ѻý

Jump to Main Content

About ASH

Privacy Policy

  1. Application of Policy
  2. Your Rights and Choices
  3. Changes to this Privacy Policy
  4. Contact and Electronic Communications
  5. Information We Collect About You
  6. How We Use Information
  7. Sharing and Disclosure
  8. Controlling Your Information
  9. Opt Out and Opt In
  10. Children
  11. Cookies and Tracking In
  12. Third-Party Links and Websites
  13. Social Media and Community Platforms
  14. How We Protect Your Information
  15. California Residents Rights (As provided by California Civil Code Section 1798.83)
  16. Commercial Electronic Messages (“CEM”) in Canada
  17. General Data Protection Regulations (GDPR)

PLEASE READ THIS PRIVACY STATEMENT AND NOTICE OF PRIVACY PRACTICES CAREFULLY. This Privacy Statement and Notice of Privacy Practices (“Privacy Policy”) sets forth the privacy practices of the ѻý (“we” or “us” or “ASH”). This Privacy Policy is intended to be applicable to all data collection by ASH and shall apply to your use of this website, your downloading and use of our mobile applications, or to any pages, facilities, services, or capabilities accessible on or by any top-level ASH domain owned by us, including but not limited to the following www.hematology.org, www.ashacademy.org, www.ashondemand.org, www.scdcoalition.org, www.bloodjournal.org, www.ashclinicalnews.org, www.bloodadvances.org, www.ash-sap.org, ASHPublications.org, any subsite, subdomain, subdirectory, virtual site, or virtual directory thereof that contains a link to this Policy (each, a “Site” and collectively the “Sites”). Our Sites may include external links to other websites, but ASH is not responsible for the privacy or data security practices of such third-party sites unless this Privacy Policy is posted there.

Application of Policy

This Privacy Policy does not apply to your use of any third-party website that may contain a link to a Site or any websites, applications or other information collected or used by any affiliate of ASH. Please visit the privacy policies of any such entities for information regarding your use of their sites and how they handle your personal information.

This Privacy Policy describes how ASH treats information that ASH obtains, including but not limited to the collection, storage, transfer, sharing and handling of information about you based on your use of the Sites. As used in this Privacy Policy, “Personally Identifiable Information” or “PII” means any information that may be used, either alone or in combination with other information, to personally identify an individual, household or device as defined by applicable laws. “Non Personally Identifiable Information” or “NPII” means any information that is not PII. “NPII” can include items like technical information collected from a web browser, or it can be demographic information, such as your age, gender, or interests that you provide to us, from which any identifying information has been removed. We consider information that has been de-identified (all identifiers have been removed) and combined with other de-identified information (for example, as part of a report that does not identify individuals but only groups) as NPII. If you do provide us with Non Personally Identifiable Information, we may use it for the purposes described in this statement or any other legal purpose. We also may combine NPII with PII, but any PII will continue to be protected as described in this Privacy Policy.

This Privacy Policy also applies to the processing of personal data of individuals located in the European Union. If you are located in the European Union, if the processing of your data is subject to the laws of a member state of the European Union by virtue of public international law, if your information is otherwise governed by European Union Law or parallel law, or if the processing activities are related to the offering of goods or services to data subjects in the European Union, or the monitoring of individuals’ behavior that takes place within the European Union, please review carefully the “General Data Protection Regulation (GDPR)” section below for more information regarding your rights and our activities relating to your personal data. If the GDPR section is applicable to your information, then other sections in this Privacy Policy still may apply to you but are subject to (and considered modified by) the GDPR section. Similar laws may apply to data originating from other countries as well.

This Privacy Policy is incorporated as part of the Terms and Conditions that apply with respect to your use of the Sites and your submission of information to ASH. This Privacy Policy may not be the only policy or agreement applicable to you. Please visit our Terms page for additional terms and conditions applicable to ASH’s services.

By providing us your information, you acknowledge that you have read this Privacy Policy and that you consent to ASH’s privacy practices as described in this Privacy Policy. You affirm your consent when you click through and accept the terms of this document on your initial visit to a Site and by submitting content or materials to us through our Sites or when you become a member of ASH.

