GDPR

LAST UPDATED March 10, 2023

THIS NOTICE DESCRIBES YOUR RIGHTS TO ACCESS AND CONTROL YOUR PERSONAL DATA AND HOW YOUR PERSONAL DATA MAY BE COLLECTED, STORED, USED, OR DISCLOSED BY THE NATIONAL ASSOCIATION OF NEONATAL THERAPISTS. PLEASE REVIEW THIS NOTICE CAREFULLY.

The General Data Protection Regulation (GDPR) is a regulation that protects the personal data of individuals located in the EU and the European Economic Area (collectively the EU) from possible privacy and data breaches. The GDPR allows individuals to control of their personal data that is held or processed by data controllers, which includes the National Association of Neonatal Therapists (NANT).

The GDPR defines personal data as:
any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

NANT is committed to protecting and maintaining the privacy of personal data. As a data controller, NANT is responsible for explaining to you how and why it processes personal data. NANT will collect and process your personal data lawfully, fairly, and in a transparent manner; process, use, and disclose your personal data only for valid purposes; keep the personal data it collects and maintains accurate and up to date; keep your personal data secure in accordance with applicable law and regulations; and store personal data only as long as necessary to meet NANTs legitimate needs.

This GDPR Privacy Notice outlines NANTs collection, use, processing, and disclosure of personal data that you provide to NANT. When you submit personal data to NANT, communicate with NANT, or you use NANTs websites or other services, you consent to NANTs collection, use, processing, and disclosure of your personal data as described in this GDPR Privacy Notice. In the event of a data breach that poses a high risk to your personal data, NANT will notify you of the breach without undue delay.

COLLECTION AND USE OF INFORMATION

NANT collects, receives, and records your personal data any time you contact NANT or interact with NANT, such as using NANTs services, operations, or websites. NANT may also combine personal data you provide to NANT with information from NANTs affiliates or third parties from time to time.
You are not required to provide your personal data to NANT. Any personal data you provide to NANT is voluntary.

NANT also collects certain information when you use its websites, which is recordable anytime you use the internet or other means of communication. This information, includes the Internet Protocol (IP) address used to connect your computer to the internet; your domain name, if any; and computer and connection information, such as a browser type and version.

Like other websites, NANTs websites use cookies to record your activity while visiting NANTs websites. NANT uses this information to learn how you use NANTs websites, to remember your preferences, and to diagnose problems. You can learn more about how NANT uses these systems and technology in NANTs Privacy Policy which is available at: https://neonataltherapists.com/privacy/

NANT collects, records, and processes your personal data as necessary to accomplish NANTs legitimate interests, purposes, functions, and responsibilities. For example, NANT collects and processes personal data from individuals who access benefits through NANT programs.
Information collected from such persons may be used to: register or enroll you in NANT; conduct NANTs operations; alert persons to NANT programs and products, LIST OTHER USES, and other NANT functions.

USE AND DISCLOSURE OF INFORMATION

NANT only uses or discloses your personal data if it has your consent, or it is otherwise authorized to do so by the GDPR or other applicable international, Federal, State, and local law or regulation. NANT may also use or disclose your personal data as follows:

  • Emergency Circumstances: NANT may share your personal data when necessary to protect your interests if you are physically or legally incapable of providing consent.
  • Necessity: NANT may share your personal data when necessary in accordance with applicable law, provided that your personal data is protected by appropriate safeguards to prevent further unauthorized use or disclosure.
  • Public Information: NANT may share your personal data if you have manifestly publicized your personal data.
  • Archiving: The may share your personal data for archival purposes such as public interest needs, public health, and for other historical research and statistical purposes.
  • Performance of a Contract: NANT may share your personal data if it is necessary to administer a contract you have with NANT.
  • Legal Obligation: NANT may share your personal data if disclosure is required or permitted by international, federal, and state laws and regulations.
  • Service Providers: NANT may use affiliate and third party service provides who have entered into a contract with NANT to assist NANT in performing its services, duties, functions, and operations. In these cases, NANT may share your personal data with such party provided that your personal data is protected by appropriate safeguards to prevent further unauthorized use or disclosure. Third party services providers may include:
    • Infusionsoft: NANT uses Infusionsoft to store user data and process payment information. For more information about how this data is protected, please see Infusionsofts data privacy policy: https://www.infusionsoft.com/legal/application-privacy-notice
    • WordPress: By default WordPress does not collect any personal data about visitors, and only collects the data shown on the User Profile screen from registered users.
    • Social Media: We embed Facebook Comments plugin to allow you to leave comment at our website using your Facebook account. This plugin may collect your IP address, your web browser User Agent, store and retrieve cookies on your browser, embed additional tracking, and monitor your interaction with the commenting interface, including correlating your Facebook account with whatever action you take within the interface (such as liking someones comment, replying to other comments), if you are logged into Facebook. For more information about how this data may be used, please see Facebooks data privacy policy: https://www.facebook.com/about/privacy/update.
      We collect the data related to the Facebook Comment you post, only from your consent that you grant before posting Facebook Comment at our website. This data includes your Facebook account name, unique Facebook account identifier, unique identifier associated to the posted Facebook comment, unique open graph object identifier of the webpage at which you posted the comment, unique identifier associated to the parent comment if you reply to an existing comment. This data is used to show recent Facebook Comments made all over our website. You can revoke this consent at any time by sending us an email. We send the Facebook Comment you post, to page/post author and/or website administrator via automated email, only from your consent that you grant before posting Facebook Comment at our website. This data includes just the Facebook comment posted by you. We use Google Analytics to track social shares made at our website. Google automatically collect and store certain information in their server logs which includes device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL, cookies that may uniquely identify your browser or your Google Account, in accordance with their data privacy policy: https://policies.google.com/privacy
      We embed a Facebook widget to allow you to see number of likes/shares/recommends and like/share/recommend our webpages. This widget may collect your IP address, your web browser User Agent, store and retrieve cookies on your browser, embed additional tracking, and monitor your interaction with the widget, including correlating your Facebook account with whatever action you take within the widget (such as liking/sharing/recommending our webpage), if you are logged in to Facebook. For more information about how this data may be used, please see Facebooks data privacy policy: https://www.facebook.com/about/privacy/update.
      We use a Twitter Tweet widget at our website. As a result, our website makes requests to Twitters servers for you to be able to tweet our webpages using your Twitter account. These requests make your IP address visible to Twitter, who may use it in accordance with their data privacy policy: https://twitter.com/en/privacy#update.
      We use Pinterest Save widget at our website to allow you to pin images to Pinterest from our webpages. These requests may track your IP address in accordance with their data privacy policy: https://policy.pinterest.com/en/privacy-policy
    • Comments: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitors IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/ . After approval of your comment, your profile picture is visible to the public in the context of your comment.
    • Media: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
    • Contact Forms: We may keep contact form submissions for a certain period for customer service purposes, but do not use the information submitted through them for marketing purposes.
    • Cookies: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
    • Embedded content from other websites: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
    • Analytics: Google Analytics Dashboard for WP (GADWP) does not send personal information data to Google by default. Personally identifiable information (PII) includes and is not limited to: names, social security numbers, email addresses, data that permanently identifies a particular device (such as a mobile phones unique device identifier if such an identifier cannot be reset), or similar data. See here for their privacy information: https://exactmetrics.com/google-analytics-gdpr-and-user-data-privacy-compliance/
    • LearnDash LMS: We collect information about you during the course purchase process (see Infusionsoft), as well as information relating to your course progression and quiz performance. When you purchase from us, well ask you to provide email address. Well use this information for purposes, such as, to:
      -Send you information about your account and order
      -Create your account for our LMS
      If you register a free account then we will store your email address. We store information about you for as long as your account exists. We store course progress, including completion status, quiz scores, assignments and/or essay submissions (if applicable). We will also store comments on courses, lessons, topics, assignments, and essays if you choose to leave them. Members of our team have access to the information you provide us. For example, both Administrators and Group Leaders can access:
      -Order information such as your enrolled courses, course progress and username / email address.
      Any additional information added in your WordPress User Profile can also be visible to the administrator(s).
      We accept payments through Infusionsoft. When processing payments, some of your data will be passed to Infusionsoft, including information required to process or support the payment, such as the purchase total and billing information.
      Please see the Infusionsoft Privacy Policy for more details.

 

NANT-Affiliated Programs: NANT may share your personal data with parties that are affiliated with NANT for the purpose of contacting you about products, services, or benefits that may be of interest to you.
De-Identified and Aggregate Information: NANT may use and disclose personal data in de-identified or aggregate form without limitation. However, this information will not include personally identifiable information, is purely statistical in nature, and cannot be tied to you.

NANT may use and disclose your personal data on its own behalf, share it with its affiliates and other third parties, or share it with other individuals or third parties to whom you have authorized NANT to disclose your personal data for the purposes of processing information; communicating with you on behalf of NANT; providing services or products that you have requested; or for other authorized activities or functions. NANT may also use or disclose your personal data to conduct general demographic and statistical research to improve NANT programs and operations, to enforce NANT policies, and to comply with applicable laws and regulations.

