
“Personal Information” is information that can be used to identify you, directly or indirectly, alone or together with other information. Personal Information may include, but is not limited to, your first and last name, credentials and profession, physical addresses, telephone and fax numbers, e-mail addresses, company affiliations and associated interests. It may also include your history of transactional activities that you had on our Digital Properties. It does not include data in which the identity has been removed (anonymous data). Certain information may not be personally identifiable when standing alone (e.g., your age), but may become so when combined with other information (e.g., your age and name).
Children’s Online Privacy Protection
Our Digital Properties and Services are not designed or intended for children under the age of 13. In accordance with the United States of America Children’s Online Privacy Protection Act and other comparable laws, as applicable, we do not knowingly collect or store any Personal Information for children under the age of 13. If you are under 13, please do not provide us any personally identifying information.
Third-Party Links and Applications
Our Digital Properties may include links to third-party websites, platforms, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites, platforms and applications and are not responsible for their privacy statements. We encourage you to read the privacy notice of every website you visit or application you use when you use or enable these platforms and applications or leave our Digital Properties.
II. Categories of Personal Information We May Gather About You
We may collect, use, store and transfer different kinds of Personal Information about you which we have grouped together follows:
Identity Data (For example, your first name, maiden name, last name, username or similar identifier, birth year, gender, title, government issued IDs, or other demographic information.)
Contact Data (For example, your billing address, delivery address, email address and telephone numbers.)
Financial Data (For example your bank account and payment card details.)
Transaction Data (For example, details about payments to and from you and other details of Services you have purchased from us, taxes, spending habits.)
Technical Data (For example, your internet protocol (IP) address, internet service provider (ISP), your login data, browser type and version, browser language, referring/exit pages, operating system, date/time stamp, clickstream data, time zone setting and basic geolocation, device type, unique device identifiers, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Services and Digital Properties.)
Location Data (For example, if a meeting lanyard has a QR code and you permit us to scan that, or if you use our mobile applications and permit certain precise location settings and permissions, you consent to providing us with access to your precise geolocation information—such as information based on your GPS coordinates—so that we can deliver customized content to you based on your current location. You may withdraw this consent at any time by turning off those same settings and permissions in your app and mobile device, but such withdrawal will not affect the lawfulness of processing the previously collected information.)
Usage Data (For example, information about how you use our Digital Properties and Services, including, for example, if you contact MASCC, we may log information about the means through which you contacted us and our interaction with you.)
Profile Data (For example, your username and password, purchases or orders made by you, your interests, preferences, feedback and identified-survey responses; country of origin; job information; preferences; behavioral; character; professional; social status; demographics; ownership, e.g., cars, houses, apartments, personal possessions.)
Marketing and Communications Data (For example, your preferences in receiving marketing from us and our third parties, if any, and your communication preferences.)
Credit History (For example, we may collect your credit information when conducting due diligence for fundraising or employment purposes.)
Employment Information (For example, you may be asked to provide your past and current employment history when applying or volunteering for a position with MASCC or participating in our Study Groups. We may also collect your employment information when conducting due diligence for efficient fundraising purposes or to learn more about our existing and potential supporters.)
Image and Voice Recordings (For example, if you attend or participate at one of our meetings, you may be photographed.)
Educational & Training Data (For example, you may be asked to provide information about your education and training when applying or volunteering for a position with MASCC or participating in our Study Groups. We may also collect your this information when conducting due diligence for efficient fundraising purposes or to learn more about our existing and potential supporters.)
Family Circumstances (For example, we may collect your information when conducting due diligence for fundraising purposes or to learn more about our existing and potential supporters. You may also provide us with this information if, for example, you are part of a Study Group.)
Health Information (For example, you may share your dietary requirements or access needs/accommodations when attending one of our events.)
We also collect, use and share Aggregated Data, such as statistical or demographic data, for any purpose. Aggregated Data may be derived from your Personal Information but is not considered Personal Information in law, since this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. Or we may aggregate information about our members or supporters to provide materials and external reports or to better fundraise. However, if we combine or connect Aggregated Data with your Personal Information so that it can directly or indirectly identify you, we treat the combined data as Personal Information, which will be used in accordance with this Privacy Notice.
Personal Information does not include, and this Privacy Notice does not cover, data from which individual persons cannot be identified, where the identity of an individual has been irretrievably removed, or situations in which personal information is anonymized.
