- Application of Policy
- Your Rights and Choices
- Contact and Electronic Communications
- Information We Collect About You
- How We Use Information
- Sharing and Disclosure
- Controlling Your Information
- Opt Out and Opt In
- Cookies and Tracking In
- Third-Party Links and Websites
- Social Media and Community Platforms
- How We Protect Your Information
- California Residents Rights (As provided by California Civil Code Section 1798.83)
- Commercial Electronic Messages (“CEM”) in Canada
- General Data Protection Regulations (GDPR)
Application of Policy
Your Rights and Choices
You may have certain rights regarding the PII we maintain about you. We offer you certain choices about what Personally Identifiable Information we collect from you, how we use that information, and how we communicate with you. You may refrain from submitting information directly to us, although doing so may impact our ability to provide the products, services, and information you request.
Contact and Electronic Communications
By providing your information on our Sites and/or upon submission of an application to become an ASH member, you agree that we can communicate with you electronically regarding any legal, regulatory, technical, security, privacy, administrative or consumer notification obligation relating to your use of the Sites or regarding your membership. We may use your email address to confirm your request, to send you notice of payments, to send you information about changes to our products and services, and to send notices and other disclosures as described above or as required by law. Generally, users cannot opt-out of these communications, but they will be primarily informational in nature rather than promotional.
Attn: Data Protection Officer
2021 L Street NW, Suite 900
Washington, DC 20036
You also may contact the ASH Customer Relations Department by phone at 866-828-1231 (U.S. toll free) or 001-202-776-0544 (for International callers), Monday through Friday from 8:30 a.m. to 5:00 p.m. Eastern time.
Information We Collect About You
A. Personally Identifiable Information (“PII”)
Here are some examples and explanations of the ways in which we may collect, store, transfer, share or otherwise use PII that is made available to ASH.
Participation and Engagement History. When you use our services and/or become a member of ASH we track your participation and engagement history and in some circumstances make this information available to other members of ASH or to the general public. Participation history may include information about your committee membership and participation generally in the mission of ASH.
ÎÚÑ»´«Ã½ Directory. We maintain PII on all of our members, some of which (name, company name, address, phone, fax, email address, primary subspecialty and awards) may be accessed by other members through a secure online member directory. You may elect not to be included in this member directory by indicating your preference on the membership application form or in the membership options account settings. Inclusion in this directory means your information may be accessed only by other current ASH members through a password-protected, members-only area of the Sites.
“Find a Hematologist” Program. We also offer a voluntary, publicly accessible online directory of members through a section on our Site called “Find a Hematologist.” Inclusion in this directory is based upon an affirmative OPT IN selection in the address field table in your account settings. The Find a Hematologist directory allows patients and other members of the public to search for hematologists and provides users with contact information for members who have chosen to be listed in the directory. You may choose to OPT OUT of this directory at any time by accessing your membership profile and adjusting your account settings accordingly.
Survey Data. We may obtain personal information during the course of online surveys in which you choose to participate, but we do not retain such personal information or provide it to third parties except in aggregated, non-identifiable form.
Contribution and Payment Information. We collect information on the amount of contributions you have made to ASH and your purchase history from the Sites.
Award and Grant Recipient Data. When you accept an award or grant from ASH, we track your acceptance and engagement with the award/grant program and with your permission we may make your name, institution, and in some cases, your project topic, available to the general public.
Log Information. When you use our services or view content provided by ASH we automatically collect and store certain information in our server logs. This type of information includes details of how you used our service, IP address information described below, web pages that have been viewed by a visitor, domain type, device event information such as crashes, system activity, hardware, settings, browser type or version, browser language, the date and time of your request and referral URL.
Internet Protocol (IP) address. Your “IP address” is a number that lets computers attached to the Internet know where to send you data, such as the screens and pages of our services that you view. We use this information to deliver our screens and pages to you upon request, to tailor our services to the interests of you and our other visitors, and to measure traffic to and within our services.
Demographic Information. “Demographic information” may be your gender, age, zip code, and interests. We may collect such information about you through our services and use it to provide you with personalized services and to analyze trends to ensure that our services and the information on them is targeted to meet the needs of our membership and other constituencies.
