Privacy Policy – Sickle Cell Disease Coalition

Last Updated: 2/18/2025

Privacy Policy

PLEASE READ THIS PRIVACY STATEMENT AND NOTICE OF PRIVACY PRACTICES CAREFULLY.

The website SCDCoalition.org and its subsites and subdomains are owned and operated by the American Society of Hematology (“we” or “us” or “ASH”). This Privacy Statement and Notice of Privacy Practices (“Privacy Policy”) sets forth the privacy practices of ASH as it relates to the collection, use, transfer, and processing of personal data collected by the Sickle Cell Disease Coalition (the “SCDC”). This Privacy Policy is intended to be applicable to all data collection by ASH in connection with, and shall apply to your use of this website or to any pages, facilities, services, or capabilities accessible on SCDCoalition.org, any subsite, subdomain, subdirectory, virtual site, or virtual directory thereof that links to or references to this Privacy Policy (each, a “Site” and collectively the “Sites”). Our Sites may include external links to other websites, but ASH is not responsible for the privacy or data security practices of such third-party sites unless this Privacy Policy is posted there.

Application of Policy

This Privacy Policy does not apply to your use of any third-party website that may contain a link to a Site or any websites, applications or other information collected or used by any affiliate of ASH. Please visit the privacy policies of any such entities for information regarding your use of their sites and how they handle your personal information.

This Privacy Policy describes how ASH treats information obtained through SCDC’s activities, including but not limited to the collection, storage, transfer, sharing and handling of information about you based on your use of the Sites. While the SCDC facilitates the collection of this information, ASH is responsible for its management and protection as outlined in this Privacy Policy. Please note that this Privacy Policy applies to Site visitors. Separate terms and conditions may apply to SCDC member organizations. As used in this Privacy Policy, “Personally Identifiable Information” or “PII” means any information that may be used, either alone or in combination with other information, to personally identify an individual, household or device as defined by applicable laws. “Non-Personally Identifiable Information” or “NPII” means any information that is not PII. “NPII” can include items like technical information collected from a web browser, or it can be demographic information, such as your age, gender, or interests that you provide to us, from which any identifying information has been removed. We consider information that has been de-identified (all identifiers have been removed) and combined with other de-identified information (for example, as part of a report that does not identify individuals but only groups) as NPII. If you do provide us with Non-Personally Identifiable Information, we may use it for the purposes described in this statement or any other legal purpose. We also may combine NPII with PII, but any PII will continue to be protected as described in this Privacy Policy.

This Privacy Policy also applies to the processing of personal data of individuals located in the European Union. If you are located in the European Union, if the processing of your data is subject to the laws of a member state of the European Union by virtue of public international law, if your information is otherwise governed by European Union Law or parallel law, or if the processing activities are related to the offering of goods or services to data subjects in the European Union, or the monitoring of individuals’ behavior that takes place within the European Union, please review carefully the “General Data Protection Regulation (GDPR)” section below for more information regarding your rights and our activities relating to your personal data. If the GDPR section is applicable to your information, then other sections in this Privacy Policy still may apply to you but are subject to (and considered modified by) the GDPR section. Similar laws may apply to data originating from other countries as well.

This Privacy Policy is incorporated as part of the Terms of Service that apply with respect to your use of the Sites and your submission of information to ASH. This Privacy Policy may not be the only policy or agreement applicable to you. Please visit our Terms page for additional terms and conditions applicable to SCDC’s services.

By providing us your information after receiving notice of the terms of this Privacy Policy, you acknowledge that you have read this Privacy Policy and that you consent to SCDC’s privacy practices as described in this Privacy Policy. You affirm your consent by visiting our Sites, submitting content or materials to us through our Sites, or when you become a member of the SCDC.

This Privacy Policy is not intended to, and does not, create any contractual or other legal right in or on behalf of any person. The information you provide to ASH in the event that you become an SCDC member is also governed by the terms and conditions of your membership. In the event of a conflict between this Privacy Policy and any term(s) of your membership, the terms of your membership will govern unless you otherwise have rights under applicable law that cannot be disclaimed or overridden by other terms.

Your Rights and Choices

You may have certain rights regarding the PII we maintain about you. We offer you certain choices about what Personally Identifiable Information we collect from you, how we use that information, and how we communicate with you. You may refrain from submitting information directly to us, although doing so may impact our ability to provide the services, and information you request.

