Last updated December 31, 2011
- who collects information,
- what information is collected and how this is done,
- how ASCO uses and discloses the information that is collected,
- your rights to view and correct information submitted voluntarily,
- your rights to opt-out, opt-in, or limit specific uses and disclosures of your information,
- what security procedures we use to protect your information,
- how the interactive areas of the Website operate,
- how we comply with the Children’s Online Privacy Protection Act, and
While information is critical to our ability to provide high quality service to you, our most important asset is the trust that our visitors place in how we provide that service. Keeping visitor information secure, and using it only as our visitors would want us to, is a top priority for all of us at ASCO. Consequently our privacy standards are designed to, on a commercially reasonable basis:
- collect and use only the minimum information necessary for us to deliver high quality service to users, to administer our business, and to let you know of products and services that are available from ASCO and trusted third parties;
- protect the information our visitors share with us, maintaining strong standards of security and confidentiality;
- require any other organization that we retain or engage to provide support services to us to conform to our privacy standards; and
- keep visitor files, if any, complete, up to date, and accurate.
We do not collect Personally Identifiable Information from users browsing the Website. We do use first and third party Cookies to collect basic technological information about how visitors use the Website as described more fully in Section 4. This data is used to improve content, site performance, and services for our visitors.
Some features on the Website may require you to register as a user and to receive our authorization before you can use those particular features, including forums, mailing lists, meeting registrations, and other services. In order for you obtain our authorization to use those features and to be considered a registered user, you may be required to provide us with certain Personally Identifiable Information (“PII”) about you or your business. The PII we collect can include names, addresses, e-mail addresses, telephone numbers, fax numbers, education and certifications, areas of specialty, credit card numbers, and other forms of PII.
If you have access to the Website as a designated representative of a business, ASCO may terminate your right to use the Website upon notification that you are no longer a designated representative for that business.
If you are submitting PII on behalf of others in your family, business or other organization for registration purposes or otherwise, you represent that you have their permission, agreement and full authorization to provide this information to us. We reserve the right (a) to ask you to provide evidence of your authority at any time during, or even after, the submission process and (b) to contact those individuals to confirm your authority at any time. If we determine that your authority has not been properly obtained, we may immediately and without notice to you discontinue your authorized use of those features of the Website for which you have registered.
In addition, ASCO has engaged third party vendors to help us manage our web presence and allow us to better serve our web visitors. Personal information submitted to ASCO through third party managed pages may be shared with these vendors as necessary for completing authorized transactions. These third-party managed pages include the Journal of Clinical Oncology website (jco.ascopubs.org), the Journal of Oncology Practice website (jop.ascopubs.org), the Oncology Career Center™ website (www.careers.jco.org), portions of the Career Opportunities at ASCO page (www.asco.org/ASCOv2/About+ASCO/Career+Opportunities+at+ASCO), and portions of ASCO in Action (ascoaction.asco.org).
ASCO has also provided external links to other websites in order to provide those who use the Website with a better, more fulfilling experience. Once you enter another website (whether through an advertisement, service or content link), be aware that ASCO is not responsible for the privacy practices of such other sites (see also Section 10 of the Terms and Conditions of Use). We encourage you to look for and review the privacy statements of each and every website that you visit through a link or sponsorship notice.
If you use the Website without registering, we will only collect anonymous Non-Personal Information (“NPI”), about you through the use of first and third party Cookies and other technical means (described in more detail in this Section 4).
If you choose to register with the Website to use interactive or other specific services, we require you to submit certain PII, such as your name, address, e-mail address, telephone number, fax number, education and certification, areas of specialty, and credit card number. While you may use some of the functionality of the Website without registration, many specific tools and services on the Website require registration and your submission of PII.
How we collect NPI. We collect certain NPI about your use of the Website through our use of first and third party Cookies and through other technical means (e.g. Click Stream Information such as log files, Web Beacons, etc.). This NPI includes information about the date and time you visit the Website, which pages you view, how you arrive at the Website (through referring links or otherwise), how much time you spend on the Website, your IP address, and the type of Browser and operating system you use.
We encourage you to research online resources and learn about not only Cookies but also the other technical means through which information about you may be collected through websites you visit. Your Browser can be set to reject all Cookies. A “help” section of most Browsers’ toolbar usually offers instructions on how to reset the browser to reject Cookies.
If you reject our Cookies, certain functions and conveniences of the Website may not work properly, including those sections that are only available to registered users, but we believe you do not have to accept our Cookies in order to productively use the Website.