Special Categories of Data (EU/EEA, UK, and Other Applicable Jurisdictions)
Generally, we do not collect any Special Categories of Personal Information about you (including details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data), nor any information about criminal convictions and offenses, in connection with our Services and Digital Properties. However, there may be times where we do need such information. For example, we may need to run a background check if you are volunteering with us, or if we need to conduct due diligence for certain donations. Or, for example, if you attend one of our conferences and have accessibility requests or dietary restrictions, which requires us to use that information. Where required to do so under applicable data protection laws, we will rely upon the appropriate lawful basis for using such Special Categories of Personal Information, and we will either notify you and do so on the basis of your explicit consent or another legal basis afforded to us under law.
If You Fail to Provide Personal Information
Where we need to collect Personal Information by law, under the terms of an agreement we have with you, for our legitimate interests, or other applicable lawful bases and you fail to provide that information when requested, we may not be able to perform our Services with or for you, process a donation being made by you, or otherwise fulfill or meet your request. We will notify you if this is the case at the time.
III. How Your Personal Information is Received, Collected, and Used
There are different ways that we may collect information about you, but generally we will collect your Personal Information from either you (directly or indirectly), third parties, or public resources. For example, we may collect (directly, indirectly, or from other sources) and use your Personal Information in different situations, including the following.
- Directly from You. We may collect your Personal Information directly or indirectly from you, offline or online. For example, you may provide us with your information when you set up a membership account or register for and attend an event, when you volunteer or work with us, make a donation, join a study group, use our Services, participate in a survey, request information or order products from us, or otherwise communicate with us. Depending upon your device and browser settings, we collect your personal information, including information about your device, via cookies and tracking mechanisms.
- Information from Third Parties. We may receive your Personal Information from third parties, offline or online. For example, in order to efficiently fundraise, we may receive Personal Information about past, current, or prospective supporters from professional fundraising agencies. Similarly, we may receive your Personal Information from independent event organizers (for example, if you participate in a charitable event on our behalf, Professional Conference Organizer database), independent fundraising websites, or the like. Or, you may apply to volunteer or work with us through a third-party entity or website, which in turn provides your Personal Information. We also partner with other organizations or businesses, such as the Springer, American Society of Clinical Oncology, and we may receive your Personal Information through those relationships (for example, if you have a joint membership with NICSO). As is the case with most organizations, MASCC uses subcontractors and vendors to assist with our technology, security, payment processing, order fulfillment, delivery, advertising/marketing, analytics, and other business services which, in the course of acting on our behalf, may provide us with your Personal Information. We may receive your Personal Information if you are a researcher, clinician, or other professional that a third-party recommends to us for involvement with MASCC, such as an event speaker, a member, researcher, or the like. For example, you may be recommended by your institution, a current MASCC member (an Ambassador), or one of our event partners. We may also receive your Personal Information from a third party, such as a principal investigator, institution, reviewers, or advisors, if you are a researcher and it is in connection with a grant or a clinical trial. Another third-party source of your Personal Information may be through social media, which depends on your privacy settings with that third-party platform.
Public resources. We may also collect your Personal Information from public resources, usually used to supplement Personal Information we have received from our members, supporters, volunteers, research partners, and staff, but may also be of prospective supporters, volunteers, or research partners in order to efficiently fundraise or to identify individuals who will help advance our mission. For example, we may collect Personal Information from corporate healthcare institutions or university websites, charity or research websites and curated databases, annual reviews, mailing change of address lists, electoral registers, news or journal websites, or other similar publicly available resources.
IV. How We Might Use Your Personal Information
- To Provide Services or Products. We may collect your Personal Information to advance our mission, maintain, support, personalize, and improve our Services (including products and Digital Properties), deliver and provide the requested Services, communicate with you about those Services (including to request feedback) or participation in surveys, facilitate your donation, discuss your account, renew your membership, and comply with and enforce contractual obligations. This includes, for example, to help manage transactions, set up or renew user accounts, reporting, invoices, subscription renewals, and other operations related to providing Services. And, it may also enable us to send you notifications about product and service changes, updates, fixes, patches, or other similar operational (non-marketing) communications.
- To Provide Processing Services on Behalf of a Third-Party Organization.> For example, when you receive a joint membership with MASCC and another, third-party organization (e.g., NICSO), or in order to be a member of ISOO (International Society of Oral Oncology), where we provide your information to ISOO when you choose the option to join ISOO. This necessitates that we use and share your information with the ISOO Board of Directors and special committee members.