Where your personal data is disclosed to NANTs affiliates or third parties, NANT requires the recipient to agree to process and use personal data based on instructions from NANT and in compliance with NANTs contracts with the third party, and other appropriate confidentiality and security measures.

SECURITY

NANT uses appropriate technical and organizational security measures to protect your personal data from unauthorized access and unauthorized alteration, use, disclosure or destruction.

These measures include internal reviews of NANTs data collection, storage and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorized access to systems where NANT stores data. You can learn more about NANTs data security by reading NANTs Privacy Policy.
Personal data created in the European Union will be transferred out of the European Union to NANT in compliance with appropriate safeguards and applicable law, including the GDPR and Federal, State, and Local information privacy laws.

If you feel NANT has not complied with applicable EU laws regulating such personal data, you have the right to file a complaint with the appropriate supervisory authority in the EU in accordance with your rights listed in this GDPR Privacy Notice.

RETENTION AND DESTRUCTION OF INFORMATION

Your personal data will be retained by NANT in accordance with applicable state and federal laws, and the applicable retention periods in NANTs records management policy. Your personal data will be destroyed upon your request unless applicable law or regulation requires destruction after the expiration of an applicable retention period. The manner of destruction will be appropriate to preserve and ensure the confidentiality of your personal data given the level of sensitivity, value and importance to you and to NANT. If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

YOUR RIGHTS

At any point in which NANT is in possession of or is processing your personal data, you have the following rights, subject to applicable laws and regulations:

  • Right of access you have the right to request a copy of the information that NANT hold about you.
  • Right of rectification you have a right to correct data that NANT hold about you that is inaccurate or incomplete.
  • Right to be forgotten in certain circumstances you can ask for the data NANT holds about you to be erased from its records.
  • Right to restriction of processing where certain conditions apply, you have a right to restrict NANTs processing of your personal data.
  • Right of portability you have the right to have the data NANT holds about you transferred to another organization.
  • Right to object you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling you have the right to not be subject to the legal effects of automated processing or profiling.
  • Right to judicial review: in the event that NANT refuses your request under any of the above rights, it will provide you with a reason as to why. You have the right to complain as outlined in this GDPR Privacy Notice.
  • Right to withdraw consent: You have the right to withdraw your consent to NANTs collection, recording, use, processing, or disclosure of your personal data at any time. However, your withdrawal of consent will not affect NANTs lawful use or disclosure of your personal data while your consent was in effect.

Any exercise of the above rights can also be forwarded to any third party involved in the processing of your personal data. Your rights may differ depending upon the location within the world where your personal information was created or shared. The erasure of your information may also be subject to NANTs records retention and management policies. Should your personal data fall within one of the areas where NANT is legally required to retain your personal data for a certain period of time, NANT will retain that personal data in accordance with its legal obligations.

Please note that your rights in this GDPR Privacy Notice are not absolute and NANT may refuse certain requests where exceptions apply. Should NANT determine that you are not entitled to exercise a certain right, NANT will provide you with the reason(s) for the denial.

REQUESTS FOR PERSONAL DATA HELD BY NANT

At any time, you may request that NANT provide you with the personal data NANT collects about you and to transmit your personal data to another data controller where possible. You may also request that NANT confirm what personal data it possesses about you and whether or not your personal data is being processed by NANT; is subject to the use of automated decision-making; and how NANT processes your personal data.

Similarly, you can request confirmation whether NANT received your personal data; if it disclosed your personal data to a third party; and how long NANT will store your personal data under its records management policy.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you by going here: https://neonataltherapists.com/gdpr-request-personal-data/. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

UPDATES TO THIS GDPR PRIVACY NOTICE

NANT may update or change this GDPR Privacy Notice at any time. Your continued use of NANTs websites or third party applications, or continued interaction with NANT or submission of personal data to NANT, after any such change indicates your acceptance of the changes.

COMPLAINTS AND CONTACT INFORMATION

In the event that you wish to make a complaint about how your personal data is being processed by NANT or its authorized third parties, or how your complaint has been handled, you may to lodge a complaint directly with the GDPR supervisory authority and NANT.

If you wish to contact NANT or file a complaint concerning NANTs collection, recording, use, processing, or disclosure of personal data please contact us at: National Association of Neonatal Therapists, P.O. Box 531790, Cincinnati, Ohio 45253-1790 or (866) 999-5524.


Effective: August 18, 2018.