In addition, if you visit the Website through a link from an email newsletters sent by ASCO, our system will log such information as what links the you click through from the e-mail to the Website, the date and time of your click through, the name of the link or source from which the message was sent, the tracking URL number, and the destination page.
Anonymous nature of NPI; linking of NPI and PII. Generally, the NPI we collect about you is attached to arbitrary, anonymous system names that are assigned to visitors when they enter the Website. Please note, however, that during the registration process, or at other times during your use of the Website, we may ask for your permission to link your NPI with your PII. In addition, the providers of third party Cookies may have the ability to link your activities on the Website with your browsing activities elsewhere on the Internet.
Examples of how we may use NPI. The anonymous NPI we obtain from you is generally used to render, administer, and improve the Website, our services, and our business. We may use NPI to do any of the following (please note that this list is representative and provided only to assist you in understanding how we might use the NPI we collect).
- To help dynamically generate content on web pages or in newsletters.
- To statistically monitor how many people are using the Website.
- To track generic user behavior (see, for example, the definition of “Click Stream Information”).
- To monitor how many people open our emails.
- To help us evaluate the purpose our users undertake certain activities, including those listed immediately above.
- To determine the popularity of certain content.
- To facilitate users’ log-in and navigation and as session timers.
- To restrict underage use of our services.
Disclosure of Aggregate Information. ASCO may provide Aggregate Information to third parties. For example, we might inform third parties regarding the number of users of the Website and the activities they conduct while on the Website. We might for example inform a pharmaceutical company (that may or may not be sponsor of the Website) that “30% of our users live east of the Mississippi” or that “25% of our users have tried alternative medicine.” We require parties with whom we share Aggregate Information to agree that they will not attempt to make this information PII, such as by combining it with other databases.
How we use PII. We use PII, and any data, personal or otherwise, that you provide and which may be saved on the Website, to provide our products and services. In addition to the ways in which we may use NPI, examples of the ways in which we may use PII include but are not limited to:
- To respond to your questions.
- To provide to you the services or subscriptions you select.
- To contact you regarding ASCO events or other news.
- To send you information you request.
- To send and manage surveys.
- To advise you of products or services that may be available through ASCO.
- To notify you about website maintenance, updates, and new features.
- To manage membership and volunteer functions.
- To confirm or fulfill purchase and registration requests.
- To display content we think may be of interest to you and otherwise help us customize what you see when you visit the Website.
- To solicit user feedback to assess user-satisfaction or other needs and interests.
- To help us in creating new tools, features, and services.
- To send you materials on behalf of trusted third parties.
- Otherwise in rendering, administering, and improving the Website, our services, and our business.
ASCO only discloses your PII to third parties under those circumstances outlined in Section 5.
If you are registered to use particular services, you acknowledge and also consent to our tracking activities and use of the Website under your username in connection with those services (e.g., in order to confirm and fill orders, maintain quality control and contact you concerning your orders, transactions, or subscriptions, should it be necessary or appropriate to do so).
E-Commerce Transactions. When you place an order online with us, register for a conference, or pay your dues electronically, your personal information and credit card information are encrypted using industry-standard SSL Encryption technology before being sent over the Internet. We submit to the appropriate credit card clearinghouse only the information necessary to collect payment. All credit card information retained by ASCO, including credit card numbers if you elect to store them on your account, is compliant with Payment Card Industry data security standards.
ASCO will only disclose your PII to third parties under the following circumstances:
- disclosure to corporate affiliates of ASCO, including the Conquer Cancer Foundation (www.conquercancerfoundation.org) and the Institute for Clinical Excellence, LLC;
- disclosure at your request, such as to complete transactions you undertake on the Website;
- disclosure to vendors engaged by ASCO to outsource one or more of our internal functions, products, or services, including but not limited to managing mailing lists, packaging, mailing and delivering purchases and promotional offers, consulting services, data modeling, printing, sending postal mail, and processing event registrations;
- disclosure of contact information to other ASCO members via our membership directories (the information made available in directories will not include will not include financial information, such as credit card or bank information, or social security numbers);
- disclosure of contact information to the public if you elect to participate in the Find an Oncologist Database (www.cancer.net/patient/Publications+and+Resources/Find+an+Oncologist/Find+an+Oncologist+Database);
- limited disclosure of contact information to trusted third parties to offer products and services to our members; and
- disclosure to private entities and law enforcement or other government officials as we, in our sole discretion, believe necessary or appropriate (a) to investigate or resolve possible problems or inquiries, (b) to conform to legal requirements or comply with legal process served on ASCO, (c) to protect our own business and assets, or (d) in special cases, such as a physical threat to you or others.
