CHEST reserves the right to make changes to this Policy at any time; in such case, CHEST will post a notice that this Policy has been modified by revising the “Last Reviewed” date at the bottom of this Policy.
CHEST does not knowingly collect or use any personal information from any person under the age of 18. If you are under the age of 18, please do not access or use CHEST websites. If CHEST becomes aware that our systems have collected any personal information from persons under the age of 18, CHEST will delete that data from our systems.
What information does CHEST collect?
CHEST collects two types of information: (1) non-personally identifiable information for everyone who visits its websites; and (2) personally identifiable information for members, registered website users, and anyone who purchases products, events, and services, or requests information.
Non-personally identifiable information
Users who do not desire the functionality offered by cookies may disable cookie functionality in their browsers or through settings on their devices; however, users who do so may not be able to use some features of CHEST websites. For example, a registered user must have cookies enabled in order to access the registered-user sections of CHEST websites.
CHEST may share aggregated or anonymous information that cannot identify you with third parties.
For system administration and troubleshooting, CHEST also logs the originating internet protocol (IP) address, the browser and operating system used, and information about individual use, such as time and date of visits, duration of sessions, and other similar usage or system data.
Personally identifiable information
In addition to the non-personally identifiable information listed above, CHEST records the user’s name and member/customer ID number for all registered users (ie, users who have logged into a password-protected area of a CHEST website). In the course of using CHEST websites, a user may be asked to provide personally identifiable information (eg, name, address, zip code, email address, telephone number, fax number, credit card payment information, etc) in order to purchase a product or event, participate in a CHEST activity, subscribe to a publication, request information, or otherwise interact with CHEST. In addition, users may be asked to update their contact information.
CHEST also collects email addresses voluntarily provided via membership applications and renewals, course and event registrations, product purchases, member surveys, downloads of certain materials, email communication sign-ups, and comments made in discussion threads on CHEST websites.
Important note for CHEST members, customers, donors, and constituents: CHEST also maintains a CRM database. The information in this database (eg, National Provider Identifier [NPI] numbers; demographic information, such as education and specialty) is drawn from membership applications, dues payment forms, subscriptions, product orders, continuing medical education (CME) reporting, public databases, member surveys, and other correspondence between CHEST and its members or customers.
Credit card information: CHEST does not disclose the credit card account information or activity of its customers. When members and customers pay using credit cards, CHEST submits this information encrypted to obtain payment from the appropriate clearing house. Credit card numbers are never stored in CHEST databases.
How does CHEST use information collected?
CHEST uses the information it collects to better serve members, customers, and visitors to CHEST websites in the following ways:
CHEST services and products
CHEST uses information collected to improve its web content, to respond to visitor needs and preferences, and to develop new products and services. For example, CHEST will combine non-personally identifiable information (eg, data stored in cookies, user’s IP address) with personally identifiable information (eg, user’s name, member/customer ID, email address) to offer products and services that may be of specific interest to the user.
Disclosure to third parties
If CHEST discloses personally identifiable information to contracted third parties, CHEST requires that these providers agree to keep confidential all such information and to use it only for the purposes designated by CHEST. CHEST will only disclose personally identifiable information to contracted third parties that provide sufficient guarantees in respect of the technical and organizational security measures governing the processing to be carried out and that demonstrate a commitment to compliance with those measures. The information used by any contracted third party will be preapproved by CHEST.
CHEST may make personally identifiable information available to contracted third parties in connection with CHEST programs and events or for other purposes that might be of interest to you as a CHEST constituent.
CHEST may make personally identifiable information available to contracted third parties that offer their own products or services deemed of potential interest to members and constituents of CHEST. For example:
- Continuing medical education (CME) programs
- Drug samples and pharmaceutical information
- Medical equipment and supplies
- Employment opportunities for health professionals
- General practice-related commercial offers germane to the practice of medicine
CHEST may make personally identifiable information available to our partners and sponsors when you request access to their offerings, benefits, communications, or content.
CHEST may make personally identifiable information available to our third-party contractors and payment processors who perform services for us in connection with the websites, or to complete or confirm a transaction or series of transactions that you conduct with us.
CHEST may make personally identifiable information available to service providers or suppliers when the information enables that party to perform business, professional, or technical support for us.
Links to other websites and social media
CHEST websites include the ability to link to social media channels and social channel websites. As a result, CHEST receives information about users when they choose to post or otherwise share information about CHEST on these social platforms. CHEST may leverage that information in various ways, including enhance user experience with CHEST websites or to communicate with users about CHEST offerings and activities.