Changes to this Privacy Policy

ASH reserves the right to revise or update this Privacy Policy at any time, and you agree to be bound by those revisions or updates. ASH will notify you of any changes to the Privacy Policy by posting the revised or updated Privacy Policy and its “Last Modified” date on the Sites. You should check the Sites regularly for updates. Your continued use of the Sites constitutes your consent and acceptance of the new Privacy Policy and its revisions or updates once posted.

Contact and Electronic Communications

By providing your information on our Sites and/or upon submission of an application to become an SCDC member, you agree that we can communicate with you electronically regarding any legal, regulatory, technical, security, privacy, administrative or consumer notification obligation relating to your use of the Sites or regarding your membership. We may use your email address to confirm your request, to send you information about changes to our products and services, and to send notices and other disclosures as described above or as required by law. Generally, users cannot opt-out of these communications, but they will be primarily informational in nature rather than promotional. You may, however, opt out of email communications if you are no longer a representative of the SCDC organization through which you had membership, or your organization itself withdraws from the SCDC.

If you have any specific questions about this Privacy Policy, you can contact:

American Society of Hematology
Attn: Data Protection Officer
2021 L Street NW, Suite 900
Washington, DC 20036

You also may contact the ASH Customer Relations Department by phone at 866-828-1231 (U.S. toll free) or 001-202-776-0544 (for international callers), Monday through Friday from 8:30 a.m. to 5:00 p.m. Eastern time.

Information We Collect About You

Personally Identifiable Information (“PII”)

Here are some examples and explanations of the ways in which we may collect, store, transfer, share or otherwise use PII that is made available to ASH.

Participation and Engagement History. When you use our services and/or become a member of the SCDC we track your participation and engagement history and, in some circumstances, make this information available to other members of the SCDC or to the general public. Participation history may include information about your committee membership and participation generally in the mission of the SCDC.

Membership Directory. We maintain PII on all our member organizations and selected SCDC representatives, some of which (name, company name, address, phone, email address, and position title) may be with other members. You may elect not to be included in this networking exchange by indicating your preference during SCDC onboarding.

Survey Data. We may obtain personal information during the course of online surveys in which you choose to participate, but we do not retain such personal information or provide it to third parties except in aggregated, non-identifiable form.

Internet Protocol (IP) address. Your “IP address” is a number that lets computers attached to the Internet know where to send you data, such as the screens and pages of our services that you view. We use this information to deliver our screens and pages to you upon request, to tailor our services to the interests of you and our other visitors, and to measure traffic to and within our services.

Demographic Information. “Demographic information” may be your gender, age, educational background, zip code, and job titles and/or roles. We may collect such information about you through our services and activities and use it to provide you with personalized services and to analyze trends to ensure that our services and the information on them is targeted to meet the needs of our membership and other constituencies.

Device Information. “Device Information” may include information we collect such as your hardware model, operating system version, unique device identifiers and mobile network information including phone number. We may associate your device identifiers or phone number with your account.

Location Information. When you use the Sites, we may collect and process information about your actual location. We use, or may in the future use, various technologies to determine location, including IP Address, Global Positioning Systems on mobile devices and other sensors that may provide ASH with information about nearby devices, Wi-Fi access points and cell towers.

Non-Personally Identifiable Information (“NPII”)

NPII that we may gather can include items like technical information collected from a web browser, or it can be demographic information, such as your age, gender, or interests that you provide to us, from which any identifying information has been removed. We consider information that has been de-identified (all identifiers have been removed) and combined with other de-identified information (for example, as part of a report that does not identify individuals but only groups) as NPII.

How We Use Information

Personally Identifiable Information.If you provide us with PII, we will only use it for the purposes described in this statement.

We use PII to provide you with services, to develop our membership, to provide SCDC members with certain opportunities, for Site troubleshooting and maintenance, and to communicate with you about your membership, opportunities and our services. For example, we may use PII at the time and place where we receive it such as collecting your name at a conference in order to provide you relevant information, a name tag, etc. We also use PII in our services to:

help us create and publish content most relevant to you;

enable us to deliver our publications to you;

allow you access to certain areas of our Sites;

develop your profile as part of your SCDC membership, membership application or other interaction with ASH;

provide you with information about grant opportunities, educational publications (e.g., medical textbooks, scientific journals), and other educational programs or courses that may be of interest to you;

forward promotional materials and to fulfill the terms of such promotion;

complete a service requested by you;

target our services to your needs;

identify you as a provider of content;

contact you in response to sign up forms such as “Contact Us” or membership application; and allow you to register for meetings and to request additional information.

