Security and Privacy Policy - CIMIT MAIN

Security and Privacy Policy

GAITS Security and Privacy Policy

Introduction

Guidance and Impact Tracking System (GAITS) websites (“Sites”) are CIMIT (sometimes referred to as “we,” “us,” or, “our”) hosted sites which are made available to you by CIMIT or an affiliated organization (“Sponsor”) to help accelerate a healthcare innovation into practice. “You,” “your,” or “Authorized End User” (“AEU”), refers to an individual who has access to the private side of any of a Site and “Guests” who may visit a public side of any Site.

A Site may disclose personal information (see the Personal Information section) of an AEU when required by law or in the good-faith belief that such action is necessary to conform to the edicts of the law or comply with a legal process involving the Site.

Collection and Use of your Personal Information

  1. Personal Information

This Site's registration form requires you to provide some limited Personal Information which will be used to identify you as a User. Such information may include your: full name, screen name, email address, and password. (“Personal Information”). You may also choose to provide optional information, such as address, gender, birthday, occupation, company, photos, or personal comments as part of your profile. You may update any of this information at any time by accessing your profile by clicking the "My Account” and selecting “Account Settings” in the navigation menu (“Menu” tab in upper right-hand corner). You may opt out of receiving email communications from any Site Application (such as Message Boards) by unsubscribing.

  1. Access to Personal Information

We provide Sponsors approved site administrators (“Admins”) with reasonable access to an individual’s Personal Information maintained within our System. In addition to your ability to update Personal Information within your profile; you can contact us for inquiries to correct, amend, or delete inaccurate Personal Information. However, we may deny access to Personal Information when providing such access is considered unreasonably burdensome, expensive, or as otherwise permitted under the Privacy Shield principles. See the Contacting the Site section for details on Sponsors resting access to an individual’s Personal Information.

  1. Use and Disclosure of Personal Information

Our Services helps Sponsors advance fundamental engagement to you as a Constituent. In support of our Sponsors, we collect demographic data, such as your first and last name, email address, and other contact information (postal address and telephone number) to authenticate and enhance targeted communication to meet the Sponsor’s objectives. Additionally, we will aggregate your Personal Information in an anonymous manner to compile statistical and performance information related to the operation of our System (“Aggregated Anonymous Data”). Aggregated Anonymous Data is used to create product and Service enhancements; provided, that such information does not incorporate any of our Sponsor’s data, your Personal Information, or additional data you and our Sponsors provide. Our use of your Personal Information and Aggregated Anonymous Data is strictly limited to the extent necessary to perform the Services for our Sponsors.

EU and Swiss individuals have rights to access their Personal Information, and limit use and disclosure such Personal Information. Unless authorized by you; we will not use or disclose your Personal Information or other data identifiable to you that are outside the original intent necessary for our Site. As noted in the Access Personal Information Section above; individuals have the ability request access, limit our use or disclosure (opt out) through Customer Support (see Contacting the Site section). We will work with your Sponsor for any individual inquiry or opt out request received. Additionally, we may disclose your Personal Information if we are required to do so under applicable law, public authorities, enforceable government request, meet national security, or when we believe disclosure is necessary to prevent harm or financial loss or in connection with suspected or actual illegal activity.

As noted in our Personally Identifiable Information section below, we do not collect sensitive personal information; including, but not limited to, government issued identifications, medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or other sensitive information as defined by the Privacy Shield framework.

  1. Cookies

This Site uses cookies to recognize you and allow you to automatically log in without re-entering your username and password each time you visit our Site. The cookies are encrypted and do not save any personally identifiable information about you, such as your username, password, or email address (see the Personally Identifiable Information section for further details). If cookies are disabled in your browser, you can still use the Site, but you will be required to enter your password each time you visit.

  1. Personal Profile and Directory Information

Your Personal Profile features information you may wish to share with other Site AEUs on your Profile Page. Only people who are AEUs of this Site can view other AEUs’ Profile Pages. The only information automatically displayed on your Profile Page is your first name, last name, email, and additional information you select. Additional information fields from your Personal Profile information — including comments and other personal information you choose to share, along with any photos — will appear only if you have opted to provide those items and have also selected to have those fields in your Profile Page View.