- To Provide Relevant News and Developments about MASCC Services That May Be of Interest to You. When you sign up to use or receive our Services (for example, our newsletters or journals, or join our Study Groups or other networks, research, apps and tools, events, and the like), we may collect and use your Personal Information necessary to provide you with information about a new or improved Service (including products) similar to that which you may already receive, major changes to MASCC properties, an upcoming event, or other necessary marketing communications on our behalf. We may share your Personal Information with third-party service providers to facilitate these communications on our behalf and at our direction. We may also obtain information about you from other companies that have your permission to share that information, as well as from other online and offline sources, which we may then combine with information that we collect directly and indirectly from you, for these purposes. Opting Out: If you wish to discontinue receiving these marketing messages sent by us, simply (a) follow the unsubscribe options at the bottom of the email, (b) manage your Profile settings in your account and go to Edit Profile. Under My Profile, select Contact Preferences) or (c) email us at email@example.com with the subject line “OPT OUT.” If you wish to opt out of receiving any direct mail or telephone solicitations from the MASCC, you may notify us by or emailing firstname.lastname@example.org with the subject line “OPT OUT.” Please note that, in such cases, it will remain necessary for us to process your Personal Information to the extent that it is needed to maintain a suppression list, and we may also be required to disclose your opt-out information to third parties so that they can suppress your name, from future solicitations. Also, if you are a member or subscriber to our products or Services, you will continue to receive information and communications pertaining to your MASCC account and/or MASCC Services, even when you have opted out of marketing communications.
- To Provide Information about Different MASCC Services and Third-Party Marketing. When you sign up to use our Services, with your consent, we may use your Personal Information to communicate with you about different products and Services that may be of interest to you, and which may be provided by MASCC, or by our advertisers, partners, marketing partners (defined below), event and meeting partners, and professional conference organizer or other third parties. These marketing communications may come from MASCC or from the third parties. Unless otherwise required by applicable law, we will not use your phone number to initiate a call or text message exchange for direct marketing purposes with you, without your express prior consent.
Withdrawing Consent: You can manage which communications you would prefer to receive, or elect not to receive these direct marketing communications, or have your Personal Information not shared with third-party partners providing the marketing communications, by (a) not initially selecting the option provided to receive such communications, (b) using the unsubscribe link in a direct marketing email, (c) editing your Profile (Log into your account on your computer or tablet (currently not available on smartphones) and go to Edit Profile. Under My Profile, select Contact Preferences) or (d) emailing us at email@example.com with the subject line “CHANGES TO COMMUNICATIONS & DIRECT MARKETING COMMUNICATIONS.” If you wish to opt out of receiving any direct mail or telephone solicitations from MASCC, you may notify us by emailing firstname.lastname@example.org with the subject line “OPT OUT OF DIRECT MAIL.” Please note that, in such cases, it will remain necessary for us to process your Personal Information to the extent it is needed to maintain a suppression list, and we may also be required to disclose your opt-out information to third parties so that they can suppress your name, from future solicitations. Also, if you are a subscriber to our products or Services, you will continue to receive information and communications pertaining to your MASCC account and/or MASCC Services even where you have opted out of marketing communications.
- Inquiry/Request Response.
- Processing of Orders. We may use Personal Information when you submit an order, purchase, or other transaction through our Digital Properties or by other means, such as over the phone or mail, or otherwise intend to take advantage of our Services. In order to process these orders and manage your payment methods, it may be necessary for us to share your information with a third-party service provider and/or to combine your information with other information we have collected from you, third parties, or public sources. For example, in order to confirm and verify that the information you are providing to us is current and accurate, or to securely process your payment information.
- Processing Applications for Fundraising/Funding/Grants and for Administration of our Role in the Projects We Fund.
- Administer Donation, Legacy, or Support Fundraising.
- Building Supporter/Member/Researcher Profiles. Cost-efficient and successful fundraising is critical to our operations and the advancement of our mission. This requires that we understand not just our past and existing supporters and members, but prospects as well—which is accomplished by the thoughtful and effective process of building supporter profiles, using the information that we receive from our supporters and members and combining it with information from third parties and public resources. We will always take into consideration our supporters’ and members’ communication preferences when undertaking this process.
Opting Out: You are free to opt out of this activity at any time. If you wish to do so, simply edit your Profile settings in your account. (Log into your account on your computer or tablet (currently not available on smartphones) and go to Edit Profile. Under My Profile, select Contact Preferences.) Or you can email us at email@example.com with the subject line “OPT OUT.” Please note that, in such cases, it will remain necessary for us to process your Personal Information to the extent that it is needed to maintain a suppression list, and we may also be required to disclose your opt-out information to third parties so that they can suppress your name, from future profiling building.