Sensitive Information. Certain demographic information may be deemed PII or otherwise receive additional protections under certain laws. For example, we may collect information about your race, ethnicity, religious or philosophical beliefs, sexual orientation, or disability status (“Sensitive Information”) that you choose to provide to us in order to promote inclusion of a broad spectrum of individuals in our programs and to assure that various important viewpoints are heard in developing and implementing our policies and programs. Any collection of Sensitive Information will solely be at your choosing and with your consent.
Device Information. “Device Information” may include information we collect such as your hardware model, operating system version, unique device identifiers and mobile network information including phone number. We may associate your device identifiers or phone number with your account.
Location Information. When you use ASH services, we may collect and process information about your actual location. We use, or may in the future use, various technologies to determine location, including IP Address, Global Positioning Systems on mobile devices and other sensors that may provide ASH with information about nearby devices, Wi-Fi access points and cell towers.
Credit Card Information. Users may be prompted to enter their credit card information, including, for example, when making purchases, renewing membership, or making a donation online. Any credit card information you may provide to us is secured during transmission over the Internet using industry-standard security measures and only the last 4 digits of the credit card are retained.
B. Non-Personally Identifiable Information (“NPII”)
NPII that we may gather can include items like technical information collected from a web browser, or it can be demographic information, such as your age, gender, or interests that you provide to us, from which any identifying information has been removed. We consider information that has been de-identified (all identifiers have been removed) and combined with other de-identified information (for example, as part of a report that does not identify individuals but only groups) as NPII.
How We Use Information
A. Personally Identifiable Information. If you provide us with PII, we will only use it for the purposes described in this statement.
We use PII to provide you with services, to develop our membership, to provide ASH members with certain opportunities, for Site troubleshooting and maintenance, to communicate with you about your membership, opportunities and our services, or to conduct marketing and fundraising research. For example, we may use PII at the time and place where we receive it such as collecting your name at a conference in order to provide you relevant information, a name tag, etc. We also use PII in our services to:
- help us create and publish content most relevant to you;
- enable us to deliver our publications to you;
- allow you access to certain areas of our Sites;
- develop your profile as part of your ASH membership, membership application or other interaction with ASH, and to enable you to take advantage of the personalized features of our Sites;
- provide you with information about grant opportunities, educational publications (e.g., medical textbooks, scientific journals), and other educational programs or courses that may be of interest to you;
- alert you to special offers, updated information, and our other new services or those of other third-parties;
- forward promotional materials and to fulfill the terms of such promotion;
- complete a transaction or service requested by you;
- target our services to your needs;
- identify you as a poster or provider of content;
- contact you in response to sign up forms such as “Contact Us” or “Order Inquiry”; and allow you to register for meetings, submit abstracts, apply for award and grant programs, and to request additional information.
Any PII that constitutes “Sensitive Information” that you choose to provide will be used purely for ASH internal purposes and will not be provided to third parties without your consent. We may, however, use Sensitive Information in order to promote inclusion of a broad spectrum of individuals in our programs and policies and to assure that various important viewpoints are heard.
Any Credit Card Information that you choose to provide will be used only to bill you for the products and services you order from us. We do not share your credit card information with anyone except as may be necessary or expedient to process your transactions or comply with law.
Legal Disclosure. We may disclose information about you and your use of services if we believe that such disclosure is reasonably necessary to:
- Comply with the law and/or legal process where a formal request has been made (e.g. request from an administrative oversight agency, civil suit, subpoena, court order or judicial or administrative proceeding);
- Protect or defend our rights and/or property or the rights and property of others;
- Respond to claims that the content(s) of a communication violates the rights of another.
- Respond to urgent circumstances to protect your personal safety or the personal safety of others.
Reports. We periodically prepare analyses and reports reflecting visitor and member use of the services. In preparing these reports, we may combine and analyze the information you provide to us with information from other sources. However, these reports, when completed and before they are shared, will only include aggregated information about visitors and members. The information in these completed reports will not identify individuals. Any third party with whom such reports may be shared also will not be able to contact you from the information contained in the reports.