Any PII that constitutes “Sensitive Information” that you choose to provide will be used purely for ASH internal purposes and will not be provided to third parties without your consent. We may, however, use Sensitive Information in order to promote inclusion of a broad spectrum of individuals in our programs and policies and to assure that various important viewpoints are heard.

Legal Disclosure. We may disclose information about you and your use of services if we believe that such disclosure is reasonably necessary to:

Comply with the law and/or legal process where a formal request has been made (e.g. request from an administrative oversight agency, civil suit, subpoena, court order or judicial or administrative proceeding);

Protect or defend our rights and/or property or the rights and property of others;

Enforce our Terms of Service, this Privacy Policy, and/or other agreements or policies;

Respond to claims that the content(s) of a communication violates the rights of another; or

Respond to urgent circumstances to protect your personal safety or the personal safety of others.

Also, circumstances may arise where, for business reasons, we may decide to reorganize, or divest all or part of our business through sale, assignment, merger or acquisition, or we may acquire a new business. In these circumstances, personal information may be shared with the actual or prospective purchasers or assignees or with the newly acquired business. In such an event, we shall provide notice of any material change to this Privacy Policy, or our services, in the manner described in the Changes to this Policy section of this Privacy Policy.

Non-Personally Identifiable Information.We may use Non-Personally Identifiable Information for the purposes described in this Privacy Policy or any other legal purpose.

Reports. We periodically prepare analyses and reports reflecting visitor and member use of the services. In preparing these reports, we may combine and analyze the information you provide to us with information from other sources. However, these reports, when completed and before they are shared, will only include aggregated information about visitors and members. The information in these completed reports will not identify individuals. Any third party with whom such reports may be shared also will not be able to contact you from the information contained in such reports.

Sharing and Disclosure

Personally Identifiable Information.Primarily, we may share your PII (other than “Sensitive Information”) or disclose it to third parties in the following instances:

To provide you with an offering that you requested or that is a benefit of your membership, including delivery of our newsletters to you.

To unaffiliated third-party service providers, agents, or independent contractors who help us maintain our services and with other administrative services (including, but not limited to, providing customer service, maintaining and analyzing data, sending customer communications on our behalf, and entry collection, winner selection and prize fulfillment for contests and other promotions). We enter into agreements with such unaffiliated third parties that include reasonable confidentiality obligations to protect your PII and restrict its use to the intended purpose.

To third parties as part of a corporate reorganization process including, but not limited to, mergers, acquisitions, and sales of all or substantially all of our assets.

To protect against fraud and potential fraud. We may verify the information you provide using our services through third parties. In the course of such verification, we may receive additional PII about you from such services.

Non-Personally Identifiable Information.We may share and disclose NPII for the purposes described in this statement or for any other legal purpose, including to track and analyze non-identifying, aggregate usage and volume statistical information from our visitors and customers and provide such information to third parties. We also may combine NPII with PII and use and share it for purposes where the use and disclosure of PII is permitted by this Privacy Policy and applicable law.

Controlling Your Information

Contact Us to Request Changes. Upon request we will attempt to delete such information, where technically feasible, after we receive a request from you to delete information. Please be advised that by requesting that your data be removed from our database, you will be unsubscribed from our services.

Please be advised that we may reject requests that are unreasonably repetitive, require disproportionate administrative or technical efforts, risk the privacy of other individuals or would be commercially unreasonable or impracticable.

We will retain your information for as long as your SCDC membership is active or as needed to provide you services and as required by law, required for legal or operational purposes, to resolve disputes, or in accordance with our document retention policies and practices.

If you encounter a screen or page that requests information you do not want to share with us, do not enter the information and do not proceed with that screen or page.

Opt Out and Opt In

You may choose not to receive promotional email communications from us and can opt-out of receiving other types of communication from us such as emails and newsletters.

You may exercise your opt-out by ticking or un-ticking the appropriate box, if there is a checkbox where such information is collected, or by contacting us. You also may opt-out of receiving such emails by clicking on the “unsubscribe” link within the text of the applicable email. We will process your unsubscribe request as soon as possible, but please be aware that in some circumstances you may receive more messages until your request is processed.

