Privacy Policy

 

Overview and Contact Information 

The American Orthopaedic Foot & Ankle Society (AOFAS) is an international medical society of more than 2,400 orthopaedic surgeons and allied health practitioners who specialize in the diagnosis and treatment of injuries, diseases, and other conditions of the foot and ankle. Through education, research, and advocacy, AOFAS mobilizes our members and the healthcare community to improve patient care.

AOFAS is committed to protecting your personal data and maintaining your confidence and trust in how we manage the personal data that we collect. The following privacy policy sets forth how we collect, process and protect personal data in our possession and control, including without limitation, personal data of individuals within the European Union (EU) and the European Economic Area (EEA). For residents of the EU or the EEA, we are the controller of the processing of your data and our processes relating to your personal data are governed by the General Data Protection Regulation (GDPR).

If you have questions or require further information, please contact the AOFAS Executive Office at:

9400 W. Higgins Road
Suite 220
Rosemont, Illinois 60018
800-235-4855 (US)
847-698-4654 (Outside US)
aofasinfo@aofas.org


In general AOFAS does the following with respect to personal data:

  • Collects, uses, and stores the minimum amount of personal data that is necessary for one or more legitimate business purposes and to comply with legal obligations.

  • Limits who has access to the personal data in our possession to only those who need it for a legitimate business purpose.

  • Protects personal data through security measures tailored to the sensitivity of the personal data we hold.

  • Communicates with our employees, customers, suppliers, business partners, and others about how we intend to use personal data in our day-to-day operations.

  • Takes reasonable steps to ensure personal data is accurate and up-to-date.

  • Integrates privacy in the design of our activities that involve the use of personal data.

  • For residents of the EU or the EEA, we are the controller of the processing of your data and our processes relating to your personal data are governed by the General Data Protection Regulation ("GDPR"). If you have any questions or inquiries, contact us at privacy@aofas.org.


Types of personal data we collect and why 

AOFAS recognizes any data related to an identifiable individual or which identifies an individual as “personal data” subject to this Privacy Policy. Depending on how you interact with ICS, we collect and use different types of personal data.

  • Membership accounts on our website: name, email address, medical certification designations, mailing address, city, state, postal code, historical account information, country of residence, professional affiliations, certification number and year of certification, memberships or fellowship information that verify applications for membership.

  • Registration to events, courses, conferences and the annual meeting: Professional status, name, affiliation, contact details, accommodation preferences, and payment details.

  • Physician Resource Center: name, email address, membership level, activity log, exam results, and purchases.

  • Contact Us form: name, address, email address, phone, and information provided in the message.

  • Marketing activities: name, email address, and information about the interaction with our communications (such as IP addresses, email open, and click-through data). We may also send surveys and collect responses to these surveys that include demographic and professional/practice information.

  • Comment boards: username, any information provided in the comments.

  • Publications: name, email or delivery address, payment information.

  • Donations and Sponsorships: name, tax ID, payment information.

  • Information collected automatically: There is other information that we collect automatically when you visit our site using cookies or similar technologies such as your IP address, mouse activity, browser type, access times, and page views. We use Google Analytics: https://support.google.com/analytics/answer/6004245?hl=en. See our Cookies Notice on AOFAS.org for more information.

  • Annual Meeting Lead Retrieval: name, email address, mailing address, badge scanning activity.

Our policy towards children

We do not knowingly collect personal data from children. We may incidentally process personal data of children, for instance where participants to our events travel with family. If a parent or guardian becomes aware that his or her child has provided us with personal data without their consent, please contact us. If we become aware that a child has registered for our services and has provided us with personal data without the consent of their parent or guardian, we will delete such information from our files.

Disclosures to Third Parties

At times, AOFAS engages third party contractors, service providers, and other vendors to help us accomplish our business objectives. There are other circumstances where we are required by law to disclose personal data to third parties such as public bodies or judicial authorities. We engage with our agents, representatives, contractors, service providers, or other third parties for the following services:

  • Website hosting (based in the United States),

  • authorization of credit card transactions (based in the US),

  • order fulfillment (based in the US);

  • cloud storage (based in the US);

  • broadcast emails (based in the US);

  • online surveys (based in the US)

  • software for conference registration, abstract submissions, and mobile applications;

  • mailing services for AOFAS journals, publications, and promotional pieces;

  • Learning Management System (Physicians Resource Center);

  • Exhibitor Lead Retrieval

We require third parties that transmit personal data to treat such data consistent with this Privacy Policy. A contract to protect personal data will be executed with any vendor who will process personal data in the EU/EEA.

