Privacy Statement
- Purpose
- Types of Information Collected
- Use of Information Provided
- Disclosures to Third Parties
- Your European Privacy Rights
- International Transfers of Personal Data
- Data Security
- Retention Periods
- Changes to this Policy
- Contact Information
1. Purpose
The American Society of Plastic Surgeons ("ASPS") is the largest plastic surgery specialty organization in the world, based at 444 E. Algonquin Rd., Arlington Heights, IL 60005, United States. Founded in 1931, ASPS members represent approximately 93% of all board-certified plastic surgeons in the U.S., and more than eight thousand plastic surgeons worldwide, making ASPS a global institution and leading authority on cosmetic and reconstructive plastic surgery. ASPS and its affiliates seek to advance quality care to plastic surgery patients through education, advocacy, practice support and enhanced public awareness of the value of plastic surgery, while fostering the highest professional, ethical and quality standards. Click here for more information on ASPS or its affiliates.
This Privacy Policy sets forth how ASPS, the Plastic Surgery Foundation, Plastic Surgery Practice Solutions, Inc., PS2 Practice Management and ASPS Global Partners (collectively, "ASPS Parties" or "We") collect, process and protect personal data in our possession and control, including without limitation, personal data of individuals within the European Union (EU) and the European Economic Area (EEA). For purposes of this document, "personal data" means information relating to an identified or identifiable individual, including any piece of information which can be used to uniquely identify or trace an individual's identity, such as their full name, Social Security Number, credit card information, location data, online identifiers (IP address), etc.
In general, the ASPS Parties:
- Collect, use and store the minimum amount of personal data that is necessary or to comply with legal obligations.
- Limit who has access to the personal data in our possession to only those who need it for the purposes for which it was collected.
- Protect personal data through physical and technical security measures tailored to the sensitivity of the personal data we hold.
- Communicate with our employees, members and other customers, suppliers, business partners and others about how we intend to use personal data in our day-to-day operations.
- Take reasonable steps to ensure your personal data is accurate and up-to-date.
- Integrate privacy in the design of our activities and projects that involve the use of personal data.
For residents of the EU or the EEA, we are the controller of the processing of your data and our processes relating to your personal data are governed by the General Data Protection Regulation ("GDPR"). If you have any questions or inquiries, contact us at privacy@plasticsurgery.org.
You must be at least 18 years old to use this site. We do not knowingly collect, use or disclose personally identifiable information about visitors under 18 years of age. We may incidentally process personal data of children, for instance where participants to our events travel with family. If a parent or guardian becomes aware that his or her child has provided us with personal data without their consent, please contact us at privacy@plasticsurgery.org. If we become aware that a child has registered for our services and has provided us with personal data without the consent of their parent or guardian, we will delete such information from our files.
2. Types of Information Collected
Depending on the context of your interactions with the ASPS Parties, we may collect and use different types of personal data.
Types of information we collect:
ASPS membership information. When applying for one of the different levels of ASPS membership or practice services, including without limitation Plastic Surgery Registries Network ("PSRN"), you will be asked to complete the appropriate form providing your name, contact and professional information. In certain instances, to receive membership or enrolled services, you will be asked to provide photograph(s), bank details or credit card information. We may also require your authorization to verify professional information with your state or country licensing authority or other relevant entities.
Registration for events, conferences and the annual meeting. In order to register for our events, symposia, workshops and conferences, including our Annual Scientific Meeting, you will be asked to provide your name, contact details, accommodation and diet preferences, bank details or credit card information, as well as your ASPS membership identification number.
Product purchases via ASPS Shop. In order to purchase physical and digital products via the ASPS shopping cart system, you will be asked to log in with the account tied to your ASPS membership identification number or will need to create a free non-member account. You will need to provide your name, contact details including phone, email, billing and shipping addresses as well as credit card information.
Publications and Listservs. The ASPS Parties will collect your name and e-mail address if you register to receive news, health advice and lifestyle tips delivered directly to your e-mail inbox through the Newsletter Signup box displayed in various locations throughout the website. Website Account. In order to create a free online account with us to receive access to additional website content and services such as Ask a Surgeon or to purchase products, you will be asked to provide your name, address, e-mail address, and you may voluntarily provide your photo, personal or practice web address, language skills or preferences, and practice/professional information. Patient portals may also permit users to submit inquiries and/or preferences pertaining to planned or anticipated surgical procedures.