Children

The Sites and services are not intended for use by children. We do not intentionally gather Personally Identifiable Information about visitors who are under the age of 13. If a child has provided us with Personally Identifiable Information, a parent or guardian of that child may contact us to have the information deleted from our records. If you believe that we might have any information from a child under age 13, please contact us at coordinator@scdcoalition.org. If we learn that we have inadvertently collected the personal information of a child under 13, or equivalent minimum age depending on jurisdiction, we will take steps to delete the information as soon as possible.

Cookies and Tracking

In connection with the services, we or other parties may use cookies, web beacons, or other technologies that store or track information related to your use of the services.

Cookies are small web files that a website or its provider transfers to your device’s hard drive, through your web browser, that enables the site’s or provider’s system to recognize your browser and remember certain information. “First-party cookies” are cookies set by us on the Sites. “Third-party cookies” are cookies set by other companies whose functionality is embedded into our website (for example, those set by Google). Generally, we may use first-party and third-party cookies for the following purposes: to make our website function properly; to provide a secure browsing experience during your use of our website and/or Services; to collect passive information about your use of our website and Services; to measure how you interact with our marketing campaigns; to help us improve our website and Services; and to remember your preferences for your convenience.

Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services.

If you have questions or comments about your privacy rights, you may email us at coordinator@scdcoalition.org.

Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. Our Services do not support Do Not Track requests at this time, which means that we collect information about your online activity while you are using our Services. We do not collect online activity after you leave our Services.

Third-Party Cookies We May Use

Google Analytics. We use Google Analytics on the Site to help us analyze the traffic on the Site. For more information on Google Analytics’ processing of Personal Data, please see http://www.google.com/policies/privacy/partners/ You may opt out of the use of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

YouTube. We use YouTube to embed videos on pages of the Website. YouTube will set cookies when you interact with content hosted by YouTube. These cookies automatically collect certain information (such as your IP address, watch history, and subscriptions) across your various devices. For more information about YouTube and YouTube’s Privacy Policy, please visit: https://www.youtube.com/howyoutubeworks/user-settings/privacy/

You may refuse to accept cookies from the Site at any time by activating the setting on your browser that allows you to refuse cookies. Further information about the procedure to follow in order to disable cookies can be found on your Internet browser provider’s website via your help screen. You may wish to refer to http://www.allaboutcookies.org/manage-cookies/index.html for information on commonly used browsers.

Please note that by disabling or blocking any or all cookies, some features of the Site may not operate as intended, or you may not have access to features or personalization available through the Site.

Third-Party Links and Websites

Our Sites may contain links to third-party services. While we endeavor to work with third parties that share our respect for user privacy, we are not responsible for the websites or privacy practices of such third parties. In addition, this Privacy Policy is not intended to describe data handling procedures for information collected by other linked websites or third parties. You are responsible for knowing when you are leaving our Sites to visit a third-party website and for reading and understanding the terms of use and privacy policy statements for each such third party.

Social Media and Community Platforms

Any information, communications, or material of any type or nature that you submit to the Sites (including, but not limited to, any SCDC Sites contained on a social media platform or website such as X/Twitter, Instagram or LinkedIn) by email, posting, messaging, uploading, downloading, or otherwise (collectively, a Submission) is done at your own risk and without any expectation of privacy. ASH cannot control the actions of other users of any social media platform or website, and ASH therefore is not responsible for any content or Submissions contained on such sites and platforms. By visiting any ASH Site that is contained on a social media platform or website, you are representing and warranting to ASH that you have reviewed the applicable privacy policy and terms of use of such platform or website and that you will abide by all such provisions contained therein. We may provide public areas on our services, such as forums and chat rooms, where you can post information about yourself and others. Please exercise discretion and use caution with respect to your information, especially in such public areas. We do not control who reads postings on our services, or how they may use or disclose such information. If you choose to voluntarily disclose information on public portions of our services, that information may be subject to web searches and will be publicly available to be collected and used by others. For example, if you post your email address, you may receive unsolicited messages. PLEASE BE EXTREMELY CAREFUL WHEN DISCLOSING ANY INFORMATION ABOUT YOURSELF OR OTHERS IN PUBLIC AREAS OF OUR SERVICES. WE ARE NOT RESPONSIBLE FOR THE USE OR DISCLOSURE OF SUCH INFORMATION.