- Conduct Due Diligence and Ethical Screening. We may be required to conduct due diligence and ethical screening for efficient fundraising purposes or to learn more about our existing and potential supporters.
- Generate Reports on Work, Services and Events Provided. We may be required to analyze statistical, demographic information for reports on the association or events, understand usage and traffic trends to report on our membership and Services reach for reporting.<
- Apply for Grant(s) or Funding. We may be required to provide information such as, but not limited to, credential, names, employment information, education and training data when applying for grants or funding (for example, we may provide this information for an educational grant or a specific session if a member is speaking at the session where a grant or funding is requested).
- Participating in Promotions. We may use your personal information to process and fulfill sweepstakes, giveaways, contests, or other promotional events in which you participate.
- Surveys, Feedback, Reviews, Testimonials, and Exemplars. For example, we use your Personal Information when you choose to engage with us in a consumer panel, online reviews, survey, or otherwise give us feedback. Also, we may use member or volunteer testimonials or exemplars in or on our Digital Properties, publications, or other MASCC marketing materials, which may require the inclusion of Personal Information, such as your name, photograph, or other identify or Profile Data.
- Monitor Digital Properties Usage, Trends, and Experience. As is true with most websites and digital properties, when you interact with our Digital Properties, or by email, we may automatically collect, or facilitate the collection of, Personal Information on your interactions with us and our Digital Properties and about your equipment. For example, we may collect Personal Information by using first-party and third-party cookies, Flash cookies, HTML5 local storage, server logs, web beacons, clear gifs, and other similar technologies. We use these automated technologies and the Personal Information collected for different purposes.
For example, some are strictly necessary for the core functionality of our Digital Properties and for providing our Services, including performance analytics, personalization, and in order to provide secure Digital Properties and Services, and automatically deployed. We may tailor your interactions with our Digital Properties when you are logged in using your user account by remembering information you entered on our websites or to provide information you requested on our Digital Properties, including subscriber content access. They also help us know where you have indicated certain cookie and advertising preferences, including refusals, to ensure that your preferences are honored.
We also use functional cookies and technologies to help us improve our Digital Properties and Services, as well as member and visitor relationships and experiences. For example, we may use third-party applications and automated technologies, such as Google Analytics, to determine how often our members and visitors access or read our content, so that we can enhance our Services, provide the most interesting content, and identify what pages are most visited, content downloaded, and timing of when individuals are accessing the content to improve content accessibility and readership. You can learn more about Google Analytics here.
California Privacy Rights. In compliance with California AB 370, Section 22575, MASCC has a responsibility to inform you that our websites do not take any specific automated action in response to browser “Do Not Track” signals or other similar mechanisms (collectively, “DNT Signals”). As specified above, there are certain actions that you can take to restrict or eliminate the use of tracking technologies within our websites, however no actions are taken automatically in response to DNT Signals.
Vendors, Consultants, and Other Service Providers. We may receive your Personal Information from various third parties and public sources in connection with the operation of our business and the Services we provide you, including for the functionality and security of our Digital Properties and other MASCC properties, to satisfy legal obligations or enforce legal rights, to enhance and otherwise improve our Digital Properties, Services and content, to provide you with enhanced experiences, and to advance the MASCC mission. These third parties and public sources could include our business partners, subcontractors in technical, payment, delivery, meeting, event and conference, marketing and advertising, recruiting services, analytics providers, search information providers, social media platforms, credit reference agencies, or (if you are applying for a job) background checking agencies.
- Third-Party Sites. We may allow you to register and pay for third-party products and services or otherwise interact with a third party’s website, mobile application, or digital property (collectively “Third-Party Sites”) through our own websites, apps, or Digital Properties. For example, if you are at our events calendar and choose a conference to browse you will be redirected to the event’s respective site. When doing so, we may collect Personal Information that you share with Third-Party Sites depending upon that Third Party’s privacy practices and, possibly, your privacy settings with that Third Party. We do not control these third-party websites, platforms and applications collecting your Personal Information and are not responsible for their privacy statements. We encourage you to read the privacy notice of every website you visit or application you use when you use or enable these platforms and applications or leave our Digital Properties. Some sections of our websites are operated by third parties.
- Marketing Research/Statistics. We may use your Personal Information as necessary to help us and our third-party marketing partners acting on our behalf (“Marketing Partners”) fundraise, research and develop new products, services, updates, generate support or the like on our behalf. For example, we may analyze statistical, demographic, and marketing information for new areas of research development or study, meeting topics, or to understand usage and traffic trends to grow our membership and Services reach, or to improve our relationship with you. Or we may collect and use your Personal Information to gauge the effectiveness of our communications and marketing campaigns, as well as news and website content.
