SNOMED International Services collects some Personal Data from its Users.
SNOMED International, 1 Kingdom Street, Paddington London, W2 6BD, United Kingdom
Owner contact email: email@example.com
Among the types of Personal Data that SNOMED International Services collects, by itself or through third parties, there are: Cookies, Usage Data, first name, last name, company name, email address and username.
Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using SNOMED International Services.
Unless specified otherwise, all Data requested by SNOMED International Services is mandatory and failure to provide this Data may make it impossible for SNOMED International Services to provide its services. In cases where SNOMED International Services specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.
Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.
Users are responsible for any third-party Personal Data obtained, published or shared through SNOMED International Services and confirm that they have the third party's consent to provide the Data to the Owner.
The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of SNOMED International Services (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.
The Owner may process Personal Data relating to Users if one of the following applies:
In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
The Data is processed at the Owner's operating offices and in any other places where the parties involved in the processing are located.
Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.
Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.
If any such transfer takes place, Users can find out more by checking the relevant sections of this document or inquire with the Owner using the information provided in the contact section.
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
The Data concerning the User is collected to allow the Owner to provide its Services, as well as for the following purposes: Hosting and backend infrastructure, Analytics, Infrastructure monitoring, Contacting the User, Content commenting, Registration and authentication, SPAM protection, Managing contacts and sending messages and Displaying content from external platforms.
Users can find further detailed information about such purposes of processing and about the specific Personal Data used for each purpose in the respective sections of this document.
Personal Data is collected for the following purposes and using the following services:
The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of SNOMED International Services, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
This integration of Google Analytics anonymizes your IP address. It works by shortening Users' IP addresses within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be sent to a Google server and shortened within the US.
Personal Data collected: Cookies and Usage Data.
By filling in the contact form with their Data, the User authorizes SNOMED International Services to use these details to reply to requests for information, quotes or any other kind of request as indicated by the form’s header.
Personal Data collected: company name, email address, first name and last name.
By registering on the mailing list or for the newsletter, the User’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning SNOMED International Services. Your email address might also be added to this list as a result of signing up to SNOMED International Services or after making a purchase.
Personal Data collected: email address, first name and last name.
Content commenting services allow Users to make and publish their comments on the contents of SNOMED International Services.
Depending on the settings chosen by the Owner, Users may also leave anonymous comments. If there is an email address among the Personal Data provided by the User, it may be used to send notifications of comments on the same content. Users are responsible for the content of their own comments.
If a content commenting service provided by third parties is installed, it may still collect web traffic data for the pages where the comment service is installed, even when Users do not use the content commenting service.
SNOMED International Services has its own internal content comment system.
Personal Data collected: username.
This type of service allows you to view content hosted on external platforms directly from the pages of SNOMED International Services and interact with them.
This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.
Gravatar is an image visualization service provided by Automattic Inc. that allows SNOMED International Services to incorporate content of this kind on its pages.
Please note that if Gravatar images are used for comment forms, the commenter's email address or parts of it may be sent to Gravatar - even if the commenter has not signed up for that service.
Personal Data collected: email address and Usage Data.
This type of service has the purpose of hosting Data and files that enable SNOMED International Services to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of SNOMED International Services. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.
Amazon Web Services is a hosting and backend service provided by Amazon.com Inc.
DigitalOcean is a hosting service provided by DigitalOcean Inc.
Google Cloud Storage is a hosting service provided by Google Inc.
This type of service allows SNOMED International Services to monitor the use and behavior of its components so its performance, operation, maintenance and troubleshooting can be improved.
Which Personal Data are processed depends on the characteristics and mode of implementation of these services, whose function is to filter the activities of SNOMED International Services.
StatusCake is a monitoring service provided by TrafficCake Limited.
Personal Data collected: Cookies and Usage Data.
This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User.
These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.
Mailchimp is an email address management and message sending service provided by The Rocket Science Group, LLC.
Personal Data collected: email address.
By registering or authenticating, Users allow SNOMED International Services to identify them and give them access to dedicated services.
Depending on what is described below, third parties may provide registration and authentication services. In this case, SNOMED International Services will be able to access some Data, stored by these third-party services, for registration or identification purposes.
Google OAuth is a registration and authentication service provided by Google Inc. and is connected to the Google network.
GitHub OAuth is a registration and authentication service provided by GitHub Inc. and is connected to the GitHub network.
Linkedin Oauth is a registration and authentication service provided by Linkedin Corporation and is connected to the Linkedin social network.
This type of service analyzes the traffic of SNOMED International Services, potentially containing Users' Personal Data, with the purpose of filtering it from parts of traffic, messages and content that are recognized as SPAM.
Personal Data collected: Cookies and Usage Data.
Your privacy is important to us, this policy is intended to provide more transparency over how we collect and use your personal data. They will also explain how to exercise your rights around the use of your personal information.
When we refer to "SNOMED International," "we," or "us" in this policy, we mean the International Health Terminology Standards Development Organisation (IHTSDO), which controls the information we collect when you use the Services (the Data Controller). SNOMED International offers collaborative tools, including our web based tooling, and our related SNOMED CT terminology product. We also own and operate a number of websites and other related services, like support. We refer to all of these products, together with our other services and websites as "Services" in this policy.
In some cases we may need to ask for your explicit consent to process your information or send you emails. In such cases we will either contact you directly or you will be asked for your consent when you next access the service. You have the right at any time to change your consent or have your details removed from our systems where applicable. Further information on how to do this can be found below.