Job Opportunity Board (JOB). This service is available to ASPS members and non-members to help search for and recruit plastic surgeons for open positions and fellowships, or to advertise a practice for sale. We allow JOB employers to search active resumes during the time their ad is active, and to post their contact details allowing candidates to view and directly respond to them.
Donations and Sponsorships. Information regarding donor or sponsor identity and payment information may be collected in order to process financial contributions, and for legal reporting and record maintenance requirements. Personal data may include your name, name for purposes of recognition, address, tax identification number, e-mail address and payment information, such as credit card number, billing address and security codes.
Consultation requests. Members of the public interested in finding out more information from a plastic surgeon member of ASPS can use our Find a Surgeon referral service or online consultation form to request information or an in-person consultation with surgeon members participating in our referral service. To utilize this service, you are required to provide your name, contact details and the reason for the consultation. This information is e-mailed to the member of your choice and is stored in the ASPS database as a record of the transmission.
Gallery of videos and photos. We maintain a gallery of public education videos on our website and some of them include testimonials from people who have authorized us to share their personal experiences with plastic surgery. We also share de-identified photos that have been provided by our member surgeons with the appropriate authorizations. These procedural photo galleries are meant to provide public education on the actual results that plastic surgery procedures can provide.
Marketing Activities. Your e-mail address and information about your interaction with our communications (such as IP addresses and click-through data) may be collected as part of our marketing activities. In addition, we may send surveys and collect various responses to these surveys, which may include your contact and professional information.
Information collected automatically. There is other information that we collect automatically when you visit our site or receive our e-mail marketing communications, through the use of cookies or similar technologies. These technologies allow us to collect additional information such as your IP address, device and browser type, pages visited, or how many e-mails that we sent were opened or viewed. See our Cookies Notice for more information.
ASPS Mobile App. Use of ASPS's app – ASPS Mobile – may require the collection of e-mail and other contact information for purposes of login credential generation and authentication. ASPS Mobile also collects information about the devices on which it is utilized for purposes of application maintenance, support and troubleshooting.
3. Use of Information Provided
The purposes for which we collect and use your personal data may vary depending on the type of relationship you have with us, whether you are an Active Member of ASPS, a resident subscriber, or a member of the public looking for information or utilizing our Plastic Surgery Connect and Find a Surgeon referral and community systems.
ASPS Member Accounts. Personal data collected through our membership accounts on our website are used for purposes of managing the applicable member's membership account and providing membership-related services.
PSRN Accounts. Personal data collected through our clinical data registries network user accounts is used for purposes of administering the applicable data registry and providing registry-related services to users. Use of personal data and patient information, if any, is more specifically described in the participation agreement you enter into with the applicable ASPS Party upon registration to participate in PSRN.
Registration for events, conferences and the annual meeting. Personal data collected from registrants for our events is processed for purposes of providing services at the event.
Product purchases via ASPS Shop. Personal data collected from product purchases is used to validate eligibility to purchase certain products and processed to provide products to eligible purchasers.
Publications and Listservs. Personal data collected in the context of our publications (e.g. through abstract and article submissions) and listserv or mailing lists is used to process your subscription to the publication or similar electronic communication.
Website Account. Personal data collected through free online non-member accounts is used to facilitate the requested services associated with the account, including publication and newsletter distributions and consultation requests as may be requested by you as the user of the account.
Job Opportunity Board (JOB). Personal data collected through JOB is used to facilitate the search and recruitment of plastic surgeons for open positions and fellowships, or sale of a business. Information may also be used for the maintenance, support and improvement of the JOB platform.
Donations. Personal data collected from potential donors or sponsors is used to process the donation request and maintained for legal reporting and compliance purposes.
Consultation requests. Personal data collected through our online services, including Find a Surgeon, Ask a Surgeon or Consultation Request is used to facilitate the requested service. If applicable, personal data will be shared with the member you select and a record of that transaction archived within the applicable database, as required by law or for purposes of maintenance, support and improvement of the platform and service line.