- Marketing and Advertisers. We may use your Personal Information and share that information with third-party advertisers or sponsors, for example at our events, in order to support and grow membership and advance our mission, as well as bring you relevant content and information. For example, your Personal Information may be used to inform sponsors about the nature of our membership base and the number of unique members affiliated with a particular study group. We may also use your Personal Information to publish summary information regarding, for example, our membership base, volunteers, researchers, or the like, for promotional purposes and as a representative supporter base.
- When We Provide You Geographically Relevant Services, Offers, or Marketing. With your consent, which may be provided when you enable certain features on your mobile or electronic device, we may collect and use your Location Data, and use such data to provide you with content, Services, offers, or marketing through your app or device that are relevant to your precise location. We may also use such information to improve our Digital Properties, content, and Services. You may have the right to withdraw your consent at any time by changing the settings on your app but such withdrawal will have no impact on the lawfulness of the prior processing. Please note that some features and functions may not work properly if location services is/are disabled.
- Events. We may use your Personal Information when you register for or attend a meeting, conference, presentation, or other event hosted or sponsored by us. If the event is in partnership with a third party or is being facilitated by a third party, we may share your Personal Information with that interested party, for example, so that they have an attendance list, or if they need to contact you with event details. In some cases, you may sign up directly with the third party that is facilitating the event on our behalf (for example, the MCI Group – website here) and we are then provided your Personal Information from them. We may share your Personal Information with vendors, sponsors, speakers, and other third parties involved with the event. We will not share your information with them for their marketing purposes without your consent, which may be obtained at the time of your registration or through a supplemental privacy notice but will not be required in order to attend. We may also use Personal Information that you provide us which includes health information if, for example, you have dietary or access needs at the event. Our events and conferences may also make use of lanyard or badge tracking during our events such as the Annual Meeting. We may provide a special, dedicated third-party mobile application in association with the Annual Meeting and other association events.
- Online Forum Engagement. We may use your Personal Information when you engage with our websites, Digital Properties and online communities. We may provide, on our websites and Digital Properties, the ability to use your member profile to post comments and messages in chat rooms, discussion boards, online forums, and other interactive technologies that may be tied to your membership and/or username. Please be careful when posting Personal Information, since information you post in such community forums is public information and we cannot control how third parties may use the Personal Information you choose to share. This may also be when you interact with our social media pages, submit content, or otherwise enter information into comment fields, message boards, events, and other online forums sponsored by or affiliated with MASCC.
- Government Reporting/Audit/Requests Requirements. We may use or share Personal Information in order to satisfy governmental reporting, tax, and other requirements (e.g., import/export), as required by law. (This may include having to meet U.S. national security or law enforcement, regulatory, or self-regulatory requirements.)
- To Verify and/or Authenticate an Identity, Access Rights, Privileges, etc. For example, we may use Personal Information to authenticate and permit access to member, supporter, donor, event attendee, volunteer, job-candidate, and/or user account information.
- At Your Direction. We may collect and use your Personal Information at your direction or as otherwise needed to fulfill the purposes for which you provided the Personal Information or that were distributed when it was collected.
- Security. In order to protect the security and integrity of MASCC systems, facilities, and business operations, Personal Information may be used by us and shared with relevant non-MASCC parties. For example, when attending an event, we may be required to share your name and other Personal Information with security at the location or you may appear on CCTV.
- Other Business-Related Purposes. For example, other business-related purposes permitted or required under applicable local law and regulation or to enforce our agreements, policies, and terms of service.
- As otherwise obligated by law. For example, subpoena or similar legal process compliance, if we have a good-faith belief that the disclosure is legally necessary for the protection of rights, safety, or fraud investigations, to protect MASCC, you, our members, supporters, volunteers, researchers, partners and other pertinent parties or the public from harm or illegal activities.
- Emergency. To respond to an emergency which we believe in good faith requires us to assist in preventing the death or serious bodily injury of any person.
- Consent. If we otherwise notify you and you consent to the sharing.
- Staff Administration.
- Job Application.
- Internal Audits and Compliance Reviews.