This Privacy Policy is not intended to, and does not, create any contractual or other legal right in or on behalf of any person. The information you provide to ASH in the event that you become an ASH member is also governed by the terms and conditions of your membership. In the event of a conflict between this Privacy Policy and any term(s) of your membership, the terms of your membership will govern.

Your Rights and Choices

You may have certain rights regarding the PII we maintain about you. We offer you certain choices about what Personally Identifiable Information we collect from you, how we use that information, and how we communicate with you. You may refrain from submitting information directly to us, although doing so may impact our ability to provide the products, services, and information you request.  

Changes to this Privacy Policy

By ASH reserves the right to revise or update this Privacy Policy at any time, and you agree to be bound by those revisions or updates. ASH will notify you of any changes to the Privacy Policy by posting the revised or updated Privacy Policy and its “Last Modified” date on the Sites. You should check the Sites regularly for updates. Your continued use of the Sites constitutes your consent and acceptance of the new Privacy Policy and its revisions or updates once posted. 

Contact and Electronic Communications

By providing your information on our Sites and/or upon submission of an application to become an ASH member, you agree that we can communicate with you electronically regarding any legal, regulatory, technical, security, privacy, administrative or consumer notification obligation relating to your use of the Sites or regarding your membership. We may use your email address to confirm your request, to send you notice of payments, to send you information about changes to our products and services, and to send notices and other disclosures as described above or as required by law. Generally, users cannot opt-out of these communications, but they will be primarily informational in nature rather than promotional.

If you have any specific questions about this Privacy Policy, you can contact:

ѻý
  Attn: Data Protection Officer
  2021 L Street NW, Suite 900
  Washington, DC 20036

You also may contact the ASH Customer Relations Department by phone at 866-828-1231 (U.S. toll free) or 001-202-776-0544 (for International callers), Monday through Friday from 8:30 a.m. to 5:00 p.m. Eastern time.

Information We Collect About You

A. Personally Identifiable Information (“PII”)

Here are some examples and explanations of the ways in which we may collect, store, transfer, share or otherwise use PII that is made available to ASH.

Participation and Engagement History. When you use our services and/or become a member of ASH we track your participation and engagement history and in some circumstances make this information available to other members of ASH or to the general public. Participation history may include information about your committee membership and participation generally in the mission of ASH.

ѻý Directory. We maintain PII on all of our members, some of which (name, company name, address, phone, fax, email address, primary subspecialty and awards) may be accessed by other members through a secure online member directory. You may elect not to be included in this member directory by indicating your preference on the membership application form or in the membership options account settings. Inclusion in this directory means your information may be accessed only by other current ASH members through a password-protected, members-only area of the Sites.

“Find a Hematologist” Program. We also offer a voluntary, publicly accessible online directory of members through a section on our Site called “Find a Hematologist.” Inclusion in this directory is based upon an affirmative OPT IN selection in the address field table in your account settings. The Find a Hematologist directory allows patients and other members of the public to search for hematologists and provides users with contact information for members who have chosen to be listed in the directory. You may choose to OPT OUT of this directory at any time by accessing your membership profile and adjusting your account settings accordingly.

Survey Data. We may obtain personal information during the course of online surveys in which you choose to participate, but we do not retain such personal information or provide it to third parties except in aggregated, non-identifiable form.

Contribution and Payment Information. We collect information on the amount of contributions you have made to ASH and your purchase history from the Sites.

Award and Grant Recipient Data. When you accept an award or grant from ASH, we track your acceptance and engagement with the award/grant program and with your permission we may make your name, institution, and in some cases, your project topic, available to the general public.

Log Information. When you use our services or view content provided by ASH we automatically collect and store certain information in our server logs. This type of information includes details of how you used our service, IP address information described below, web pages that have been viewed by a visitor, domain type, device event information such as crashes, system activity, hardware, settings, browser type or version, browser language, the date and time of your request and referral URL.

Internet Protocol (IP) address. Your “IP address” is a number that lets computers attached to the Internet know where to send you data, such as the screens and pages of our services that you view. We use this information to deliver our screens and pages to you upon request, to tailor our services to the interests of you and our other visitors, and to measure traffic to and within our services.