How We Protect Your Information

ASH maintains reasonable and appropriate measures to protect your information from loss, misuse and unauthorized access, disclosures, alterations and destruction taking in to account the risk involved in the processing and the nature of PII. Unfortunately, no site, server or database is completely secure or “hacker proof.” We therefore cannot guarantee that information about you will not be disclosed, misused or lost by accident or by the unauthorized acts of others.

Colorado Residents

This section applies only to Colorado residents. Under the Colorado Privacy Act (CPA), you have the rights listed below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. You have:

The right to be informed whether or not we are processing your personal data;

The right to access your personal data;

The right to correct inaccuracies in your personal data;

The right to request deletion of your personal data;

The right to obtain a copy of the personal data you previously shared with us; and

The right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects (“profiling”).

To submit a request to exercise these rights described above, please email coordinator@scdcoaliton.org.

If we decline to take action regarding your request and you wish to appeal our decision, please email us at coordinator@scdcoaliton.org. Within forty-five (45) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.

‍Connecticut Residents

This section applies only to Connecticut residents. Under the Connecticut Data Privacy Act (CTDPA), you have the rights listed below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. You have:

The right to be informed whether or not we are processing your personal data;

The right to access your personal data;

The right to correct inaccuracies in your personal data;

The right to request deletion of your personal data;

The right to obtain a copy of the personal data you previously shared with us; and

The right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects (“profiling”).

To submit a request to exercise these rights described above, please email coordinator@scdcoaliton.org.

If we decline to take action regarding your request and you wish to appeal our decision, please email us at coordinator@scdcoaliton.org. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.

‍Verification process

We may request that you provide additional information reasonably necessary to verify you and your consumer’s request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request.

Upon receiving your request, we will respond without undue delay, but in all cases, within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension.

‍Right to appeal

If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at coordinator@scdcoaliton.org. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may contact the Attorney General to submit a complaint.

Commercial Electronic Messages (“CEM”) in Canada

Canada’s Anti-Spam Law requires that the Company obtain the express consent of Canadian citizens before sending an electronic message that contains unsolicited promotions of products or services. We will ask you for your explicit consent when you provide us with your email address or other personal information through which we intend to encourage your participation in a commercial activity, such as a promotion for our products.

If you explicitly consent to receiving CEM, each communication sent to you will contain an option to unsubscribe to the communications or to revoke your consent to receive CEM. Alternatively, you can contact us at the address or email provided below in the “Contact Us” section to be removed from our mailing lists.

General Data Protection Regulations (GDPR)

In the event that we collect Personal Data (as defined in the GDPR) that is subject to the GDPR or other similar international data protections laws, this section will apply. Terms in this section are to be understood in a manner consistent with GDPR including the definition of such term in the GDPR. Such term may have a different definition or meaning in other portions of this Privacy Policy because GDPR may not apply to those sections.

Identification of Data Controller:

The Data Controller is the American Society of Hematology. ASH is located at 2021 L Street NW in Washington, DC. You may contact the ASH Customer Relations Department by phone, please call 866-828-1231 (U.S. toll free) or 001-202-776-0544 (for International callers), Monday through Friday from 8:30 a.m. to 5:00 p.m. Eastern time.

Identification of Data Protection Officer and Contact Details:

You may contact the Data Protection Officer by phone, 001-202-776-0544, Monday through Friday from 8:30 a.m. to 5:00 p.m. Eastern time, by email: dpo@hematology.org or by mail at 2021 L St., NW, Suite 900, Washington, DC 20036.

Identification of Primary Member State Supervisory/Data Protection Authority:

You have the right to lodge a complaint regarding the processing of your Personal Data with us by contacting our Data Protection Officer listed above. You also may lodge a complaint with the Data Protection Authorities in the Member State where you habitually reside, work, or where an infringement occurred. You can find a list of Data Protection Authorities here.

Identification of Data Protection Representative:

We have appointed DPR Group as our Data Protection Representative in the European Union so that you can contact our Representative directly in your home country. DPR Group has locations in each of the EU countries and the UK.

If you want to raise a question to ASH, or otherwise exercise your rights in respect of your personal data, you may do so by contacting our Data Protection Officer listed above or by:

sending an email to DPR Group at hematology@dpr.eu.com,

contacting DPR Group on its online webform at www.dpr.eu.com/hematology, or

mailing your inquiry to DPR Group at the most convenient of the addresses set forth below.