V. Who We Might Share Your Personal Information With
Except as set out in this Privacy Notice or as required by law, we do not sell, license, rent, or swap your Personal Information without your permission. We may have to share your Personal Information with the categories and types of parties set out herein for the purposes outlined in Section IV. For example, we may share your Personal Information with organizations with which we have joint members (such as NICSO), with our subcontractors, service providers and vendors, with our Marketing Partners, social media platform providers, with our association partners (such as ISOO, ASCO, etc.) or research and analytics solution providers. We require all third parties to respect the security of your Personal Information and to treat it in accordance with the applicable law. Here are some examples of how we may share your information:
- Within MASCC. For example, your Personal Information may be shared within MASCC and its members to provide our Services and to better understand our business, analyze our operations, improve the Services, to develop new Services and areas of interest, to support our organization and advance our mission’s goals. In addition, we share Personal Information to provide members with information on the Services that we think are most relevant to them and to enable us to measure the success of our marketing activities.
- Service Providers and Vendors. Service Providers. For example, we contract with service providers to help us with credit card and bill processing, shipping and delivery, email distribution, list processing (such as Memberclicks), analytics, marketing management, meeting and conference facilitation (such as the professional conference organizers), and the contracted vendors. We provide service providers only with the information they need to perform their services. We prohibit them from sharing, reselling, or using our data for their own marketing purposes. For example, if you are a subscriber to our newsletters or a registered member of MASCC, we may share your email address with a service provider necessary to send you emails (including newsletters) on our behalf. That service provider may not share your email address or Personal Information with other companies and may only send you emails on behalf of MASCC. Other service providers may help us with delivering or shipping to you our print publications, books or other products you may order, and to ensure fulfillment of your orders and purchases. Another way we may share, or facilitate the sharing of, your Personal Information is with third-party retail or payment processing platforms or vendors in order to process and confirm payment or donation. Or, we may share your Personal Information with third party customer service providers and vendors that allow us to assist in answering your inquiries and complaints and address your technical issues, as well as to receive and collect your feedback on our Services, etc. As described in Section IV, we may also engage service providers to collect and analyze information about our members’, supporters’, and visitors’ use of our Digital Properties in order for us to improve our Services and grow our business.
- Social Media Platforms. We may use widgets and tools from third-party social media platforms on our Digital Properties to enable sharing and other functions through social media platforms, which facilitates the collection and sharing of your Personal Information by these social media platforms.
- Promotions, Contests, Surveys, and Events. We may facilitate the collection of your Personal Information by, or share it with, a third-party service provider, vendor, co-host, co-sponsor, or the like when we conduct, administer, host, or co-sponsor promotions, contests, surveys, or events.
- Marketing Partners. We share personal data with third parties for marketing and advertising, such as Google and Facebook, so they can assist us in promoting our Services on and off our Digital Properties to current and future members and supporters through targeted marketing.
- Funding Partners.
- Research or Industry Partners.
- Event Co-sponsors, Attendees, Delegates, Brand-activations.
- External Grant Reviewers.
- Academic and Commissioned Commercial Researchers.
- Auditors and Due Diligence.
- The Public (e.g., publishing a grant-holder name and application title on website).
- Merger or Acquisition Partners. We may share your Personal Information with third parties to whom we may choose to sell, transfer, or merge parts of our organization or our assets. Alternatively, we may seek to acquire other organizations or merge with them. If a change happens to our organization, then the new owners may use your Personal Information in the same way as set out in this privacy notice.
- With other third parties, as required for legal compliance, law enforcement, public safety, or security purposes. For example, we may disclose your Personal Information if we have a good faith belief that disclosure is necessary to comply with the law or with legal process, such as to comply with a subpoena, protect and defend our rights and property, to protect against misuse or unauthorized use of our websites, or to protect the personal safety or property of our users or the public. Or, for example, we may release Personal Information to comply with a court order or subpoena. Or, if you provide false information or attempt to pose as someone else, we may release Personal Information as part of any investigation into your actions.
California Privacy Rights. If you are a California resident, you have the right, under California Civil Code Section 1798.83, to request and obtain from us, once a year and free of charge, a list of the third parties to whom we have disclosed Personal Information for their direct marketing purposes in the prior calendar year. Please email requests for such information to firstname.lastname@example.org with the subject line “CALIFORINIA SECTION 1798.83 REQUEST.”
VI. International Transfers (EU/EEA, UK, and Other Applicable Jurisdictions)
MASCC is a nonprofit, tax-exempt 501(c)3 organization under United States law and many of our external third parties are based outside the EU/EEA. If you are a resident of the EU/EEA and the UK, in order to perform our contractual obligations with you, if any, as well as for operational and other legitimate interest reasons, we may process, store, and transfer Personal Information in a country which may be outside of your own, such as the United States, Canada, and Israel. By providing us with your Personal Information, you acknowledge such transfer of information out of your jurisdiction. If you do not wish for certain Personal Information to be so transferred, please do not provide your Personal Information to us and/or take such steps described herein to prevent the collection of your Personal Information. Please note that in doing so, and without such information, we may be unable to provide this Service to you. If you have any questions, please contact us.
