This privacy notice was last updated January 10, 2019.

Introduction

The Healthcare Information and Management Systems Society (“HIMSS,” “we,” “us,” “our”) respects your privacy and is committed to protecting your personal data (defined below in Section 2: “The Data We Collect About You”). This privacy notice will tell you how we collect and process your personal data when you use the HIMSS Mobile App (the “App”). 

This privacy notice is provided in a layered format so you can click through to the specific areas set out below.

1. IMPORTANT INFORMATION
2. THE DATA WE COLLECT ABOUT YOU
3. HOW IS YOUR PERSONAL DATA COLLECTED?
4. HOW WE USE YOUR PERSONAL DATA
5. DISCLOSURES OF YOUR PERSONAL DATA
6.  COOKIES
7. INTERNATIONAL TRANSFERS 
8. DATA SECURITY
9. DATA RETENTION
10.  YOUR LEGAL RIGHTS
11.  CALIFORNIA PRIVACY RIGHTS FOR CALIFORNIA RESIDENTS

1. IMPORTANT INFORMATION

PURPOSE OF THIS PRIVACY NOTICE
This privacy notice gives you information about how HIMSS collects and processes your personal data (as defined in Section 2) when you use the App.

The App is not intended for, and may not be used by, people under the age of 16 (“minors”), and HIMSS does not knowingly collect personal data from minors.  If it comes to our attention that we have collected personal data from a minor, we may delete this information without notice.  If you have reason to believe that this has occurred, please contact us using the information set forth below (“Contact Details”).

It is important that you read this privacy notice, together with any other privacy notice we may provide on specific occasions, so that you are aware of how and why we are using your personal data.

CONTROLLER

The Healthcare Information and Management Systems Society, a US not-for-profit corporation, is the controller and responsible for your personal data (collectively referred to as “HIMSS” “we”, “us” or “our” in this privacy notice).

HIMSS includes the following different legal entities which may also act as controllers or processors of your personal data:

  • Healthcare Information and Management Systems Society a US not-for-profit corporation organized in the State of Illinois (includes the brand “Health 2.0”)
  • HIMSS Europe GmbH UST ID.: DE 272998900 Handelsregistereintrag: HRB 152823 B (includes the brand “HIMSS Analytics Europe”)
  • Citadel Events Ltd. trading as HIMSS UK, Company Number 05506954
  • HIMSS Media, LLC a US limited liability company organized in the State of Maine
  • HIMSS Analytics, LLC a US limited liability company organized in the State of Delaware
  • Healthbox Global Partners, LLC a US limited liability company organized in the State of Delaware
  • Personal Connected Health Alliance, LLC a US limited liability company organized in the State of Illinois (includes the brand “Continua”)

This privacy notice is issued on behalf of the HIMSS group so when we mention ”HIMSS”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant company in the HIMSS business unit responsible for processing your data.

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

CONTACT DETAILS

In the United States of America:
Healthcare Information and Management Systems Society
HIMSS Analytics, LLC
HIMSS Media, LLC
Healthbox Global Partners, LLC
Personal Connected Health Alliance, LLC
Attn: Data Protection Officer
4300 Wilson Boulevard, Suite 250
Arlington, VA 22203
USA
dpo@himss.org

In the United Kingdom:
Citadel Events, Ltd. trading as HIMSS UK
HIMSS Europe GmbH
Attn: Data Protection Officer
Regent House
13-15 Albert St
Harrogate HG1 1JX
UNITED KINGDOM
dpo@himss.org

In Germany:
HIMSS Europe GmbH
Attn: Data Protection Officer
Bertha-Benz-Straße 5
10557 Berlin 
GERMANY
dpo@himss.org

We encourage you to reach out to us with any concerns you have about the collection or processing of your personal data.  Although we anticipate being able to address any concerns, if you are in the European Union, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk) or the appropriate data protection supervisory authorities for the non-public sector in Germany, Datenschutzaufsichtsbehörden für den nicht-öffentlichen Bereich. We would, however, appreciate the chance to deal with your concerns before you approach the ICO or the German data protection supervisory authorities, so please contact us at dpo@himss.org in the first instance. 

CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES

We reserve the right to make changes to this privacy notice at any time.  However, we will identify the material changes we have made at the top of this privacy notice.  If a change will materially alter the way in which we collect or use your personal data, we will also send a notice of this change to you using the contact details we have on file (if any) and, where appropriate, provide you with an opportunity to opt out of such use.  You are responsible for keeping your contact details up to date.  If you want to contact us regarding any changes to this privacy notice you can email us at dpo@himss.org.

2. THE DATA WE COLLECT ABOUT YOU

Personal data means any information about an individual from which that person can be identified.  
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

  • Provided Data includes the information you provide to us (such as when you register for an event), and may include information such as your first name, last name, email address, username or similar identifier, and any other information you may provide to us from time to time. 
  • Technical Data may include information such as Internet protocol (IP) address, operating system and version, and time zone setting and location. 
  • Usage Data includes information about how you use our App.
  • Profile Data may include your username and password and preferences.
  • Marketing and Communications Data includes your preferences in receiving a newsletter and your communication preferences (e.g., whether you may receive messages through the App).