PLEASE NOTE: When mailing inquiries, it is ESSENTIAL that you mark your letters for “DPR Group” and not “American Society of Hematology” or your inquiry may not reach us. Please refer clearly to American Society of Hematology in your correspondence. On receiving your correspondence, ASH is likely to request evidence of your identity to ensure your personal data and information connected with it is not provided to anyone other than you.

If you have any concerns about how DPR Group will handle the personal data it will require to undertake its services, please refer to DPR Group’s privacy notice at https://www.dpr.eu.com/legal-privacy.

Country Address

Austria DPR Group, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria

Belgium DPR Group, Place de L’Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium

Bulgaria DPR Group, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria

Croatia DPR Group, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia

Cyprus DPR Group, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus

Czech Republic DPR Group, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic

Denmark DPR Group, Lautruphøj 1-3, Ballerup, 2750, Denmark

Estonia DPR Group, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia

Finland DPR Group, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland

France DPR Group, 72 rue de Lessard, Rouen, 76100, France

Germany DPR Group, 3rd and 4th floor, Altmarkt 10 B/ D, Dresden, 01067, Germany

Greece DPR Group, 24 Lagoumitzi str, Athens, 17671, Greece

Hungary DPR Group, EMKE Building, Rákóczi Út 42, Budapest, 1072, Hungary

Ireland DPR Group, Phoenix House, Monahan Road, Cork, T12 H1XY, Republic of Ireland

Italy DPR Group, BPM 335368, Via Roma 12, 10073 , Ciriè TO, Italy

Latvia DPR Group, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia

Lithuania DPR Group, Vilniaus g.31, Vilnius, LT- 01402, Lithuania

Luxembourg DPR Group, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg

Malta DPR Group, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta

Netherlands DPR Group, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands

Poland DPR Group, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland

Portugal DPR Group, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal

Romania DPR Group, World Trade Centre, Piata Montreal no 10, Entrance F, 1st Floor, Sector 1, Bucharest, 11469, Romania

Slovakia DPR Group, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia

Slovenia DPR Group, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia

Spain DPR Group, Puerta de las Naciones, Ribera del Loira 46, Madrid, 28042, Spain

Sweden DPR Group, S:t Johannesgatan 2, 4th floor, Malmo, SE – 211 46, Sweden

United Kingdom DPR Group, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom

Processing Purposes:

ASH processes your Personal Data for the following lawful purposes and based upon the legal justification set forth in the parenthetical:

Your submission of Personal Data to complete your membership application. (CONSENT)

Your submission of Personal Data to our third party vendors for registration at SCDC’s annual summit. (CONSENT, CONTRACT)

To the extent that Sensitive Information is collected in a manner not described above, it will be collected based on your consent.

Legal Basis for Processing:

We process your Personal Data with your consent or subject to the performance of a contract to which you as the data subject are a party or alternatively in order to take steps at your request to enter into an agreement with ASH. You have the right to withdraw your consent at any time. The Personal Data collected by ASH originates from the individual providing his/her Personal Data (either directly).

Recipients of Personal Data:

We share your Personal Data with our third-party vendors on the basis of the consent you provide to us or in order to fulfill our contractual obligations as part of the services we provide to you when you decide to engage with us. The recipients of your Personal Data include our third-party data processors, which include but are not limited to our “software as a service” providers, consisting of our third-party database administrators, lead management vendors, third party application developers, attendee, exhibitor and registration vendors, and third party digital content managers. When we share your Personal Data with these third-party vendors, we do so subject to a Data Protection Agreement to ensure that they are in compliance with the requirements of the GDPR.

These recipients process Personal Data for the below purposes:

Processing Purposes:

To fulfill a service or provide a publication to you in furtherance of your choices or in order to fulfill the terms of a contractual agreement between you and ASH.

Subject to your choices, in order to offer you products from our affiliates, strategic partners, agents, or from third-party marketers and other unaffiliated parties that we believe may be of interest to you, or to assist such parties for research, administrative, and/or business purposes.

Subject to the execution of a data protection agreement, to unaffiliated third-party service providers, agents, or independent contractors who help us maintain our services and with other administrative services (including, but not limited to, providing customer service, maintaining and analyzing data, sending customer communications on our behalf, and entry collection, winner selection and prize fulfillment for contests and other promotions).