Sharing and Disclosure
A. Personally Identifiable Information. Primarily, we may share your PII (other than “Sensitive Information”) or disclose it to third parties in the following instances:
- To provide you with a product or service that you requested or that is a benefit of your membership, including delivery of our publications to you.
- We may offer our meeting registration mailing lists to our affiliates, strategic partners, agents, or from third-party marketers and other unaffiliated parties that we believe may be of interest to you, or to assist such parties for research, administrative, and/or business purposes.
- To unaffiliated third-party service providers, agents, or independent contractors who help us maintain our services and with other administrative services (including, but not limited to, order processing and fulfillment, providing customer service, maintaining and analyzing data, sending customer communications on our behalf, and entry collection, winner selection and prize fulfillment for contests, sweepstakes, and other promotions). We seek to ensure that such unaffiliated third-parties will not use your PII for any purpose other than that for which they are responsible. However, we cannot guarantee that they will not use it for any other purpose.
- To complete your purchase. If you choose to make a purchase on or through our services, we may ask you for your credit card number, billing address, and other information in connection with completing such purchase, and we may use such information to fulfill your purchase. We may also provide such information, or other PII provided by you, to unaffiliated third-parties to complete your purchase (for example, to process your credit card).
- To third parties as part of a corporate reorganization process including, but not limited to, mergers, acquisitions, and sales of all or substantially all of our assets.
- To protect against fraud and potential fraud. We may verify the information you provide using our services through third parties. In the course of such verification, we may receive additional PII about you from such services. In particular, if you use a credit card or debit card to purchase services with us, we may use card authorization and fraud screening services to verify that your card information and address match the information you supplied to us, and that the card has not been reported as lost or stolen.
Controlling Your Information
A. Accessing Your Profile. As a convenience, we provide a number of different opportunities to review and change information in your profile and to unsubscribe from our Services. For example, you can go to the website and log into your profile page to make desired changes.
B. Contact Us to Request Changes. Upon request we will attempt to delete such information, where technically feasible, after we receive a request from you to delete information. Please be advised that by requesting that your data be removed from our database, you will be unsubscribed from our services.
Please be advised that we may reject requests that are unreasonably repetitive, require disproportionate administrative or technical efforts, risk the privacy of other individuals or would be commercially unreasonable or impracticable.
We will retain your information for as long as your account is active or as needed to provide you services and as required by law, required for legal or operational purposes, to resolve disputes, or in accordance with our document retention policies and practices.
If you encounter a screen or page that requests information you do not want to share with us, do not enter the information and do not proceed with that screen or page.
Opt Out and Opt In
A. Opt-Out of Communications:
You may choose not to receive promotional email communications from us and can opt-out of receiving other types of communication from us such as emails, updates regarding new services and products offered on or through our services, and notices concerning new features available with our services or products.
You may exercise your opt-out by ticking or un-ticking the appropriate box, if there is a checkbox where such information is collected, or by contacting us. You also may opt-out of receiving such emails by clicking on the “unsubscribe” link within the text of the applicable email. We will process your unsubscribe request as soon as possible, but please be aware that in some circumstances you may receive a few more messages until your request is processed.
B. Opt-Out of Third Party Mailings:
We make our meeting registration mailing lists available to outside groups for educational purposes other than accredited Continuing Medical ÎÚÑ»´«Ã½ (“CME”), including mailings about grant opportunities that could be beneficial to members, educational publications (e.g., medical textbooks, scientific journals), and educational programs or courses. However, meeting registrants who do not wish to have their mailing addresses shared with outside parties in this manner may opt-out by contacting ASH Member Services at 202-776-0544 or [email protected].
C. Opt-In by CME Participants:
Beginning on January 1, 2022, any participants in any accredited Continuing Medical ÎÚÑ»´«Ã½ (“CME”) program provided by ASH, whether at ASH Annual Meetings or otherwise, must affirmatively opt-in and provide consent if they desire to share their learner contact information or other PII in connection with that CME Program.
The Sites and services are not intended for use by children. We do not intentionally gather Personally Identifiable Information about visitors who are under the age of 13. If a child has provided us with Personally Identifiable Information, a parent or guardian of that child may contact us to have the information deleted from our records. If you believe that we might have any information from a child under age 13, please contact us at [email protected]. If we learn that we have inadvertently collected the personal information of a child under 13, or equivalent minimum age depending on jurisdiction, we will take steps to delete the information as soon as possible.
