- Personal Data that is collected from You.
- Our participation in the EU-US Privacy Shield Framework.
- Use of Your information.
- Sharing of Your information.
- Protection of Your information.
- Right to access, change or delete Your personal data.
- InCrowd’s contact address for privacy questions or complaints.
- Enforcement and Dispute Resolution.
InCrowd is committed to helping you understand how we manage and protect the information we collect. We take privacy seriously, and have taken many steps to help safeguard the information we collect from You.
EU-US AND SWISS-US PRIVACY SHIELD FRAMEWORK
InCrowd complies with the EU-US and Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data from European Union and/or Switzerland. InCrowd has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability.
To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
RENEWAL / VERIFICATION OF PRIVACY SHIELD FRAMEWORK
InCrowd will renew our Privacy Shield certification annually, unless we subsequently determine that we no longer need such certification or if we employ a different adequacy mechanism. Prior to re-certification, InCrowd will conduct an in-house verification to ensure that our attestations and assertions with regard to our treatment of Personal Data are accurate and that we have appropriately implemented these practices. Specifically, as part of the verification process, InCrowd will undertake the following:
- Review its processes and procedures for training Employees about InCrowd’s participation in the Privacy Shield program and the appropriate handling of Your Personal Data.
InCrowd will prepare an internal verification statement on an annual basis.
PERSONAL DATA COLLECTED
- Data Integrity and Purpose Limitation InCrowd shall not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To that end, InCrowd will take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current. InCrowd uses reasonable efforts to maintain the accuracy and integrity of Personal Data and to update it as appropriate.
Web Site and Mobile App Tracking Technologies
When You visit our Sites, or Use our Mobile Apps, some information is automatically collected. For example, when You visit our Sites Your computer’s and mobile device’s operating system, device type, carrier provider, Internet Protocol (IP) address, access times, browser type and language, and the Websites You visited before our Sites may be logged automatically if you are redirected to our Site from our advertising campaigns. We also collect information about Your Usage and activity on our Sites and in our Mobile Apps. We collect mobile device information in order to send service notices directly to Your device. We may associate information we automatically collect with Your personal data such as Your login ID and information You give us at registration.
- Registration During the collection of information via the Profile pages on the Sites, You are required to give Your contact information (such as name, address, birth date, physician license information, medical school, institutional affiliations, email address and the like). An email address and birth date are used to confirm Your identity. An email address is also used to contact You about the materials and information on the Sites. Your email address and postal address will be used to compensate You for Your activities at InCrowd. When the Sites request Your identity, the Sites will clearly indicate the purpose of the inquiry before the information is requested. If you are based in the US, all of Your professional information is subject to authentication by third-party providers to confirm you are a validly licensed physician or clinician.
- Personal Profile Once you are a registered participant, You may provide additional information in Your personal profile describing Your credentials, professional experiences, academic background, biography and the like. If you are based in the US, such additional information must be truthful and accurate and is also subject to authentication by third-party providers. Providing additional information in Your personal profile beyond what is required at registration is entirely optional and may be altered or removed by You at any time.
- IP Addresses When You request a page from any page within the Sites, our Web servers automatically recognize Your domain name and IP address. The domain name and IP address reveal the IP address from which You have accessed the Sites.
- Opt Out Procedures You may opt-out of receiving further communications from InCrowd. To be completely removed from the InCrowd mailing list, contact email@example.com. If You are using an email forwarding service or other similar service, please make sure to include the correct email address or addresses.
USE OF YOUR PERSONAL DATA
- Use of Collected Information InCrowd uses Personal Data that we collect for the following business purposes, without limitation: (1) maintaining and supporting our products, delivering and providing the requested products/services, and complying with our contractual obligations related thereto (including managing transactions, reporting, invoices and other operations related to providing/receiving services); (2) satisfying governmental reporting, tax, and other requirements (3) storing and processing data, including Personal Data, in computer databases and servers located in the United States; (4) verifying identity (e.g., for online access to accounts); (5) as requested by You; (6) for other business-related purposes permitted or required under applicable local law and regulation; and (7) as otherwise required by law.
- Legal Bases for Data Processing Our legal basis for the processing of your personal data are: 1) Your consent; 2) Our legitimate interest in engaging in commerce and offering products and services of value to You.
- Automated Decisions We reserve the right to make automated decisions, including using machine learning algorithms, about You in order to optimize the products and services offered and/or delivered.
- Trend Analyses InCrowd may use IP addresses to analyze trends, administer the Sites, to track Your movement within the Sites, and to gather broad demographic information for aggregate use.
- Links to Other Sites Our Sites includes links to other websites whose privacy practices may differ from InCrowd’s. If You submit personal data to any of those sites, Your information is governed by the privacy statements of those third-party sites.
- Choice with Respect to Uses and Disclosures of Personal Data InCrowd recognizes that EU and Swiss individuals have the right to limit the use and disclosure of their Personal Data, and we are committed to respecting those rights. We offer individuals the opportunity to opt out of disclosures of Personal Data to a third party or the use of Personal Data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by You. We will comply with the Privacy Shield Principles with respect to disclosures of Sensitive Data including, when applicable, obtaining the explicit consent (i.e., opt in consent) of an individual prior to disclosing Sensitive Data to a third-party or using Sensitive Data for purposes other than those for which it was originally collected or subsequently authorized by the individual.