Gallery of videos and photos. We maintain a gallery of public education videos on our website and some of them include testimonials from people who have authorized us to share their personal experiences with plastic surgery. We also share de-identified photos that have been provided by our member surgeons with the appropriate authorizations. These procedural photo galleries are meant to provide public education on the actual results that plastic surgery procedures can provide.
Marketing Activities. Personal data may be processed for purposes of marketing activities to promote the ASPS Parties' membership, services and activities. Marketing activities may include single use mailing list rentals by third parties for purposes of communicating product and service information relevant to the practice of plastic surgery. Personal data may be used to send communications to the ASPS Parties' members and others who interact with the ASPS Parties and may be collected from such recipients about their use of marketing communications.
Information collected automatically. Personal data collected through cookies placed on our website may be processed to support the operation of our website and to analyze the traffic patterns to our site. See our Cookies Notice for more information. The ASPS Parties may use aggregate statistics about website visitors, such as volume, traffic patterns, login activity, referral sources and related site information to support the operation of our websites. It may also provide this aggregate information to third-party vendors for further analysis and service support.
ASPS Mobile App. Personal data collected through our app is processed for purposes of facilitating communications with you and for the maintenance, support and improvement of the application. Such uses may include access to membership account information, news feed and the ASPS Member Roster.
Financial Transactions (Generally). To process these credit card and other payment transactions, personal data we collect from you may be used by us or directed to a third party we have contracted to provide payment processing services in order to fulfill your request.
4. Disclosures to Third Parties
At times, we engage third-party contractors, service providers and other vendors to help us accomplish our business objectives. There are other circumstances in which we are required by law to disclose personal data to third parties such as public bodies or judicial authorities.
We engage with our agents, representatives, contractors, service providers or other third parties for the following services: authorization of credit card transactions, order fulfillment and continuing medical education. Our third-party vendors include credit card processors, warehouses/fulfillment centers, online education systems, e-mail marketing systems, publishers, meeting registration systems, exhibitor management systems, speaker presentation systems, research grant application systems and registries systems. Our current service providers are located in the United Kingdom and the United States. If the engagement involves the transmission of personal data, we require the service provider to treat that data consistent with this Privacy Policy. It is the ASPS Parties' policy to execute a contract to protect the personal data before any data is disclosed.
Notwithstanding the foregoing, the ASPS Parties may also disclose information in special cases when it has a good-faith belief that such action is necessary to: (a) conform to legal requirements or comply with legal process; (b) protect and defend our rights or property; (c) enforce the terms and conditions of use for any of the ASPS Party websites or the ASPS Mobile app, as applicable; or (d) act to protect the interests of our users or others.
In addition, the ASPS Parties may be required by law enforcement or judicial authorities to provide personally identifiable information to the appropriate governmental authorities. We will disclose such information upon receipt of a court order, subpoena, or to cooperate with a law enforcement investigation. The ASPS Parties reserve the right to report to law enforcement agencies any activities that we in good faith believe to be unlawful.
5. Your European Privacy Rights
If you reside or otherwise find yourself in the European Economic Area (EEA) or Switzerland, the ASPS Parties are committed to processing your personal data lawfully and facilitate the exercise of your rights granted by the European data protection law. You can contact us at any time to discuss your privacy concerns or to exercise these rights.
Legal basis for data collection and use: We collect and use personal data only when there is a fair and legal basis for its collection and use, for instance, when the collection of personal data is necessary to become member of ASPS, to meet our legitimate interests, to send marketing materials, to comply with legal obligations or when we have your authorization. See below the legal basis for each collection:
- ASPS Membership. Personal data is collected on the basis of a contract with each member to provide membership-related services, and the ASPS Parties' legitimate interest in providing you membership services.
- Registration for events, conferences and the annual meeting. Personal data is collected on the basis of a contract with each registrant for administration of the event, and the ASPS Parties' legitimate interest in providing event-related services to all attendees.
- Product purchases via ASPS Shop. Personal data is collected on the basis of a contract with each eligible purchaser in order to validate eligibility to purchase certain products, and the ASPS Parties' legitimate interest in processing orders for eligible purchaser.