We also collect, use and share non-identifiable, aggregated data such as statistical or demographic data (“Aggregated Data”) for any purpose. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific App feature. If we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not collect any special category or sensitive personal data about you via the App, nor do we collect any information about criminal convictions and offenses. 

3. HOW IS YOUR PERSONAL DATA COLLECTED?

We use different methods to collect personal data from and about you including by way of the following:

Direct interactions. You may give us Provided Data when you fill in our forms within the App.  In addition, the App uses certain Provided Data submitted with your event registration (e.g., Profile Data to enable you to log-in).  

Automated technologies or interactions. When you use the App, we automatically collect Technical Data about your device and Usage Data.

4. HOW WE USE YOUR PERSONAL DATA

PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA

We have set out below, in a table format, a description of all the ways we may use your personal data.

Purpose/Activity Type of data Lawful basis for processing

To obtain statistics concerning event attendance, including information concerning the amount of people who visited certain areas of the showroom floor

Technical data

Our legitimate interests

To enable you to send and receive messages to and from other users in the App

(a) Provided Data
(b) Profile Data
(c) Marketing and Communications Data

Our legitimate interests

To send you communications (e.g., newsletters) that you opt into receiving

(a) Provided Data
(b) Profile Data
(c) Marketing and Communications Data

Consent

To administer and protect our business and the App and /or work in concert with third party services in order to run the App

(a) Provided Data
(b) Technical Data

(a) Our legitimate interests
(b) Compliance with our legal obligations

To use data analytics (via a third-party service) to improve the App

(a) Technical Data
(b) Usage Data

Our legitimate interests

CHANGE OF PURPOSE

We will only use your personal data for purposes which are compatible with those for which we originally collected it, or where we have a lawful basis for such use.

5. DISCLOSURES OF YOUR PERSONAL DATA

We may disclose information that does not identify any individual person (this is not personal data), without restriction.

We may disclose personal data about you:

  • to our contractors, service providers, and other third parties we use to support our operations, and who are bound by contractual obligations to keep personal data confidential and use it only for the purposes for which we disclose it to them;
  • to other users of the App, to the extent you choose to use the communication features of the App;
  • as necessary to comply with any court order, law, or legal process, including responding to any government or regulatory request;
  • to enforce or apply our HIMSS Legal page and other agreements;
  • if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of HIMSS, its users and / or others; and
  • with your consent.

We also reserve the right to transfer your personal data to a buyer or other transferee (“Transferee”) in the event of a merger, divestiture, restructuring, reorganization, dissolution, sale, or other transfer of some or all of our assets (“Transaction”).  Should such a Transaction occur, we will use reasonable efforts to instruct the Transferee to use your personal data in a manner that is consistent with this privacy notice.

We do not allow our third-party data processors to use your personal data for their own purposes, and only permit them to process your personal data for specified purposes and in accordance with our instructions.

6.  COOKIES

The App occasionally displays content directly from a HIMSS website.  On HIMSS websites, we may use cookies, device identifiers and similar technology to collect information about how you use such websites.  For more information about the cookies we use, please see our cookie policy

7. INTERNATIONAL TRANSFERS

If you are using the App from outside the United States, please be aware that your personal data may be transferred to, stored, and processed in the United States where our servers are located. Although United States data protection laws might not be as comprehensive as those in your country, we take steps to help ensure a similar degree of protection is afforded to your personal data.

Please contact us at dpo@himss.org if you want further information on the specific mechanism used by us when transferring your personal data to the United States.

8. DATA SECURITY

We have implemented measures intended to protect your personal data from accidental loss and from unauthorized access, use, alteration and disclosure. Please note, however, that the electronic transmission of information is not completely secure and therefore we cannot guarantee that the security measures we have in place to safeguard personal data will never be defeated or fail, or that such measures will always be sufficient or effective.

9. DATA RETENTION

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any applicable legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may de-identify your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information (to the extent it is not personal data) indefinitely without further notice to you.

10. YOUR LEGAL RIGHTS

Depending upon your jurisdiction, you may have rights under data protection laws in relation to your personal data. 

According to applicable law, you may be able to do the following:

Request access to your personal data (commonly known as a “data subject access request”). 

Request correction of the personal data that we hold about you.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.  You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.

Request restriction of processing of your personal data. You can ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party.

Withdraw consent at any time where we are relying on consent to process your personal data.

If you wish to exercise any of these applicable rights, please contact us at dpo@himss.org.

11. CALIFORNIA PRIVACY RIGHTS FOR CALIFORNIA RESIDENTS

California law permits users who are residents of California to request the following information regarding our disclosure of “Personal Information” (as defined by California law) to third parties for those third parties’ direct marketing purposes (i) a list of certain categories of Personal Information that we have disclosed to certain third parties for their direct marketing purposes during the immediately preceding calendar year, (ii) the identity of certain third parties that received Personal Information from us for their direct marketing purposes during that calendar year, and (iii) examples of the products or services marketed (if we have that information). If you are a California resident and would like to make such a request, please e-mail us at dpo@himss.org.