Cookies and Tracking
Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. Our Services do not support Do Not Track requests at this time, which means that we collect information about your online activity while you are using our Services. We do not collect online activity after you leave our Services.
Third-Party Links and Websites
Social Media and Community Platforms
How We Protect Your Information
ASH maintains reasonable and appropriate measures to protect your information from loss, misuse and unauthorized access, disclosures, alterations and destruction taking in to account the risk involved in the processing and the nature of PII. Unfortunately, no site, server or database is completely secure or “hacker proof.” We therefore cannot guarantee that information about you will not be disclosed, misused or lost by accident or by the unauthorized acts of others.
California Residents Rights (As provided by California Civil Code Section 1798.83)
(As provided by California Civil Code Section 1798.83)
A California resident who has provided personal information to a business with whom he/she has established a business relationship for personal, family, or household purposes (“California customer”) is entitled to request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. In general, if the business has made such a disclosure of personal information, upon receipt of a request by a California customer, the business is required to provide a list of all third parties to whom personal information was disclosed in the preceding calendar year, as well as a list of the categories of personal information that were disclosed.
Although ASH is a non-profit organization, California customers may request further information relating to their personal information by e-mailing [email protected].
Commercial Electronic Messages (“CEM”) in Canada
Canada’s Anti-Spam Law requires that the Company obtain the express consent of Canadian citizens before sending an electronic message such as an email that contains a promotion about our products. We will ask you for your explicit consent when you provide us with your email address or other personal information through which we intend to encourage your participation in a commercial activity, such as a promotion for our products.
If you explicitly consent to receiving CEM, each communication sent to you will contain an option to unsubscribe to the communications or to revoke your consent to receive CEM. Alternatively, you can contact us at the address or email provided below in the “Contact Us” section to be removed from our mailing lists.
General Data Protection Regulations (GDPR)
Identification of Data Controller:
The Data Controller is the ÎÚÑ»´«Ã½. ASH is located at 2021 L Street NW in Washington, DC. You may contact the ASH Customer Relations Department by phone, please call 866-828-1231 (U.S. toll free) or 001-202-776-0544 (for International callers), Monday through Friday from 8:30 a.m. to 5:00 p.m. Eastern time.
Identification of Data Protection Officer and Contact Details:
You may contact the Data Protection Officer by phone, 001-202-776-0544, Monday through Friday from 8:30 a.m. to 5:00 p.m. Eastern time, by email: [email protected] or by mail at 2021 L St., NW, Suite 900, Washington, DC 20036.
Identification of Primary Member State Supervisory/Data Protection Authority:
You have the right to lodge a complaint regarding the processing of your Personal Data with us by contacting our Data Protection Officer listed above. You also may lodge a complaint with the Data Protection Authorities in the Member State where you habitually reside, work, or where an infringement occurred. You can .
Identification of Data Protection Representative:
We have appointed DPR Group as our Data Protection Representative in the European Union so that you can contact our Representative directly in your home country. DPR Group has locations in each of the EU countries and the UK.
If you want to raise a question to ASH, or otherwise exercise your rights in respect of your personal data, you may do so by contacting our Data Protection Officer listed above or by:
- sending an email to DPR Group at [email protected],
- contacting DPR Group on its online webform at , or
- mailing your inquiry to DPR Group at the most convenient of the addresses set forth below.
PLEASE NOTE: When mailing inquiries, it is ESSENTIAL that you mark your letters for “DPR Group” and not “ÎÚÑ»´«Ã½” or your inquiry may not reach us. Please refer clearly to ÎÚÑ»´«Ã½ in your correspondence. On receiving your correspondence, ASH is likely to request evidence of your identity to ensure your personal data and information connected with it is not provided to anyone other than you.
