Privacy

GENERAL STATEMENT

This Privacy Policy (“Privacy Policy”) discloses the privacy practices for InCrowd, Inc. (“InCrowd”; “we” “our” or “us”) with regard to Your (“You” or “Your”) use of the website www.incrowdnow.com and www.incrowdanswers.com (the “Site” or “Sites”) or InCrowd’s mobile applications. InCrowd has adopted this Privacy Policy to establish and maintain an adequate level of Personal Data privacy protection. This Policy applies to the processing of Personal Data that InCrowd obtains from You. InCrowd is committed to Your privacy. This Privacy Policy provides information about the following:

  1. Personal Data that is collected from You.
  2. Our participation in the EU-US Privacy Shield Framework.
  3. Use of Your information.
  4. Sharing of Your information.
  5. Protection of Your information.
  6. Right to access, change or delete Your personal data.
  7. Changes to this Privacy Policy.
  8. InCrowd’s contact address for privacy questions or complaints.
  9. Enforcement and Dispute Resolution.

This Privacy Policy applies to the processing of Personal Data that InCrowd transfers to and stores in the United States.

InCrowd is committed to helping you understand how we manage and protect the information we collect. We take privacy seriously, and have taken many steps to help safeguard the information we collect from You.

This Privacy Policy was established in January 2011.  It was last updated on January 31, 2018.


EU-US AND SWISS-US PRIVACY SHIELD FRAMEWORK

InCrowd complies with the EU-US and Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data from European Union and/or Switzerland. InCrowd has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability.

If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

Notification about our adherence to the Privacy Shield principles through our publicly posted website Privacy Policy is available at https://incrowdnow.com/privacy/


RENEWAL / VERIFICATION OF PRIVACY SHIELD FRAMEWORK

InCrowd will renew our Privacy Shield certification annually, unless we subsequently determine that we no longer need such certification or if we employ a different adequacy mechanism. Prior to re-certification, InCrowd will conduct an in-house verification to ensure that our attestations and assertions with regard to our treatment of Personal Data are accurate and that we have appropriately implemented these practices. Specifically, as part of the verification process, InCrowd will undertake the following:

  1. Review this Privacy Policy to ensure that it accurately describe the practices regarding the collection of Your Personal Data.
  2. Ensure that this Privacy Policy informs You of InCrowd’s participation in the Privacy Shield program and where to obtain a copy of additional information (e.g., a copy of this Privacy Policy).
  3. Ensure that this Privacy Policy continues to comply with the Privacy Shield principles.
  4. Confirm that You are made aware of the process for addressing complaints and any independent dispute resolution process (InCrowd may do so through its publicly posted website, its Privacy Policy and/or its Terms of Use).
  5. Review its processes and procedures for training Employees about InCrowd’s participation in the Privacy Shield program and the appropriate handling of Your Personal Data.

InCrowd will prepare an internal verification statement on an annual basis.


PERSONAL DATA COLLECTED

  1. Information Collection and Use InCrowd is the owner and Data Controller of the information collected on our Sites and Mobile Applications (Apps). InCrowd’s contact information can be found below in the section for InCrowd’s Contact Address. We collect personal data You provide to us on the registration page and Your profile page. For example, we collect Your name, email address, date of birth, postal address, phone number, fax number, physician license number, medical school, institutional affiliations, IP address, demographics, and other information You provide us on our Sites and through our Mobile Apps. We will not sell, share, transfer, or rent any personal data to others in ways different from what is disclosed in this Privacy Policy and our Terms of Use. InCrowd reserves the right to collect, disseminate, sell or otherwise disclose non-personal data provided by You, but only in accordance with InCrowd’s Terms of Use.
  2. Data Integrity and Purpose Limitation InCrowd shall not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To that end, InCrowd will take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current.  InCrowd uses reasonable efforts to maintain the accuracy and integrity of Personal Data and to update it as appropriate.

Web Site and Mobile App Tracking Technologies

When You visit our Sites, or Use our Mobile Apps, some information is automatically collected. For example, when You visit our Sites Your computer’s and mobile device’s operating system, device type, carrier provider, Internet Protocol (IP) address, access times, browser type and language, and the Websites You visited before our Sites may be logged automatically if you are redirected to our Site from our advertising campaigns. We also collect information about Your Usage and activity on our Sites and in our Mobile Apps. We collect mobile device information in order to send service notices directly to Your device. We may associate information we automatically collect with Your personal data such as Your login ID and information You give us at registration.