Demographic Information. “Demographic information” may be your gender, age, zip code, and interests. We may collect such information about you through our services and use it to provide you with personalized services and to analyze trends to ensure that our services and the information on them is targeted to meet the needs of our membership and other constituencies.

Sensitive Information. Certain demographic information may be deemed PII or otherwise receive additional protections under certain laws. For example, we may collect information about your race, ethnicity, religious or philosophical beliefs, sexual orientation, or disability status (“Sensitive Information”) that you choose to provide to us in order to promote inclusion of a broad spectrum of individuals in our programs and to assure that various important viewpoints are heard in developing and implementing our policies and programs. Any collection of Sensitive Information will solely be at your choosing and with your consent.

Device Information. “Device Information” may include information we collect such as your hardware model, operating system version, unique device identifiers and mobile network information including phone number. We may associate your device identifiers or phone number with your account.

Location Information. When you use ASH services, we may collect and process information about your actual location. We use, or may in the future use, various technologies to determine location, including IP Address, Global Positioning Systems on mobile devices and other sensors that may provide ASH with information about nearby devices, Wi-Fi access points and cell towers.

Credit Card Information. Users may be prompted to enter their credit card information, including, for example, when making purchases, renewing membership, or making a donation online. Any credit card information you may provide to us is secured during transmission over the Internet using industry-standard security measures and only the last 4 digits of the credit card are retained.

B. Non-Personally Identifiable Information (“NPII”)

NPII that we may gather can include items like technical information collected from a web browser, or it can be demographic information, such as your age, gender, or interests that you provide to us, from which any identifying information has been removed. We consider information that has been de-identified (all identifiers have been removed) and combined with other de-identified information (for example, as part of a report that does not identify individuals but only groups) as NPII.

How We Use Information

A. Personally Identifiable Information. If you provide us with PII, we will only use it for the purposes described in this statement.

We use PII to provide you with services, to develop our membership, to provide ASH members with certain opportunities, for Site troubleshooting and maintenance, to communicate with you about your membership, opportunities and our services, or to conduct marketing and fundraising research. For example, we may use PII at the time and place where we receive it such as collecting your name at a conference in order to provide you relevant information, a name tag, etc. We also use PII in our services to:

  • help us create and publish content most relevant to you;
  • enable us to deliver our publications to you;
  • allow you access to certain areas of our Sites;
  • develop your profile as part of your ASH membership, membership application or other interaction with ASH, and to enable you to take advantage of the personalized features of our Sites;
  • provide you with information about grant opportunities, educational publications (e.g., medical textbooks, scientific journals), and other educational programs or courses that may be of interest to you;
  • alert you to special offers, updated information, and our other new services or those of other third-parties;
  • forward promotional materials and to fulfill the terms of such promotion;
  • complete a transaction or service requested by you;
  • target our services to your needs;
  • identify you as a poster or provider of content;
  • contact you in response to sign up forms such as “Contact Us” or “Order Inquiry”; and allow you to register for meetings, submit abstracts, apply for award and grant programs, and to request additional information.

Any PII that constitutes “Sensitive Information” that you choose to provide will be used purely for ASH internal purposes and will not be provided to third parties without your consent. We may, however, use Sensitive Information in order to promote inclusion of a broad spectrum of individuals in our programs and policies and to assure that various important viewpoints are heard.

Any Credit Card Information that you choose to provide will be used only to bill you for the products and services you order from us. We do not share your credit card information with anyone except as may be necessary or expedient to process your transactions or comply with law.

Legal Disclosure. We may disclose information about you and your use of services if we believe that such disclosure is reasonably necessary to:

  • Comply with the law and/or legal process where a formal request has been made (e.g. request from an administrative oversight agency, civil suit, subpoena, court order or judicial or administrative proceeding);
  • Protect or defend our rights and/or property or the rights and property of others;
  • Enforce our Terms, this Privacy Policy, and/or other agreements or policies;
  • Respond to claims that the content(s) of a communication violates the rights of another.
  • Respond to urgent circumstances to protect your personal safety or the personal safety of others.