Please note that additional disclosure rules apply to information obtained by ASCO through the Oncology Career Center™, which is discussed further in Section 10.
The tools that collect and store PII allow you to correct, update or review that information (and any preferences) by logging-in to the specific service and making the desired changes to your registration information. In most cases you may also withdraw your registration by sending us an email at firstname.lastname@example.org. If you withdraw a registration with the Website your PII may not be deleted from our records and we may use that data for internal purposes.
When you register, you may be asked whether you want to receive special announcements and future newsletters by email. If you check “yes” but change your mind at any time in the future and no longer wish to receive our newsletter and other special announcements by email, you will be able to Opt-Out of these services by: (a) going to MyASCO (www.asco.org/ascov2/myasco) and selecting “Update Email Subscriptions”; (b) following the directions included at the bottom of any newsletter issue; and/or (c) sending us an email at email@example.com, and we will take you off the applicable list. You may also Opt-In to receive communications from us and trusted third parties at the point of registration or by similarly following the instructions above.
You may Opt-Out of having your PII shared with trusted third parties for the purposes of offering products and services to our members by sending us an email at firstname.lastname@example.org.
ASCO is committed to keeping user information secure, and implements commercially reasonable security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. Access to data and technology relating to user information is password-protected and limited to authorized personnel and those vendors that require access to the information in order to furnish services to ASCO and our members. In addition, ASCO uses industry standard technology to keep users’ information secure while residing on ASCO’s servers.
Listed below are some of the security procedures that ASCO uses to protect your privacy:
- Require both a personal Username and a Password in order for users to access their PII.
- Use Firewalls to protect information held in our Servers.
- Closely monitor the limited number of ASCO employees who have access to your PII.
- Back-up our systems to protect the integrity of your PII.
- Use industry-standard SSL Encryption technology for any credit card information sent over the Internet.
- Require vendors with access to PII to commit to and abide by confidentiality obligations.
Despite ASCO’s efforts to protect your PII, there is always some risk that an unauthorized third party may breach our security systems or that your transmissions of information over the Internet could be intercepted by third parties. ASCO is not responsible or liable for any loss or damage of any sort arising from or relating to any breach of our security or interception of your transmissions (see Terms and Conditions of Use).
As a service to our users, the Website may feature message boards, chat rooms, and/or other public forums where users can share information or where users can post questions. We may also offer online discussions moderated by medical or healthcare experts.
In addition, you may choose to use certain interactive content, tools, and services that ask you to voluntarily provide information about yourself. Some of these tools (like certain quizzes or calculators) do not retain information, while others may store information in accordance with the authorization you provide at the time you use the service or tool. Please be aware of this fact.
Any chat room, message board, forum or similar interactive service is by design open to the public and is not a private, secure service. ASCO is not responsible for the privacy of information voluntarily provided by a user in interactive areas. You should think carefully before disclosing any PII in any public forum because what you have written may be seen, disclosed to, or collected by third parties and may be used by others in ways we are unable to control or predict, including to contact you for purposes unauthorized by you.
Because the Oncology Career Center™ (www.careers.jco.org) is a career site, it gives job seekers the option of posting their resumes to our database. There are two ways to post a resume.
Non-Searchable Submission. You can store your resume in our database, but elect during the registration process to exclude your resume from searches by potential employers. Excluding your resume from database searches means that you can use it to apply for and respond to individual job postings, but employers will not have the ability to search for it.
Searchable Submission. During the registration process you will have the option to allow your resume to be searchable by potential employers. Selecting this option permits all parties with access to our searchable resume database to have access to your resume.
You may remove your resume from the database, and change the status of the resume from searchable to non-searchable, and vice-versa, at any time by updating your profile page on the Oncology Career Center™.
We do not knowingly solicit data online from or market online to children under the age of 13.
Aggregate Information. As a website gathers individual pieces of Non-Personal Information from its users, it may combine similar data from many or all the users of the website into one big “batch.” For example, the site may add up the total number of people in Peoria, Illinois, (but not their names) who are seeking information about pancreatic cancer and compare that to the number of people in Petaluma, California seeking the same information.
This sort of statistical information is called aggregate data because it reflects the habits and characteristics of a large group of anonymous people. Websites may use aggregate data or share it with business associates so that the information and services they provide best meet the needs of the users. aggregate data also helps advertisers and sponsors on the Website know how effectively they are reaching and meeting the needs of their target audience.