To comply with law, or in the good faith belief that such action is necessary to conform to the requirements of law, or comply with legal process served on us, and to protect and defend our rights or property, or act in urgent circumstances to protect the personal safety of you and our other visitors. To the extent permitted, ASH will inform Data Subjects before making such disclosure and provide it with a reasonable opportunity to object to such disclosure.

To third parties as part of a corporate reorganization process including, but not limited to, mergers, acquisitions, and sales of all or substantially all of our assets. To the extent permitted, ASH will inform Data Subjects before making such disclosure and provide it with a reasonable opportunity to object to such disclosure.

Subject to your choices and your consent to track and analyze non-identifying, aggregate usage and volume statistical information from our visitors and customers and provide such information to third parties.

Onward Transfer:

ASH will not disclose Personal Data to a third party except as stated below:

ASH may disclose Personal Data to subcontractors and third-party agents. Before disclosing Personal Data to a subcontractor or third-party agent, ASH will obtain assurances by contractual agreement from the recipient that it will: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the subcontractor or third-party agent is obligated to provide at least the same level of privacy protection as is required by the GDPR; (iii) take reasonable and appropriate steps to ensure that subcontractors and third-party agents effectively process the personal information transferred in a manner consistent with the organization’s obligations under the GDPR; (iv) require subcontractors and third-party agents to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the GDPR; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with subcontractors and third-party agents to supervisory authorities upon request.

ASH also may be required to disclose, and may disclose, Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements, or in the event of a merger or acquisition.

Data Integrity:

ASH is responsible for ensuring that (a) Personal Data collected is accurate, complete, current and reliable for its intended uses; and (b) Personal Data is retained only for as long as is necessary to accomplish the legitimate business purposes disclosed to the Data Subject and for any compatible purposes. ASH will cooperate with reasonable requests for assistance in meeting these obligations.

Retention of Personal Data:

Personal Data obtained by ASH is adequate, relevant and not excessive in relation to the purposes described in this Privacy Policy. The Personal Data is processed for purposes specified herein and will only be processed consist with these purposes described herein. ASH will request only the minimum amount of information required to perform the applicable services and will retain such information only for as long as necessary to provide the services or for compatible purposes, such as to provide additional services, to comply with legal requirements, or to preserve or defend ASH’s legal rights.

Right of Access to your Personal Data:

Data Subjects have the right to access the Personal Data an organization holds about them. If such Personal Data is inaccurate or processed in violation of the GDPR, a Data Subject may also request that Personal Data be corrected, amended, or deleted. When ASH receives Personal Data, it does so on behalf of the individual submitting such Personal Data. To request access to, or correction, amendment or deletion of, Personal Data, Data Subjects should contact ASH’s Data Protection Officer. ASH will cooperate with all reasonable requests to assist Data Subjects to exercise their rights under the GDPR.

Choice:

Data Subjects have the right to opt out of (a) disclosures of their Personal Data to third parties not identified at the time of collection or subsequently authorized, and (b) uses of Personal Data for purposes materially different from those disclosed at the time of collection or subsequently authorized. Data Subjects who wish to limit the use or disclosure of their Personal Data should submit that request to ASH’s Data Protection Officer. ASH will cooperate with the Data Subjects’ instructions regarding Data Subjects’ choices.

Security:

See “How We Protect Your Information” above for further information about our security practices.

Transfers to the United States from the European Union:

In using the Sites, your Personal Data will be transferred to the United States, which is not recognized as a country having adequate safeguards for the protection of Personal Data. ASH relies on Article 46 and/or Article 49 of the GDPR for transfers of data collected from Data Subject in the EU and EEA. Transfers may be made to ASH from the EU/EEA into the United States if: (i) the data subject has explicitly consented to the proposed transfer after having been informed of the possible risks of such transfers; the transfer is necessary for the performance of a contract between you as the data subject and ASH as the Controller, to data processors who have an agreement with ASH that includes protecting your privacy and the security of your data, and in cases where your Personal Data is necessary for the implementation of pre-contractual measures taken in accordance with your requests; (iii) the transfer advances the science of Hematology, which is important to the interests of the public; or (iv) the transfer is pursuant to standard contractual clauses or other agreements or safeguards in compliance with Article 46 of GDPR.