Also, circumstances may arise where, for business reasons, we may decide to reorganize, or divest all or part of our business through sale, assignment, merger or acquisition, or we may acquire a new business. In these circumstances, personal information may be shared with the actual or prospective purchasers or assignees or with the newly acquired business. In such an event, we shall provide notice of any material change to this Privacy Policy, or our services, in the manner described in the Changes to this Policy section of this Privacy Policy.

B. Non-Personally Identifiable Information. We may use Non-Personally Identifiable Information for the purposes described in this Privacy Policy or any other legal purpose.

Reports. We periodically prepare analyses and reports reflecting visitor and member use of the services. In preparing these reports, we may combine and analyze the information you provide to us with information from other sources. However, these reports, when completed and before they are shared, will only include aggregated information about visitors and members. The information in these completed reports will not identify individuals. Any third party with whom such reports may be shared also will not be able to contact you from the information contained in the reports.

Sharing and Disclosure

A. Personally Identifiable Information. Primarily, we may share your PII (other than “Sensitive Information”) or disclose it to third parties in the following instances:

  • To provide you with a product or service that you requested or that is a benefit of your membership, including delivery of our publications to you.
  • We may offer our meeting registration mailing lists to our affiliates, strategic partners, agents, or from third-party marketers and other unaffiliated parties that we believe may be of interest to you, or to assist such parties for research, administrative, and/or business purposes.
  • To unaffiliated third-party service providers, agents, or independent contractors who help us maintain our services and with other administrative services (including, but not limited to, order processing and fulfillment, providing customer service, maintaining and analyzing data, sending customer communications on our behalf, and entry collection, winner selection and prize fulfillment for contests, sweepstakes, and other promotions). We seek to ensure that such unaffiliated third-parties will not use your PII for any purpose other than that for which they are responsible. However, we cannot guarantee that they will not use it for any other purpose.
  • To complete your purchase. If you choose to make a purchase on or through our services, we may ask you for your credit card number, billing address, and other information in connection with completing such purchase, and we may use such information to fulfill your purchase. We may also provide such information, or other PII provided by you, to unaffiliated third-parties to complete your purchase (for example, to process your credit card).
  • To third parties as part of a corporate reorganization process including, but not limited to, mergers, acquisitions, and sales of all or substantially all of our assets.
  • To protect against fraud and potential fraud. We may verify the information you provide using our services through third parties. In the course of such verification, we may receive additional PII about you from such services. In particular, if you use a credit card or debit card to purchase services with us, we may use card authorization and fraud screening services to verify that your card information and address match the information you supplied to us, and that the card has not been reported as lost or stolen.

B. Non-Personally Identifiable Information. We may share and disclose NPII for the purposes described in this statement or for any other legal purpose, including to track and analyze non-identifying, aggregate usage and volume statistical information from our visitors and customers and provide such information to third parties. We also may combine NPII with PII and use and share it for purposes where the use and disclosure of PII is permitted by this Privacy Policy and applicable law.

Controlling Your Information

A. Accessing Your Profile. As a convenience, we provide a number of different opportunities to review and change information in your profile and to unsubscribe from our Services. For example, you can go to the website and log into your profile page to make desired changes.

B. Contact Us to Request Changes. Upon request we will attempt to delete such information, where technically feasible, after we receive a request from you to delete information. Please be advised that by requesting that your data be removed from our database, you will be unsubscribed from our services.

Please be advised that we may reject requests that are unreasonably repetitive, require disproportionate administrative or technical efforts, risk the privacy of other individuals or would be commercially unreasonable or impracticable.

We will retain your information for as long as your account is active or as needed to provide you services and as required by law, required for legal or operational purposes, to resolve disputes, or in accordance with our document retention policies and practices.

If you encounter a screen or page that requests information you do not want to share with us, do not enter the information and do not proceed with that screen or page.

Opt Out and Opt In

A. Opt-Out of Communications:

You may choose not to receive promotional email communications from us and can opt-out of receiving other types of communication from us such as emails, updates regarding new services and products offered on or through our services, and notices concerning new features available with our services or products.

You may exercise your opt-out by ticking or un-ticking the appropriate box, if there is a checkbox where such information is collected, or by contacting us. You also may opt-out of receiving such emails by clicking on the “unsubscribe” link within the text of the applicable email. We will process your unsubscribe request as soon as possible, but please be aware that in some circumstances you may receive a few more messages until your request is processed.