Browser. Short for web browser, a browser is software application used to locate and display pages of the Internet. The popular browsers include Mozilla Firefox, Microsoft Internet Explorer, Google Chrome, Opera, and Apple Safari. Most modern browsers can present multimedia information, including sound and video, though they require plug-ins for some formats.
Click Stream Information. A record of all the pages you have visited during your visit to a particular website or the services you accessed from the site or from an email. Click Stream Information is associated with your browser and not with you personally. It records the archives of your Browser.
Cookie. A small data file that is stored on the hard drive of the computer you use to view a website. Cookies are placed by that site (“first party”) or by a third party with a presence on the site, such as an advertiser using a Web Beacon, and are accessible only by the party or site that placed the Cookie on the computer (i.e. a Cookie placed on your computer by ASCO is not accessed by any other site you visit but a Cookie placed on your computer by an advertiser may be accessed by any site on which that same advertiser has a presence). Cookies can contain pieces of Personally Identifiable Information. ASCO encrypts any PII it stores in first party Cookies. These Cookies often are used to make the site easier to use. For example, if you check a box to ask that we store your Username on your computer so that you don’t have to enter it each time you visit the site, it’s stored in a Cookie on your computer.
Encryption. The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or Password that enables you to decrypt it. This is typically done by so called “secure computer systems.”
Firewall. A system designed to prevent unauthorized access to or from a public or private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized users from accessing private portions of public networks. All messages entering or leaving the network pass through the firewall, which examines each message and blocks those that do not meet specified security criteria.
Non-Personal Information (“NPI”). Information that is not traceable back to any individual and cannot be used to identify an individual. For example, Click Stream Information is Non-Personal Information, as is information such as gender, age, city, and physical location, when not linked with other Personally Identifiable Information.
Opt-In. Means you are actively indicating your preference to participate in a program, email, feature, tool, or enhancement on a website. Typically, if you “Opt-in” you must provide certain information, usually Personally Identifiable Information, to the website or otherwise actively indicate your choice or preference to participate in the website program. For example, if you wish to receive a newsletter by email from the Journal of Clinical Oncology (jco.ascopubs.org), you can enter your email address and choose the type of newsletter by checking a box next to a statement such as: “Yes, I’d like to receive the JCO Newsletters.”
Opt-Out. Means that if you do not take some action you are indicating your preference to participate in a program, email, feature, tool, or enhancement on a website. Typically, if you “Opt-Out” you must uncheck a box next to a stated preference or otherwise take some indicate action to indicate your preference not to participate in a program.
Password. A secret series of characters, typically alphanumeric (meaning it consists of both letters and numbers) that enables a user to access a file, computer, or program. The user must enter its, his, or her password before the computer or system will respond to commands. The password helps ensure that unauthorized users do not access the system. In addition, data files and programs may require a password.
Ideally, the password should be something that nobody could guess. In practice, many people choose a password that is easy to remember, such as their name or their initials. This is one reason it is relatively easy to break into many computer systems.
Personally Identifiable Information (“PII”). Information that can be traced back to an individual (in contrast to Non-Personal Information and Aggregate Information). Examples of PII include your name, home address, telephone number, email address, and Social Security number.
If other pieces of information are linked to PII, they also become PII. For example, if you use a nickname to chat online and give out your real name while chatting, your nickname becomes PII when linked with other PII.
Server. A computer that provides services to other computers. A “web server” stores web site files and “serves” them to people who request them.
SSL (Secure Sockets Layer). A security protocol developed by Netscape for transmitting private information via the Internet. SSL works by using a private key to encrypt data that’s transferred over the SSL connection. All major Browsers, including Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and Apple Safari, support SSL, and many websites use the protocol to transmit confidential user information, such as credit card numbers. By convention, URLs that utilize an SSL connection start with https: instead of http:.
Username. A name used to gain access to a computer system or program. Usernames, and often Passwords, are required in shared systems, such as the Internet. In most such systems, users can choose their own usernames and passwords.
Web Beacons (also often referenced as “clear GIFs,” “web bugs,” “1-by-1 GIFs,” “Single-Pixal GIFs,” “1 x 1 Pixals” or “clear Pixals”). Tiny graphic image files, imbedded in a web page in GIF, jpeg, or HTML format, that provide a presence on the web page and send back to its home Server (which can belong to the host site, a network advertiser, or some other third party) information from the users’ Browser, such as the IP address, the URL of the page on which the beacon is located, the type Browser that is accessing the site, and the ID number of any Cookies on the users’ computer previously placed by that server. Web Beacons can also be used to place a Cookie on the users’ Browser.