VII. Data Integrity and Security
We have put in place commercially appropriate security measures to prevent your Personal Information from being accidentally lost, used, or accessed in an unauthorized way, altered or disclosed, and to maintain its accuracy and integrity. While no security is impenetrable, we implement and maintain commercially appropriate technical, physical, administrative, and organizational measures to ensure a level of security appropriate to the risk for our use of Personal Information, considering the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing. For Personal Information of EU/EEA and UK residents, we also consider the risk of varying likelihood and severity for the rights and freedoms of natural persons. We maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Information that we knowingly collect from you and to maintain the ongoing confidentiality, integrity, availability and resilience of our systems and Services. MASCC personnel receive training, as applicable, to effectively implement our privacy policies. We also employ access restrictions, limiting the scope of employees who have access to Personal Information and are subject to a duty of confidentiality. Only employees who need the information to perform a specific job are granted access to personally identifiable information and/or Personal Information.
MASCC has implemented physical and technical safeguards, online and offline, to protect Personal Information from loss, misuse, and unauthorized access, disclosure, alternation, or destruction. Despite these precautions, no data security safeguards guarantee 100% security all of the time. We have put in place procedures to deal with any suspected personal information breach and will notify you and/or any applicable regulator of a breach where we are legally required to do so.
VIII. Minimization, Retention, and Deletion of Personal Information
We will only retain your Personal Information for as long as necessary to fulfill the purposes for which we collected it, including, for example, for so long as we provide you with Services, and for the purposes of satisfying any legal requirements (including, but not limited to, enforcement of agreements or resolving disputes), or accounting or reporting requirements.
To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances, you can ask us to delete your data. See Request Erasure below for further information. When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it, or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible. If you wish to cancel your account or request that we no longer use your Personal Information to provide you Services, contact email@example.com with the subject line “CANCEL ACCOUNT.”
In some circumstances, we may anonymize your Personal Information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
IX. EU/EEA-Specific and UK-Specific Clauses
Lawful Basis for Processing (EU/EEA and UK)
Regardless of your jurisdiction, we will only use your Personal Information when the law allows us to. That said, if you are a resident of the EU/EEA or the United Kingdom, our lawful basis for collecting and using your Personal Information will depend on the Personal Information concerned and the specific context in which we collect it. Generally, we will not collect or access any Personal Information other than under the following circumstances:
- When we need to perform the agreement we are about to enter into or have entered into with you;
- When it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- When we need to comply with a legal, regulatory, or self-regulatory obligation;
- With your consent.
What we mean by legitimate interests is the interest of our business in conducting, managing, and growing our organization to enable us to advance the MASCC mission, to give you the best service/product and the best and most secure experience. We make sure to consider and balance any potential impact on you (both positive and negative) with your rights before we process your Personal Information for our legitimate interests. For example, Personal Information which may be necessary for the daily operation of MASCC’s Services, handling our supporters, members’ and volunteers’ inquiries, connecting members to one another, direct marketing of products and Services, completing transactions, making disclosures under the requirements of any applicable law, and the provision of our Services and products to our members, volunteers, and supporters’ (and which may be further described in Section V above). Without such information, MASCC may be unable to advance its mission, provide its Services and products to you, our members, supporters, volunteers and prospective members, supporters, volunteers and prospective members. We do not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your information. Please contact us if you need additional details about the specific legal ground we are relying on to process your personal data.
Where we rely upon your consent to process the Personal Information, you have the right to withdraw or decline your consent at any time.
We recognize and respect that your privacy and Personal Information is important, and that under circumstances you can make decisions about the Personal Information collected by us. Please keep in mind, though, that if you decide to not provide information required by us in order for us to provide a Service or product, your use, and our provision, of our Digital Properties or Services may be limited or impossible to facilitate.
Your Data Subject Rights (EU/EEA and UK)
Under certain circumstances, you have rights under applicable data protection laws with respect to Personal Information we knowingly collected.