- PSRN Accounts. Personal data is collected on the basis of the contract entered into between the applicable ASPS Party and registry participant for each clinical data registry, and the ASPS Parties' legitimate interest in providing registry-related services to all PSRN registrants.
- Publications and Listservs. Personal data is collected on the basis of a contract with subscribers of such publications.
- Website Account. Personal data is collected on the basis of a contract to provide additional log-in only services selected by the registered user.
- Job Opportunity Board (JOB). Personal data is collected on the basis of a contract to facilitate postings and responses on the JOB platform.
- Donations and Sponsorships. Personal data is collected in order to fulfill the contractual commitment between donors/sponsors and the ASPS Parties to process and accept the contribution, and the ASPS Parties' legitimate interest in facilitating donations and sponsorships, and legal obligations attendant thereto.
- Consultation requests. Personal data is collected where you have provided your consent.
- Gallery of videos and photos. Personal data is collected where you have provided your consent.
- Marketing Activities. Collection is allowed where you provide consent for email marketing, and collection for marketing conducted other than through email or phone call is based on our legitimate interest.
No mobile information will be shared with third parties/affiliates for marketing/promotional purposes.
All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. - Information collected automatically. Personal data is collected where you have provided your consent.
- ASPS Mobile. Personal data is collected on the basis of a contract to provide you services through the application once you have elected to download and install the application, and the ASPS Parties' legitimate interest in providing services to all users of the application.
Privacy rights under the European regulation:
Transparency and the right to information. We provide notice to our members, website users and other third parties who interact with us on how we use personal data in our day-to-day activities at the time of collecting personal data, or as soon thereafter as possible. We also publish this privacy notice for greater transparency.
Right to access, rectification, restriction of processing, erasure and data portability. If you are based in the EEA or Switzerland, we provide you with access to your own personal data. In addition, we will rectify your personal data when it is incorrect or inaccurate, and we will ensure the right to erasure, portability and restriction of processing when these rights are not incompatible with other legal obligations.
Right to object and withdraw consent at any time: For all marketing materials, you can opt-out any time, free of charge. All marketing e-mails provide a link to manage your e-mail preferences in the footer of the communication. The right to object to other processing activities will be balanced to ensure that it is not incompatible with local regulations or our legitimate interests.
These requests should be submitted as follows:
Opt-out of marketing communications: you can opt-out anytime by following the opt-out instructions in our commercial e-mails or contacting us at communications@plasticsurgery.org. You will still continue to receive emails relevant to course registrations or purchases (e.g. registration confirmations or purchase receipts) or necessary to your continued membership in the ASPS Parties (e.g. dues notices). If you believe that SPAM has been sent from us, please contact us at privacy@plasticsurgery.org so that we can investigate and rectify the situation.
To exercise the rest of your rights: you should send a communication in writing to privacy@plasticsurgery.org and provide the following information in order to verify your identity: Your first and last name and ASPS member ID number, if applicable. We will attend to your request in a timely manner within 30 days after receiving your request. If for any reason we need to extend this period of time, we will contact you.
If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority of your habitual residence, place of work or place of the alleged infringement.
6. International Transfers of Personal Data
If you are located outside the United States and you interact with our website or provide us personal data, then your personal data may be transferred to the United States.
We transfer your personal data to the United States whenever you interact with us. The U.S. has not sought, nor obtained adequacy status from the European Union. The level of protection of your personal data is not deemed equivalent to the one in the EEA, unless the receiving organization is self-certified under the EU-US Privacy Shield. The ASPS Parties have not sought self-certification under the EU-US Privacy Shield, and PSF, as an organization exempt under Section 501(c)(3) of the Internal Revenue Code, is not able to self-certify under the EU-US Privacy Shield Principles.
Article 49 of the GDPR permits the ASPS Parties to transfer your personal data on the basis of the following derogations:
- Explicit consent, for newsletter subscribers and certain processing in relation to organizing events or facilitating access to information, such as storing photos;
- Necessity to enter and for the performance of a contract for registration information to participate in our events; for processing personal data of our members and third-party users to maintain their relationship with our organization, provide them services including when they log in to their member or online user accounts; and also for processing personal data for online and offline courses.