If you have any concerns about how DPR Group will handle the personal data it will require to undertake its services, please refer to DPR Group’s privacy notice at .
|Austria||DPR Group, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria|
|Belgium||DPR Group, Place de L’Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium|
|Bulgaria||DPR Group, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria|
|Croatia||DPR Group, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia|
|Cyprus||DPR Group, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus|
|Czech Republic||DPR Group, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic|
|Denmark||DPR Group, Lautruphøj 1-3, Ballerup, 2750, Denmark|
|Estonia||DPR Group, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia|
|Finland||DPR Group, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland|
|France||DPR Group, 72 rue de Lessard, Rouen, 76100, France|
|Germany||DPR Group, 3rd and 4th floor, Altmarkt 10 B/ D, Dresden, 01067, Germany|
|Greece||DPR Group, 24 Lagoumitzi str, Athens, 17671, Greece|
|Hungary||DPR Group, EMKE Building, Rákóczi Út 42, Budapest, 1072, Hungary|
|Ireland||DPR Group, Phoenix House, Monahan Road, Cork, T12 H1XY, Republic of Ireland|
|Italy||DPR Group, BPM 335368, Via Roma 12, 10073 , Ciriè TO, Italy|
|Latvia||DPR Group, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia|
|Lithuania||DPR Group, Vilniaus g.31, Vilnius, LT- 01402, Lithuania|
|Luxembourg||DPR Group, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg|
|Malta||DPR Group, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta|
|Netherlands||DPR Group, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands|
|Poland||DPR Group, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland|
|Portugal||DPR Group, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal|
|Romania||DPR Group, World Trade Centre, Piata Montreal no 10, Entrance F, 1st Floor, Sector 1, Bucharest, 11469, Romania|
|Slovakia||DPR Group, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia|
|Slovenia||DPR Group, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia|
|Spain||DPR Group, Puerta de las Naciones, Ribera del Loira 46, Madrid, 28042, Spain|
|Sweden||DPR Group, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden|
|United Kingdom||DPR Group, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom|
ASH processes your Personal Data for the following lawful purposes and based upon the legal justification set forth in the parenthetical:
- Your submission of Personal Data to complete your membership application. (CONSENT)
- Your submission of Personal Data to complete the sale of ASH publications, Webcasts and to obtain CME Test Credit. (CONTRACT)
- Processing Personal Data associated with your participation as a Speaker or in association with your submission of content for ASH’s annual meeting or other ASH meetings (CONSENT)
- Your submission of Personal Data for Registration at ASH’s annual meeting. (CONSENT)
- Your submission of abstracts, manuscripts or other content, as well as payment of any applicable author fees, for ASH publications such as Blood or Blood Advances (CONSENT)
- Your submission of Personal Data to our third party vendors for enrollment in our awards program (CONSENT, CONTRACT)
- Your submission of Personal Data to our third party vendors for services like our Resume Listing Feature. (CONSENT)
To the extent that Sensitive Information is collected in a manner not described above, it will be collected based on your consent.
Legal Basis for Processing:
We process your Personal Data with your consent or subject to the performance of a contract to which you as the data subject are a party or alternatively in order to take steps at your request to enter into an agreement with ASH. You have the right to withdraw your consent at any time. The Personal Data collected by ASH originates from the individual providing his/her Personal Data (either directly or through a clinical site) or, in the cases of the submission of abstract data, from such individual and other publicly available sources.
Recipients of Personal Data:
We share your Personal Data with our third party vendors on the basis of the consent you provide to us or in order to fulfill our contractual obligations as part of the services we provide to you when you decide to engage with us. The recipients of your Personal Data include our third party data processors, which include but are not limited to our “software as a service” providers, consisting of our third-party database administrators, lead management vendors, third party application developers, attendee, exhibitor and registration vendors, and third party digital content managers. When we share your Personal Data with these third party vendors, we do so subject to a Data Protection Agreement to ensure that they are in compliance with the requirements of the GDPR.
These recipients process Personal Data for the below purposes:
- To fulfill a service or provide a publication to you in furtherance of your choices or in order to fulfill the terms of a contractual agreement between you and ASH.
- Subject to your choices, in order to offer you products from our affiliates, strategic partners, agents, or from third-party marketers and other unaffiliated parties that we believe may be of interest to you, or to assist such parties for research, administrative, and/or business purposes.