SHARING OF YOUR PERSONAL DATA
- Disclosures / Onward Transfers of Personal Data InCrowd is potentially liable in cases of onward transfers of Personal Data to third-parties, such as when third-parties that act as agents on our behalf process Personal Data in a manner inconsistent with the Privacy Shield Principles. We will ensure that any third-party to which we disclose personal data provides the same level of privacy protection as is required by the Privacy Shield principles and agrees in writing to provide an adequate level of privacy protection. Except as otherwise provided herein, InCrowd discloses Personal Data only to third-parties who reasonably need to know such data. Such recipients must agree to abide by confidentiality obligations that adequately comply with EUUS and Swiss-US compliance requirements.
- Consulting InCrowd may partner with third parties such as PayPal and Giftbit to provide specific services. When You sign up for these services, You agree that InCrowd may share names, or other contact information that is necessary for the third-party to provide these services. Per InCrowd’s contractual arrangements with such third-parties, these parties are not allowed to use personally identifiable information of InCrowd’s users except for the explicit purpose of providing services for InCrowd.
- Spam InCrowd maintains a strict “No-Spam” policy, which means that InCrowd does not intend to sell, rent or otherwise give Your email address to a third-party without Your consent.
- Legal Requests InCrowd also may disclose Personal Data under the following circumstances:
- When we believe it is necessary to share information in order to investigate or prevent fraud, or to take action regarding illegal activities, situations involving potential threats to the physical safety of any person, or as otherwise required by law;
- In rare situations, it may be necessary to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
PROTECTION OF YOUR PERSONAL DATA
- Confidentiality and Security InCrowd has implemented physical and technical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. For example, electronically stored Personal Data is stored on a secure network with firewall protection, and access to InCrowd’s electronic information systems requires user authentication via password or similar means. InCrowd also employs access restrictions, limiting the scope of employees who have access to Your Personal Data. Further, InCrowd uses secure encryption technology to protect certain categories of Personal Data. For example, when InCrowd requests that You enter sensitive information, that information is encrypted using Secure Sockets Layer (SSL) software or other security protocols, which encrypts the information You input. No administrator at InCrowd will have knowledge of Your password. It is important for You to protect against unauthorized access to Your password and to Your computer. If You access the Sites using a shared computer, be sure to log off from the Sites when you have finished your session. To the extent InCrowd keeps physical records containing Your Personal Data, InCrowd limits access to such Personal Data to employees who InCrowd reasonably believes need that information to provide InCrowd services to You. Despite these precautions, no data security safeguards guarantee 100% security all of the time.
- Personnel Access of Personal Data InCrowd personnel may access and use Personal Data only if they are authorized to do so and only for the purpose for which they are authorized.
RIGHT TO ACCESS, CHANGE OR DELETE YOUR PERSONAL DATA
- Right to Access. You have the right to obtain confirmation about whether Personal Data is included about You in our databases. Upon request, InCrowd will provide an individual access to Your Personal Data within a reasonable time period. InCrowd will permit an individual to know what Personal Data about them is included in our databases and to ensure that such Personal Data is accurate and relevant for the purposes for which InCrowd collected the Personal Data. You may review Your Personal Data stored in the databases and correct, update, modify, or delete any data that is incorrect or incomplete. Your right to access your Personal Data may be restricted in exceptional circumstances, including, but not limited to, when the burden or expense of providing this access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated by the provision of such access. If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have.
- Requests for Personal Data InCrowd will track each of the following and will provide notice to the appropriate parties under law and contract when either of the following circumstances arise: (a) legally binding request for disclosure of the Personal Data by a law enforcement authority unless prohibited by law or regulation; or (b) requests received from You.
- Satisfying Requests for Access, Modifications, and Corrections InCrowd will endeavor to respond within a reasonable time period to all reasonable requests to access, view, modify, or inactivate Personal Data.
INCROWD’S CONTACT ADDRESS FOR PRIVACY QUESTIONS OR COMPLAINTS
ENFORCEMENT AND DISPUTE RESOLUTION
We commit to resolving individuals’ complaints related to our privacy practices or our collection, or use, or disclosure of Personal Data. An individual may file a privacy complaint by contacting us at our contact information above. Further, individuals with questions or concerns about the use or disclosure of their Personal Data should contact us as outlined above.
InCrowd acknowledges that as a participant in the Privacy Shield Framework we are under the enforcement authority of the Federal Trade Commission.
If an individual’s complaint cannot be satisfied through our internal complaint process, the individual may bring a complaint before the INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM, a non-profit alternative dispute resolution provider located in the United States and operated by the Insights Association. The INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM is designed to handle eligible complaints brought by EU and Swiss citizens about Privacy Shield Principles. If you have any complaints regarding our compliance with the Privacy Shield Framework you should first contact us (as provided above).
If contacting us does not resolve your complaint or you do not receive timely acknowledgement of your complaint, please visit the INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM website at http://www.insightsassociation.org/get-support/privacy-shield-program/privacy-shield-eu-swiss-citizens-file-complaint for more information and to file a complaint. We will cooperate with the independent dispute resolution mechanism to resolve any complaint that is not resolved through our internal processes. Please note that if an individual’s complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. These dispute resolution services are provided at no cost to you.