- Request access to your personal data
- Request correction of your personal data
- Request erasure of your personal data
- Object to processing of your personal data
- Request restriction of processing your personal data
- Request transfer of your personal data
- Right to withdraw consent
We will try to comply with any of these requests pertaining to your Personal Information in accordance with applicable law. Please recognize that we may in certain circumstances be unable to provide the access or information sought, or correction or deletion requested. For example, we may be unable to fulfill a request if it requires us to release commercial confidential information, the disclosure of Personal Information relating to another person that is not the requestor, or would result in impracticability, excessive redundancy, and/or an undue burden or expense to MASCC. We may need to verify your identity before acting on your request. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
- Choice. MASCC enables its donors, subscribers, members, clients, and visitors the ability to determine certain privacy preferences that can serve to modify the Personal Information collected (for example, through email marketing preferences, browser cookies, settings, and location settings). However, cookies are very important for our Digital Properties to properly function and disabling or limiting their use may limit or interfere with your experiences or ability to access website features, functions, and customizations, particularly user accounts.
- Right to Access. A person who has provided his or her Personal Information directly to us may have certain access to that Personal Information and to check that we are lawfully processing it.
- Correction. You may request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. In making modifications to your Personal Information, you must provide only truthful, complete, and accurate information. In your request, please be as clear as possible about what Personal Information you have provided to us and what Personal Information you would like edited and/or updated. Additionally, you may review and update your membership or account information and access your transactions history by going to your account settings (My Account). Log in to your account at www.mascc.org on your computer or tablet (currently not available for smartphones) and go to Edit Profile. Here you can update and correct your Personal Information, subscribe to and unsubscribe from email newsletters, and manage your delivery options. Or you can contact our Privacy Manager at the above contact information.
- Erasure. In certain circumstances, you may request that MASCC delete or remove your personal data as permitted by applicable law. For example, when your personal data is no longer needed by MASCC, where you have successfully exercised your right to object to processing, if we processed your information unlawfully or where we are required to erase your personal data to comply with applicable law. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons about which you will be notified, if applicable, at the time of your request.
- Object to Processing. You may object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Restriction. You may request restriction of processing of your personal data which enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Transfer. You can request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw Consent. You may withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or Services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact our Membership/Privacy Manager at: Email: firstname.lastname@example.org with the subject line “DATA SUBJECT RIGHTS.”
Mail: MASCC, 1150 Walnut Street Newton, MA 02461, USA (Attention Privacy Manager).
X. Acceptance and Changes to this Policy
This Privacy Notice may be amended from time to time, consistent with the applicable data protection and privacy laws and principles. We will make staff, contractors, and members available of changes to this Privacy Notice either by posting to our intranet, through email, or other means. We will post those changes on our websites and in our apps so that you are always aware of what information we collect, how we use it, and under what circumstances we disclose it. We reserve the right to modify this Privacy Notice at any time, so please review it frequently. We will also notify you by email or a means of a notice on our websites and apps prior to the changes becoming effective, if we make changes that materially affect the way we handle Personal Information. If you do not wish your information to be subject to the revised Privacy Notice, you will need to deactivate with us and stop using our Digital Properties and Services. Your use of our Digital Properties and Services after the posting of such changes will constitute your consent to such changes.
By using MASCC’s Services and our Digital Properties, and/or submitting any of your Personal Information to us, you agree to the terms of this Privacy Notice. Please do not send us any Personal Information if you do not want that information used in this way.
XI. Whom to Contact If You Have Questions
For Questions or Concerns about this Privacy Notice or Our Security Practices
We have appointed a Membership/Privacy Manager who is responsible for overseeing questions in relation to this Privacy Notice and our security practices. If you have any questions or concerns about this Privacy Notice, or seek to exercise any of your statutory rights, please contact the Membership/Privacy Manager using the details set out below.
Mail: MASCC, 1150 Walnut Street Newton, MA 02461, USA (Attention Privacy Manager).
EU/EEA and UK Residents
Subject to applicable law, EU/EEA residents, including the United Kingdom, who believe we maintain their Personal Information within the scope of the applicable privacy laws have a right to make a complaint at any time to their local supervisory authority or to the Information Commissioners Office (ICO), the UK Supervisory Authority (www.ico.org.uk) for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Updates to Personal Information
If you would like to update the Personal Information that we have about you, or if you no longer desire our Services, you can update your Profile to manage your preferences. Log in to your account at www.mascc.org on your computer or tablet (currently not available on smartphones) and go to Edit Profile. Or contact our Privacy Manager at the above contact information.
If you would like to unsubscribe from our email lists, you can do so by editing your Profile. Log in to your account at www.mascc.org and go to Edit Profile. Under My Profile, select Contact Preferences. Or you can email us at email@example.com and provide all of your email addresses that could appear on our email lists, as well as the subject of the emails you are receiving from which you would like to unsubscribe with the subject line “UNSUBSCRIBE REQUEST.”
Approved by the Executive Board October 29, 2018