CHEST may use outside marketing companies to place and monitor advertisements or links on CHEST websites and on other websites. These companies may use non-personally identifiable information (eg, links clicked during a visit, browser type, time and date, subject of advertisements clicked or scrolled over) and personally identifiable information (eg, NPI number) during user visits to CHEST websites and other websites in order to provide advertisements about products and services likely to be of interest to users.
Protection of your data
CHEST has significant protections in place to ensure the privacy of your personal information. The CHEST membership database is implemented and designed to protect personal information. Individuals are asked to provide only the minimum information necessary when becoming a member, purchasing a product, or registering for a course or event. Multiple layers of physical, administrative, and electronic protections are in place to protect all information from unauthorized use, access, or malicious activity. Personnel procedures and processes have been developed with an emphasis on privacy.
The CHEST system is audited by independent third parties. Effective customer privacy and security are top priorities as part of our overall mission to provide our services to constituents.
Once someone voluntarily provides an email address, CHEST uses that information to email that person with questions, transaction follow-up, promotions, and communications. CHEST collects data to track the effectiveness of emails, which enables CHEST to better serve its audiences.
As noted earlier, there are instances in which CHEST will share email addresses of its members and customers with outside service providers who are under an obligation of confidentiality and restricted use. Release of email addresses is governed under strict contractual licensing guidelines and can only be used for specific purposes.
All CHEST marketing emails and those of third parties include a link for unsubscribing. CHEST will apply any unsubscribe request as quickly as possible. However, because there may be email campaigns already in progress, some messages may still be sent until the opt-out request can be fully processed. Once the opt-out is processed by CHEST and all of its partners, that email address will no longer receive marketing or promotional emails from CHEST. Email addresses are still used in support of specific transactions (eg, membership renewal notice, order confirmation).
Members, customers, and registered website users may choose not to have information released from CHEST. This is done by requesting that CHEST designate a record as “no contact.” The “no contact” status of a record ensures that information will not be licensed for purposes of marketing via email, mail, or phone. To opt-out via “no contact” designation, contact the CHEST Help Team at +1 (800) 343-2227 or at HelpTeam@chestnet.org.
Market research opt-out
From time-to-time, CHEST users may be invited to participate in surveys, focus groups, and/or research panels. Participant contact information, including name, phone number, address, and email address, may be used by CHEST to carry out the survey or communicate about the survey, focus groups, and/or research panels and to provide incentives for participation. Participation in any type of research is completely voluntary. If you prefer not to be contacted to participate in future surveys, focus groups, panels, etc, call the CHEST Help Team at +1 (800) 343-2227 or email HelpTeam@chestnet.org.
CHEST has agreements with other organizations that offer products and services through CHEST websites or third party agreements. When the user interacts with these organizations on their organizations’ websites, whether as a result of following links from a CHEST website, within a CHEST email, or otherwise, different rules and privacy policies may apply. Since CHEST does not control the collection of information or the use of information collected via these other organization websites, CHEST is not responsible for their privacy practices, security, or content.
Visiting or accessing CHEST websites from outside the United States
By visiting or accessing CHEST’s websites, becoming a member or customer, or otherwise voluntarily submitting information to CHEST from outside of the United States, information that CHEST collects will be transferred to servers inside the United States, which may involve the transfer of information out of countries located in the European Economic Area. By allowing CHEST to collect information about you, you consent to such transfer and processing of your data.
European resident privacy rights
In regards to the EU General Data Protection Regulation 2016/679 (“GDPR”), the “data controller” is the American College of Chest Physicians (CHEST), registered in Illinois, USA, with a registered address at 2595 Patriot Blvd, Glenview, IL 60026, USA.
For residents of the European Union and European Economic Area (the “EU”): You have the right to ask us not to process your personal information for marketing purposes. We will usually inform you (before collecting your personal information) if we intend to use your personal information for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your personal information. You can also exercise the right by contacting us by one of the methods in Contact Us section.
Under GDPR, in certain circumstances, you have the right to (a) request access to any personal information we hold about you and related information; (b) obtain without undue delay the rectification of any inaccurate personal information,; (c) request that your personal information is deleted provided the personal information is not required by CHEST for compliance with a legal obligation under European or Member State law or for the establishment, exercise, or defense of a legal claim; (d) prevent or restrict processing of your personal information, except to the extent processing is required for the establishment, exercise, or defense of legal claims; and (e) request transfer of your personal information directly to a third party where this is technically feasible.