Information we collect about you
We collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below.
Information you provide to us
We collect information about you when you input it into the Services or otherwise provide it directly to us.
Account and Profile Information: We collect information about you when you register for an account, create or modify your profile, or set preferences through the Services. For example when you provide your name and email address. You also have the option of adding a profile photo, and other details to your profile information to be displayed in some of our Services. We keep track of your preferences when you select settings within the Services.
Content you provide through our websites: The Services also include our websites owned or operated by us. We collect other content that you submit to these websites. For example, you provide content to us when you provide feedback or when you participate in any interactive features, surveys, activities or events.
Information you provide through our support channels: The Services also include customer support, where you may choose to submit information regarding a problem you are experiencing with a Service. Whether you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.
Payment Information: We collect certain payment and billing information when you register for certain paid subscription Services or Licences. For example, we ask you to designate a billing representative, including name and contact information, upon registration. You might also provide payment information, such as payment card details.
Information we collect automatically when you use the Services
We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services.
Device and Connection Information: We collect information through your device about your operating system, browser type, IP address, or URLs of referring/exit pages. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services.
How we use information we collect
How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.
To provide the Services and personalize your experience: We use information about you to provide the Services to you, including to process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the Services.
To communicate with you about the Services: We use your contact information to send transactional communications via email and within the Services, including, reminding you of subscription or licence expirations, responding to your comments, questions and requests, providing customer support, and sending you technical notices, updates, security alerts, and administrative messages. These communications are part of the Services and in most cases you will have the option to unsubscribe to opt out of them.
Customer support: We use your information to resolve technical issues you encounter, to respond to your requests for assistance, and to repair and improve the Services.
For safety and security: We use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies.
To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions.
With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.
Legal bases for processing (for EEA users): If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:
We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
It satisfies a legitimate interest (which is not overridden by your data protection interests), such as to control the use and access to our services, the use and licensing of SNOMED CT and to protect our legal rights and interests;
You give us consent to do so for a specific purpose; or
We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
Sharing with third parties
We sometimes share information with third parties that help us operate, provide, improve, integrate, and support our Services.
Service Providers: We work with third-party service providers to provide website and tooling development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you. If a service provider needs to access information about you to perform services on our behalf, they do so under instruction from us, including abiding by policies and procedures designed to protect your information.
With your consent:We share information about you with third parties when you give us consent to do so. For example, we may publicise how members or affiliates are using SNOMED CT on our public websites. With your consent, we may post your name alongside the article.
How we store and secure information we collect
Information storage and security:We use data hosting service providers in the United States to host the information we collect, and we use technical measures to secure your data. We have ensured that our service providers are GDPR or Privacy Shield compliant. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.
How long we keep information:How long we keep information we collect about you depends on the type of information. After such time, we will either delete or anonymise your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
How to access and control your information:You have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them and any limitations. We will respond to requests about this within thirty(30) days.
Your request and choices may be limited in certain cases. For example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we are permitted by law or have compelling legitimate interests to keep. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.
You have the right to request a copy of your information. To object to our use of your information, to request the deletion or restriction of your information, or to request your information in a structured, electronic format. To initiate these requests, you may contact our Data Protection Team via firstname.lastname@example.org.
You can request to have your data deleted, (the right to be forgotten). Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations. We will advise you if there is any reason we cannot delete your data as described above.
You can request that we stop using your information. In some cases, you may ask us to stop accessing, storing, using and otherwise processing your information where you believe we don't have the appropriate rights to do so. For example, if you believe a Services account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this policy. Where you gave us consent to use your information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time. When you make such requests, we may need time to investigate and facilitate your request. If there is a delay or dispute as to whether we have the right to continue using your information, we will restrict any further use of your information until the request is honoured or the dispute is resolved.
You can Opt out of communications. You may opt out of receiving communications from us by using the unsubscribe link within each email, updating your email preferences within your Service account settings menu, or by contacting us as provided below to have your contact information removed from our email list or registration database. Even after you opt out from receiving promotional messages from us, you may still receive transactional messages from us regarding our Services to allow us to operate your account or in relation to the provision or use of the Services. You can opt out of some notification messages in your account.
You have the right to Data portability. To obtain some of your information in a format you can move from one service provider to another (for instance, when you transfer your mobile phone number to another carrier). Depending on the context, this applies to some of your information, but not to all of your information. Should you request it, we will provide you with an electronic file of your basic account information.
Users may exercise certain rights regarding their Data processed by the Owner.
In particular, Users have the right to do the following:
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.
The User's Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of SNOMED International Services or the related Services.
The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.
For operation and maintenance purposes, SNOMED International Services and any third-party services may collect files that record interaction with SNOMED International Services (System logs) use other Personal Data (such as the IP Address) for this purpose.
More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.
SNOMED International Services does not support “Do Not Track” requests.
To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.
Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Information collected automatically through SNOMED International Services (or third-party services employed in SNOMED International Services), which can include: the IP addresses or domain names of the computers utilized by the Users who use SNOMED International Services, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
The individual using SNOMED International Services who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of SNOMED International Services. The Data Controller, unless otherwise specified, is the Owner of SNOMED International Services.
The means by which the Personal Data of the User is collected and processed.
The service provided by SNOMED International Services as described in the relative terms (if available) and on this site/application.
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Small sets of data stored in the User's device.
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).