Notwithstanding the foregoing, AOFAS may disclose personal data when it has a good-faith belief that such disclosures is necessary to: (a) comply with law; (b) protect and/or defend AOFAS's rights or property (including without limitation intellectual property); (c) enforce AOFAS's Legal Notice; or (d) protect the interests of other users. 

In addition to the above, AOFAS may be compelled to provide personal data to governmental authorities.  Such compelled disclosures include a court order, subpoena, or to cooperate with a law enforcement investigation.  AOFAS reserves the right to report to law enforcement agencies any activities that we believe in good faith to be unlawful.  


Legal basis for personal data collection and use

AOFAS is committed to processing personal data of users in the EU or EEA lawfully and to facilitating the exercise of such rights grants granted by GDPR. You may contact us at privacy@aofas.org to discuss your privacy concerns.

AOFAS only collects and uses personal data of EU or EEA residents when there is a fair and legal basis and/or when you have consented to our collection or use of such personal data. For example, we collect personal data necessary to become a member of AOFAS or for the legitimate interest of sending marketing materials. More specifically:

  • Membership accounts on our website: Collection is based on the necessity to enter into, or for the performance of, a contract between you and AOFAS to be a member and AOFAS legitimate interest in providing membership services;

  • Registration to events, courses, conferences, and the annual meeting: Collection is based on the necessity to enter into, or for the performance of, a contract between you and AOFAS to attend the events or courses and AOFAS's legitimate interest in providing event-related services to all attendees;

  • Physician Resource Center: Collection is based on the necessity to enter into, and for the performance of, a contact between you and AOFAS to view content located within the learning management system and provide educational resources for all participants;

  • Contact Us form: Collection is based on consent;

  • Marketing activities: Collection is allowed where you provide consent for email marketing, and collection for marketing conducted other than through email or phone call is based on our legitimate interests;

  • Comment boards: Collection is based on consent;

  • Publications: Collection is necessary to perform a contract between you and AOFAS for your subscription and AOFAS's legitimate interest in the publication and distribution process;

  • Donations and Sponsorships: Collection is necessary to perform a contract between you and AOFAS to effectuate the contribution and AOFAS's legitimate interest in facilitating donations and sponsorship programs;

  • Information collected automatically: Collection is allowed where you have given AOFAS your consent;

  • Lead retrieval: Collection is allowed where you have given AOFAS your consent.


What rights you have over your personal data

Under the GDPR, you have the following rights:

  1. Transparency and the right to information: We provide notice to all of our members, website users, and other third parties who interact with us about how we use personal data in our day-to-day activities at the time of collecting personal data, or as soon thereafter as possible. We also publish this Privacy Policy for greater transparency.

  2. Right to access, rectification, restriction of processing, erasure, and data portability: If you are based in the EU or EEA, we provide you with access to your own personal data. In addition, for EU or EEA residents, when requested in writing by you, we will rectify any errors in your personal data when it is incorrect or inaccurate, and we will ensure the right to erasure, portability and to restriction of processing when these rights are not incompatible with other legal obligations.

  3. Right to object and withdraw consent at any time: For all marketing materials, you can opt-out anytime, and free of charge. The right to object for other processing activities will be balanced to ensure that it is not incompatible with local regulations or our legitimate interests.

    These requests should be submitted as follows:

  • Opt-out of marketing communications: You can exercise your right to object and opt-out anytime by following the opt-out instructions in our commercial emails or contacting us at aofasinfo@aofas.org. You will still continue to receive emails relevant to course registrations or purchases (e.g. registration confirmations or purchase receipts) or necessary to your continued membership in the AOFAS (e.g. dues notices). If you believe that SPAM has been sent from us, please contact us at privacy@aofas.org so that we can investigate and rectify the situation.

  • To exercise the rest of your rights: You should send a communication in writing to privacy@aofas.org. In order to fulfill this request, we may require you provide us information to validate your identity and specify your request. We will attend to your request in a timely manner within 30 days after receiving your request. If for any reason we need to extend this period of time, we will contact you.

If you are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of the alleged infringement.


International transfers of personal data

If you are located outside the United States and you interact with our website or provide us personal data, then your personal data may be transferred to the United States. 