  1. Registration During the collection of information via the Profile pages on the Sites, You are required to give Your contact information (such as name, address, birth date, physician license information, medical school, institutional affiliations, email address and the like). An email address and birth date are used to confirm Your identity. An email address is also used to contact You about the materials and information on the Sites. Your email address and postal address will be used to compensate You for Your activities at InCrowd. When the Sites request Your identity, the Sites will clearly indicate the purpose of the inquiry before the information is requested. If you are based in the US, all of Your professional information is subject to authentication by third-party providers to confirm you are a validly licensed physician or clinician.
  2. Personal Profile Once you are a registered participant, You may provide additional information in Your personal profile describing Your credentials, professional experiences, academic background, biography and the like. If you are based in the US, such additional information must be truthful and accurate and is also subject to authentication by third-party providers. Providing additional information in Your personal profile beyond what is required at registration is entirely optional and may be altered or removed by You at any time.
  3. IP Addresses When You request a page from any page within the Sites, our Web servers automatically recognize Your domain name and IP address. The domain name and IP address reveal the IP address from which You have accessed the Sites.
  4. Opt Out Procedures You may opt-out of receiving further communications from InCrowd. To be completely removed from the InCrowd mailing list, contact privacy@incrowdnow.com. If You are using an email forwarding service or other similar service, please make sure to include the correct email address or addresses.


USE OF YOUR PERSONAL DATA

  1. Use of Collected Information InCrowd uses Personal Data that we collect for the following business purposes, without limitation: (1) maintaining and supporting our products, delivering and providing the requested products/services, and complying with our contractual obligations related thereto (including managing transactions, reporting, invoices and other operations related to providing/receiving services); (2) satisfying governmental reporting, tax, and other requirements (3) storing and processing data, including Personal Data, in computer databases and servers located in the United States; (4) verifying identity (e.g., for online access to accounts); (5) as requested by You; (6) for other business-related purposes permitted or required under applicable local law and regulation; and (7) as otherwise required by law.
  2. Legal Bases for Data Processing Our legal basis for the processing of your personal data are: 1) Your consent; 2) Our legitimate interest in engaging in commerce and offering products and services of value to You.
  3. Automated Decisions We reserve the right to make automated decisions, including using machine learning algorithms, about You in order to optimize the products and services offered and/or delivered.
  4. Cookies InCrowd may set and use cookies to enhance Your user experience on the Sites, such as retaining Your personal settings and preferences.  You may set your browser to prevent or reject cookies, or you may manually delete any cookies set. If You reject the cookies on the Sites, You may still be able to use the Sites, but they shall be limited to certain minimal functionality. InCrowd uses -third-party tracking utility companies that use session ID cookies which track Site usability and improves user experience. Our Privacy Policy does not cover the Use of cookies by our tracking utility company. We do not have access or control over these cookies. We may collect information on our Sites using Web beacons, electronic images that may be used on our Sites or in our emails. We use Web beacons to deliver cookies, count visits, understand usage and campaign effectiveness and to tell if an email has been opened and acted upon.
  5. Trend Analyses InCrowd may use IP addresses to analyze trends, administer the Sites, to track Your movement within the Sites, and to gather broad demographic information for aggregate use.
  6. Links to Other Sites Our Sites includes links to other websites whose privacy practices may differ from InCrowd’s. If You submit personal data to any of those sites, Your information is governed by the privacy statements of those third-party sites.
  7. Choice with Respect to Uses and Disclosures of Personal Data InCrowd recognizes that EU and Swiss individuals have the right to limit the use and disclosure of their Personal Data, and we are committed to respecting those rights. We offer individuals the opportunity to opt out of disclosures of Personal Data to a third party or the use of Personal Data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by You.  We will comply with the Privacy Shield Principles with respect to disclosures of Sensitive Data including, when applicable, obtaining the explicit consent (i.e., opt in consent) of an individual prior to disclosing Sensitive Data to a third-party or using Sensitive Data for purposes other than those for which it was originally collected or subsequently authorized by the individual.