As for safeguards to your personal data, we directly apply the GDPR provisions to your personal data. As a matter of principle, we do not engage in any onward transfers regarding your data, beyond the access that our processors have to your data, except for sharing among the ASPS Parties and our membership mailing list rental program. We carefully select our processors and we require that they provide equivalent safeguards.
7. Data Security
The ASPS Parties are committed to the security, confidentiality and integrity principle. We take commercially reasonable precautions to keep all information obtained from our online visitors secure against unauthorized access and use, and we periodically review our security measures.
The ASPS Parties use PCI DSS and SSL certificates to provide secure, encrypted communication between our websites and any Internet browser. We use high-grade encryption and the secure https protocol to communicate with your browser software, which mitigates the risk of interception of the credit card information you give us. We also employ several different security techniques to protect your personally identifiable information from unauthorized access by users inside and outside the organization. The Web servers for the ASPS Parties are located in a secure environment, and computer systems are maintained in accordance with industry standards of like organizations to secure information. You should be aware, however, that "perfect security" does not exist on the Internet, and third parties may unlawfully intercept or access transmissions or private communications.
This site contains links to other sites. While the ASPS Parties strive to link only to sites that share our high standards and respect for privacy, the ASPS Parties not responsible for the privacy practices employed by other sites.
NONE OF THE ASPS PARTIES MAKES ANY CLAIMS, PROMISES OR GUARANTEES ABOUT THE ACCURACY, COMPLETENESS OR ADEQUACY OF THE CONTENTS OF ITS SITE, AND EXPRESSLY DISCLAIMS LIABILITY FOR ERRORS AND OMISSIONS IN THE CONTENTS OF THIS SITE. NO WARRANTY OF ANY KIND, IMPLIED, EXPRESSED OR STATUTORY, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF NON-INFRINGEMENT, TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND FREEDOM FROM COMPUTER VIRUS, IS GIVEN WITH RESPECT TO THE CONTENTS OF THEIR WEBSITE OR ITS HYPERLINKS TO OTHER INTERNET RESOURCES. REFERENCE IN THEIR WEBSITE TO ANY SPECIFIC COMMERCIAL PRODUCTS, PROCESSES OR SERVICES, OR THE USE OF ANY TRADE, FIRM OR CORPORATION NAME IS FOR THE INFORMATION AND CONVENIENCE OF THE PUBLIC AND DOES NOT CONSTITUTE ENDORSEMENT OR RECOMMENDATION BY THE ASPS PARTIES.
8. Retention Periods
ASPS applies the storage limitation principle in order to retain personal data in our records only for the length of time required to fulfill the purpose for which the data was collected.
According to our retention policy, we keep personal data in our records only as long as they are necessary for the purposes for which they have been processed. The retention period depends on the context in which we process data and on specific circumstances such as regulations requiring retaining information for a certain period of time. These circumstances may include local laws, the reasonably anticipated future business needs for the data, the benefit to the user to have the data available, legal requirements to hold the data, or similar circumstances. For example, application for membership, including letters of support, letters from ABPS, letters of concern, etc. are stored during the period of candidacy and active membership, plus one year thereafter. The same period applies to correspondence and the rest of the information is stored for a maximum period of three years, unless relating to active dispute, in which case until resolution. Only Ethics and Membership Committee Disciplinary Files are stored permanently for archiving purposes according to our internal regulations.
9. Changes to this Policy
We reserve the right to modify this Privacy Policy at any time. We will duly inform you of any changes.
The ASPS Parties may occasionally update this privacy statement and other statements referenced by it as new services and programs are introduced. These changes will be notified to you via e-mail communication and/or by placing a prominent notice on the site. The time stamp you see on the policy will indicate the last date it was revised.
10. Contact Information
If you have any concerns or questions about how your personal data is used, please contact us at:
American Society of Plastic Surgeons
444 E. Algonquin Road
Arlington Heights, Illinois 60005
847-228-9900
privacy@plasticsurgery.org
Last Updated: May 14, 2020