We transfer your personal data to the United States whenever you interact with us.  The US has not sought, nor obtained adequacy status from the European Union.  The EU-US Privacy Shield framework obtained an adequacy decision.  The level of protection of your personal data is not deemed equivalent to the one in the EU, unless the receiving organization is self-certified under the EU-US Privacy Shield. As a not-for-profit organization, we are not able to adhere to the EU-US Privacy Shield Principles.

Article 49 of the GDPR permits AOFAS to transfer your personal data on the basis of the following derogations:

  • Explicit consent is obtained for transfers related to responding to requests to contact us, email marketing campaigns, exhibitor lead retrieval, online surveys, and information automatically collected,

  • Transfers are necessary to perform a contract between you and AOFAS to provide membership accounts and services, event registration, publication subscriptions, effectuation donations and sponsorships, and education content in the Physician Resource Center,

  • Transfers for non-email marketing purposes, membership services, and event administration are for AOFAS's legitimate interests as a US-based operation.

As for safeguards to your personal data, we directly apply the GDPR provisions to your personal data. As a matter of principle, we do not engage in any onward transfers regarding your data, beyond the access that our processors have to your data. We carefully select our processors.


Data security

AOFAS is committed to the security, confidentiality and integrity of your personal data. We take commercially reasonable precautions to keep all information obtained from our online visitors secure against unauthorized access and use and we periodically review our security measures.

We care about the security of your transactions and apply industry-standard practices of like organizational methods and technologies to safeguard your credit card information. We use high-grade encryption and the secure https protocol to communicate with your browser software, which mitigates the risk of interception of the credit card information you give us. We also employ several different security techniques to protect your personally identifiable information from unauthorized access by users inside and outside the organization. The Web servers for AOFAS are in a secure environment, and computer systems are maintained in accordance with industry standards of like organizations to secure information. You should be aware, however, that "perfect security" does not exist on the Internet, and third parties may unlawfully intercept or access transmissions or private communications. MIME sniffing and clickjacking are prevented on AOFAS.org. Credit card data is securely passed to our payment processor. Security certificates are SSL with 256-bit encryption.

AOFAS's website contains links to other sites. While AOFAS strives to link only to sites that share our high standards and respect for privacy, AOFAS is not responsible for the privacy practices employed by other sites.

AOFAS MAKES NO CLAIMS, PROMISES OR GUARANTEES ABOUT THE ACCURACY, COMPLETENESS OR ADEQUACY OF THE CONTENTS OF ITS SITE, AND EXPRESSLY DISCLAIMS LIABILITY FOR ERRORS AND OMISSIONS IN THE CONTENTS OF THIS SITE. NO WARRANTY OF ANY KIND, IMPLIED, EXPRESSED OR STATUTORY, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF NON-INFRINGEMENT, TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND FREEDOM FROM COMPUTER VIRUS, IS GIVEN WITH RESPECT TO THE CONTENTS OF AOFAS'S WEBSITE OR ITS HYPERLINKS TO OTHER INTERNET RESOURCES. REFERENCE IN AOFAS'S WEBSITE TO ANY SPECIFIC COMMERCIAL PRODUCTS, PROCESSES OR SERVICES, OR THE USE OF ANY TRADE, FIRM OR CORPORATION NAME IS FOR THE INFORMATION AND CONVENIENCE OF THE PUBLIC AND DOES NOT CONSTITUTE ENDORSEMENT OR RECOMMENDATION BY AOFAS.


How long we retain your personal data

AOFAS applies the storage limitation principle in order to retain personal data in our records only for the length of time required to fulfill the purpose for which the data was collected. We only keep personal data in our records as long as they are necessary for the purposes they have been processed. The retention period depends on the context in which we process data and on specific circumstances such as regulations requiring retaining information for a certain period of time. These circumstances may include local laws, the reasonably anticipated future business needs for the data, the benefit to the user to have the data available, legal requirements to hold the data, or similar circumstances.

AOFAS keeps contact form entries and analytics records. Member invoice data is retained indefinitely as part of your member record. We store member data provided in user profiles. All users can view, edit, or delete their personal information at any time by logging in to the website. Website administrators and membership staff can also see and edit that information.

If you leave a comment on the AOFAS website, the comment and its metadata are retained indefinitely, unless you delete it. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.


Changes to this privacy policy

We reserve the right to modify this Privacy Policy at any time. You will be notified of these changes via an email communication and/or by placing a prominent notice on AOFAS's website. The date stamp you see below will indicate the last date it was revised.


Last Updated: May 9, 2019