- Subject to the execution of a data protection agreement, to unaffiliated third-party service providers, agents, or independent contractors who help us maintain our services and with other administrative services (including, but not limited to, order processing and fulfillment, providing customer service, maintaining and analyzing data, sending customer communications on our behalf, and entry collection, winner selection and prize fulfillment for contests, sweepstakes, and other promotions).
- To comply with law, or in the good faith belief that such action is necessary to conform to the requirements of law, or comply with legal process served on us, and to protect and defend our rights or property, or act in urgent circumstances to protect the personal safety of you and our other visitors. To the extent permitted, ASH will inform Data Subjects before making such disclosure and provide it with a reasonable opportunity to object to such disclosure.
- To third parties as part of a corporate reorganization process including, but not limited to, mergers, acquisitions, and sales of all or substantially all of our assets. To the extent permitted, ASH will inform Data Subjects before making such disclosure and provide it with a reasonable opportunity to object to such disclosure.
- Subject to your choices and your consent to track and analyze non-identifying, aggregate usage and volume statistical information from our visitors and customers and provide such information to third parties.
ASH will not disclose Personal Data to a third party except as stated below:
ASH may disclose Personal Data to subcontractors and third-party agents. Before disclosing Personal Data to a subcontractor or third-party agent, ASH will obtain assurances by contractual agreement from the recipient that it will: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the subcontractor or third-party agent is obligated to provide at least the same level of privacy protection as is required by the GDPR; (iii) take reasonable and appropriate steps to ensure that subcontractors and third-party agents effectively process the personal information transferred in a manner consistent with the organization’s obligations under the GDPR; (iv) require subcontractors and third-party agents to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the GDPR; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with subcontractors and third-party agents to the Supervisory Authorities upon request.
ASH also may be required to disclose, and may disclose, Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements, or in the event of a merger or acquisition.
ASH is responsible for ensuring that (a) Personal Data collected is accurate, complete, current and reliable for its intended uses; and (b) Personal Data is retained only for as long as is necessary to accomplish the legitimate business purposes disclosed to the Data Subject and for any compatible purposes. ASH will cooperate with reasonable requests for assistance in meeting these obligations.
Retention of Personal Data:
Right of Access to your Personal Data:
Data Subjects have the right to access the Personal Data an organization holds about them. If such Personal Data is inaccurate or processed in violation of the GDPR, a Data Subject may also request that Personal Data be corrected, amended, or deleted. When ASH receives Personal Data, it does so on behalf of the individual submitting such Personal Data. To request access to, or correction, amendment or deletion of, Personal Data, Data Subjects should contact ASH’s Data Protection Officer. ASH will cooperate with all reasonable requests to assist Data Subjects to exercise their rights under the GDPR.
Data Subjects have the right to opt out of (a) disclosures of their Personal Data to third parties not identified at the time of collection or subsequently authorized, and (b) uses of Personal Data for purposes materially different from those disclosed at the time of collection or subsequently authorized. Data Subjects who wish to limit the use or disclosure of their Personal Data should submit that request to ASH’s Data Protection Officer. ASH will cooperate with the Data Subjects’ instructions regarding Data Subjects’ choices.
See “How We Protect Your Information” above for further information about our security practices.
Transfers to the United States from the European Union:
In using the Sites, your Personal Data will be transferred to the United States, which is not recognized as a country having adequate safeguards for the protection of Personal Data. ASH relies on Article 46 and/or Article 49 of the GDPR for transfers of data collected from Data Subject in the EU and EEA. Transfers may be made to ASH from the EU/EEA into the United States if: (i) the data subject has explicitly consented to the proposed transfer after having been informed of the possible risks of such transfers; the transfer is necessary for the performance of a contract between you as the data subject and ASH as the Controller, to data processors who have an agreement with ASH that includes protecting your privacy and the security of your data, and in cases where your Personal Data is necessary for the implementation of pre-contractual measures taken in accordance with your requests; (iii) the transfer advances the science of Hematology, which is important to the interests of the public; or (iv) the transfer is pursuant to standard contractual clauses or other agreements or safeguards in compliance with Article 46 of GDPR.
Last Modified: August 13, 2021.