SHARING OF YOUR PERSONAL DATA

  1. Sharing We do not share Your Personal Data with third-parties other than with third- party vendors, consultants and other service providers (including, without limitation email service providers, validation providers, survey hosting provider, reward fulfillment providers, SMS and video conference service providers, credit card processor, auditors and tax authorities who are working on our behalf and need access to Your information to carry out their work for us. We may provide Personal Data to such third-parties for the following purposes, without limitation: email services, authentication of medical licenses, honorarium processing and fulfillment, auditing purposes and governmental reporting, tax, and other requirements. We may share Your information in connection with a merger, sale of company assets, financing or acquisition of all or a portion of our business to another company, if any. In this event, InCrowd will notify You before information about You is transferred and becomes subject to a different privacy policy. We may also share aggregated or anonymous information that does not directly identify You. InCrowd may share anonymized aggregated demographic information with InCrowd’s partners.
  2. Disclosures / Onward Transfers of Personal Data InCrowd is potentially liable in cases of onward transfers of Personal Data to third-parties, such as when third-parties that act as agents on our behalf process Personal Data in a manner inconsistent with the Privacy Shield Principles.  We will ensure that any third-party to which we disclose personal data provides the same level of privacy protection as is required by the Privacy Shield principles and agrees in writing to provide an adequate level of privacy protection.  Except as otherwise provided herein, InCrowd discloses Personal Data only to third-parties who reasonably need to know such data. Such recipients must agree to abide by confidentiality obligations that adequately comply with EUUS and Swiss-US compliance requirements.
  3. Consulting InCrowd may partner with third parties such as PayPal and Giftbit to provide specific services. When You sign up for these services, You agree that InCrowd may share names, or other contact information that is necessary for the third-party to provide these services. Per InCrowd’s contractual arrangements with such third-parties, these parties are not allowed to use personally identifiable information of InCrowd’s users except for the explicit purpose of providing services for InCrowd.
  4. Spam InCrowd maintains a strict “No-Spam” policy, which means that InCrowd does not intend to sell, rent or otherwise give Your email address to a third-party without Your consent.
  5. Legal Requests InCrowd also may disclose Personal Data under the following circumstances:
    1. When we believe it is necessary to share information in order to investigate or prevent fraud, or to take action regarding illegal activities, situations involving potential threats to the physical safety of any person, or as otherwise required by law;
    2. In rare situations, it may be necessary to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.


PROTECTION OF YOUR PERSONAL DATA

  1. Confidentiality and Security InCrowd has implemented physical and technical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. For example, electronically stored Personal Data is stored on a secure network with firewall protection, and access to InCrowd’s electronic information systems requires user authentication via password or similar means. InCrowd also employs access restrictions, limiting the scope of employees who have access to Your Personal Data. Further, InCrowd uses secure encryption technology to protect certain categories of Personal Data. For example, when InCrowd requests that You enter sensitive information, that information is encrypted using Secure Sockets Layer (SSL) software or other security protocols, which encrypts the information You input. No administrator at InCrowd will have knowledge of Your password. It is important for You to protect against unauthorized access to Your password and to Your computer. If You access the Sites using a shared computer, be sure to log off from the Sites when you have finished your session.  To the extent InCrowd keeps physical records containing Your Personal Data, InCrowd limits access to such Personal Data to employees who InCrowd reasonably believes need that information to provide InCrowd services to You. Despite these precautions, no data security safeguards guarantee 100% security all of the time.
  2. Responsibilities and Management InCrowd has designated the Compliance Department to oversee our information security program, including its compliance with the Privacy Shield program. The Compliance Department shall review and approve any material changes to this program as necessary. Any questions, concerns, or comments regarding this Policy also may be directed to privacy@incrowdnow.com. InCrowd will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Data that we collect. InCrowd personnel will receive training, as applicable, to effectively implement this Privacy Policy.
  3. Personnel Access of Personal Data InCrowd personnel may access and use Personal Data only if they are authorized to do so and only for the purpose for which they are authorized.