Use of our Site and Services

  1. Fraudulent Behavior

This is a resource that has a great deal of AUE input. This Site cannot guarantee the accuracy of information presented. However, anyone demonstrated to have engaged in fraudulent behavior may be subject to (but not limited to) loss of privileges as an AEU as well as face prosecution to the fullest extent of the law.

  1. Email Subscription Opt-Out

The Site provides you with the opportunity to choose to receive email communications about this Site and the groups you are registered with, as well as emails from other AEUs. In all email communications you receive — except confirmation emails such as for event registrations— you are provided an unsubscribe option to opt out of the specific email communication type.

  1. Photo, Blog, and other Personal Content Policy

This Site retains the right to remove or reject any content that it deems obscene, objectionable, or has been reported as such by other AEUs. In addition, the Sponsor of a Site can at any time deem content to be objectionable and can remove it from the Site. This Site does not endorse any user generated content that is posted on the Site. AEUs will not post copyrighted content without permission from the owner. AEUs understand content — whether it be text, graphic, or audio visual — is the sole responsibility of the person from which such content originated. This Site is no way responsible for the accuracy, integrity, or quality of such content.

Compliance and Security

  1. Security

We treat the security of data with utmost importance. We take many precautions at the infrastructure and software layers to deliver the highest industry standard level of protection for your Personal Information and other additional data provided by you or our Sponsors. We subscribe to Amazon Web Services to operate the database and web servers that host Sponsors' Sites and, stores Sponsor and User data, including your Personal Information. These servers are protected by securely configured firewalls that prevent data from being accessed via the Internet. Each of our Sponsor's data, Personal Information, and other additional data are stored in a dedicated database; this prevents the intrusion or corruption of data. In addition, our Sponsors' data catalogs cannot see or access each other's data.

  1. SSL

Measures have been taken to make transactions secure for AEUs on our Sites and transaction pages. Login, electronic commerce, and administrative activity are transmitted over an industry standard Secure Socket Layer (“SSL”). All commerce transactions encrypt your Personal Information including name, address, and credit card number to prevent unauthorized access as the information travels over the Internet. Sponsors can elect to have site activity data transmitted securely by adding full site SSL certification as an additional service.

  1. Logins and Passwords

Strong passwords are required for each login, and they are stored in a format that cannot be read by administrators or employees. Multiple failed logins or lost login requests are challenged by reCaptcha. An administrative rights system restricts authenticated but unauthorized access to Constituent data.

  1. Personally Identifiable Information (PII)

We do not support the collection, storage, or display of sensitive personal information or personally identifiable information in our System or use of our Services. We define “Personally Identifiable Information” or “PII” as information which includes: (i) Family Educational Rights and Privacy Act (FERPA); (ii) Health Insurance Portability and Accountability Act (HIPAA); or (iii) government issued identifications, including, but not limited to, Social Security Numbers, Driver License Numbers, and Individual Taxpayer Identification Numbers.

As part of our policy, we maintain confidentiality and security features consistent with commercially reasonable industry standards which are appropriate to protect our System, as well as any data provided by you and our Sponsors. To the extent Personal Information or other additional Constituent information you provide is stored in our System, such information is treated as confidential information. Our security standards and data protection cover the data entered and maintained within the system. Sponsor’s authorized administrators are also required to follow proper guidelines and standards in the use of the data and our Services to prevent unintended access of all data we maintain within our System. Accordingly, we offer our Sponsors comprehensive product training which includes setup and configuration of the Site, as well as ongoing product support, for purposes of ensuring Sponsors adhere to our confidentiality standards and proper use of our System. However, Sponsors are responsible for process and procedures to ensure the proper use of our Services, including data provided by you and our Sponsors comply with all applicable governing laws related to your Personal Information and confidentiality.

General Inquiry and Other Policy Items

  1. Updates to This Privacy Policy

This Site has the right to make changes or additions to this policy at any time. The most recent version of the Privacy Policy is reflected by the version date located at the bottom of this Policy. If you have questions regarding this policy, please check this policy periodically or contact Customer Support.

  1. Contacting the Site

If you have any questions about this privacy statement, the practices of this Site, or your dealings with this Site, please contact Customer Support by e-mail at admin@GAITS.org.