RIGHT TO ACCESS, CHANGE OR DELETE YOUR PERSONAL DATA

  1. Right to Access. You have the right to obtain confirmation about whether Personal Data is included about You in our databases. Upon request, InCrowd will provide an individual access to Your Personal Data within a reasonable time period. InCrowd will permit an individual to know what Personal Data about them is included in our databases and to ensure that such Personal Data is accurate and relevant for the purposes for which InCrowd collected the Personal Data. You may review Your Personal Data stored in the databases and correct, update, modify, or delete any data that is incorrect or incomplete. Your right to access your Personal Data may be restricted in exceptional circumstances, including, but not limited to, when the burden or expense of providing this access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated by the provision of such access.  If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have.
  2. You may access Your Personal Data by contacting InCrowd by phone, postal mail or email at the contact information section of this Privacy Policy. In making modifications to Your Personal Data, You must provide only truthful, complete, and accurate information. To request deletion of Personal Data, You should submit a written request via email to privacy@incrowdnow.com or via postal mail at InCrowd, Attn: Compliance Department, 480 Pleasant Street, Suite B100, Watertown, MA 02472 USA.
  3. Requests for Personal Data InCrowd will track each of the following and will provide notice to the appropriate parties under law and contract when either of the following circumstances arise: (a) legally binding request for disclosure of the Personal Data by a law enforcement authority unless prohibited by law or regulation; or (b) requests received from You.
  4. Satisfying Requests for Access, Modifications, and Corrections InCrowd will endeavor to respond within a reasonable time period to all reasonable requests to access, view, modify, or inactivate Personal Data.


CHANGES TO THIS PRIVACY POLICY

  1. Notification of Changes InCrowd reserves the right to modify this Privacy Policy at any time, consistent with the Privacy Shield Principles and applicable data protection and privacy laws and principles. If we make material changes to the Privacy Policy for our Sites, InCrowd will post those changes on www.incrowdnow.com and www.incrowdanswers.com under the link “Privacy Policy” so You are aware of what information InCrowd collects, how InCrowd uses such information, and under what circumstances, if any, InCrowd discloses it. If at any point InCrowd would like to use Personal Data in a manner different from that stated at the time it was collected, InCrowd would notify users via email and allow You to choose whether Your Personal Data may be used in any materially different manner. If You have provided Personal Data before the changes in InCrowd’s Privacy Policy, You will have a choice as to whether or not You will permit InCrowd to use Your information in this different manner. If You do not accept InCrowd’s use of Your Personal Data in accordance with the terms of the new privacy policy, InCrowd will use Your information in accordance with the privacy policy under which the information was originally collected.
  2. Terms of Use The Terms of Use Agreement is incorporated herein by reference in its entirety.


INCROWD’S CONTACT ADDRESS FOR PRIVACY QUESTIONS OR COMPLAINTS

Should You have questions about this Privacy Policy or InCrowd’s information collection, use and disclosure practices, You may contact us at the address www.incrowdnow.com/contact, by phone at +1-617-934-1600 extension 6 or via postal mail at InCrowd, Attn: Compliance Department, 480 Pleasant Street, Suite B100, Watertown, MA 02472 USA. We will respond promptly to requests, questions or concerns You may have regarding our use of personal data about You. Except where required by law, InCrowd cannot ensure a response to questions or comments regarding topics unrelated to this Privacy Policy or InCrowd’s privacy practices.


ENFORCEMENT AND DISPUTE RESOLUTION

We commit to resolving individuals’ complaints related to our privacy practices or our collection, or use, or disclosure of Personal Data.  An individual may file a privacy complaint by contacting us at our contact information above.  Further, individuals with questions or concerns about the use or disclosure of their Personal Data should contact us as outlined above.

InCrowd acknowledges that as a participant in the Privacy Shield Framework we are under the enforcement authority of the Federal Trade Commission.

If an individual’s complaint cannot be satisfied through our internal complaint process, the individual may bring a complaint before the INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM, a non-profit alternative dispute resolution provider located in the United States and operated by the Insights Association. The INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM is designed to handle eligible complaints brought by EU and Swiss citizens about Privacy Shield Principles.  If you have any complaints regarding our compliance with the Privacy Shield Framework you should first contact us (as provided above).

If contacting us does not resolve your complaint or you do not receive timely acknowledgement of your complaint, please visit the INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM website at http://www.insightsassociation.org/get-support/privacy-shield-program/privacy-shield-eu-swiss-citizens-file-complaint for more information and to file a complaint.  We will cooperate with the independent dispute resolution mechanism to resolve any complaint that is not resolved through our internal processes.  Please note that if an individual’s complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.  These dispute resolution services are provided at no cost to you.