B. Opt-Out of Third Party Mailings:

We make our meeting registration mailing lists available to outside groups for educational purposes other than accredited Continuing Medical ѻý (“CME”), including mailings about grant opportunities that could be beneficial to members, educational publications (e.g., medical textbooks, scientific journals), and educational programs or courses. However, meeting registrants who do not wish to have their mailing addresses shared with outside parties in this manner may opt-out by contacting ASH Member Services at 202-776-0544 or [email protected].

C. Opt-In by CME Participants:

Beginning on January 1, 2022, any participants in any accredited Continuing Medical ѻý (“CME”) program provided by ASH, whether at ASH Annual Meetings or otherwise, must affirmatively opt-in and provide consent if they desire to share their learner contact information or other PII in connection with that CME Program.

Children

The Sites and services are not intended for use by children. We do not intentionally gather Personally Identifiable Information about visitors who are under the age of 13. If a child has provided us with Personally Identifiable Information, a parent or guardian of that child may contact us to have the information deleted from our records. If you believe that we might have any information from a child under age 13, please contact us at [email protected]. If we learn that we have inadvertently collected the personal information of a child under 13, or equivalent minimum age depending on jurisdiction, we will take steps to delete the information as soon as possible.

Cookies and Tracking

In connection with the services, we or other parties may use cookies, web beacons, or other technologies that store or track information related to your use of the services.

For some of our Sites, we may post a Cookie Policy that is Site specific. We do this in order to best describe the use of cookies for Sites that are administered by our third party vendors. By posting a separate and site specific policy on these selected Sites, we are able to provide transparency to you and describe in detail where the use of cookies is configured in a way that is different than how ASH typically manages cookies on its Sites. The reason for this is that some of our third party site administrators are in the process of developing and upgrading their compliance and technical use capabilities in the interest of providing maximum choice to visitors to the Sites. Examples of these Sites include ashpublications.org and the sites relating to the specific publications referenced there. For these Sites, we will continue to update you as the technical and compliance capabilities are enhanced and additional choices regarding the use of cookies becomes available to you.

Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. Our Services do not support Do Not Track requests at this time, which means that we collect information about your online activity while you are using our Services. We do not collect online activity after you leave our Services.

Third-Party Links and Websites

Our Sites may contain links to third-party services. While we endeavor to work with third parties that share our respect for user privacy, we are not responsible for the websites or privacy practices of such third-parties. In addition, this Privacy Policy is not intended to describe data handling procedures for information collected by other linked websites or third parties. You are responsible for knowing when you are leaving our Sites to visit a third party website and for reading and understanding the terms of use and privacy policy statements for each such third party. Participants in CME programs hosted on an ASH platform will be notified when they are leaving the ASH platform.

Social Media and Community Platforms

Any information, communications, or material of any type or nature that you submit to the Sites (including, but not limited to, any ASH Sites contained on a social media platform or website such as Facebook, Instagram or Twitter) by email, posting, messaging, uploading, downloading, or otherwise (collectively, a Submission) is done at your own risk and without any expectation of privacy. ASH cannot control the actions of other users of any social media platform or website, and ASH therefore is not responsible for any content or Submissions contained on such sites and platforms. By visiting any ASH Site that is contained on a social media platform or website, you are representing and warranting to ASH that you have reviewed the applicable privacy policy and terms of use of such platform or website and that you will abide by all such provisions contained therein. We may provide public areas on our services, such as forums and chat rooms, where you can post information about yourself and others. Please exercise discretion and use caution with respect to your information, especially in such public areas. We do not control who reads postings on our services, or how they may use or disclose such information. If you choose to voluntarily disclose information on public portions of our services, that information may be subject to web searches and will be publicly available to be collected and used by others. For example, if you post your email address, you may receive unsolicited messages. PLEASE BE EXTREMELY CAREFUL WHEN DISCLOSING ANY INFORMATION ABOUT YOURSELF OR OTHERS IN PUBLIC AREAS OF OUR SERVICES. WE ARE NOT RESPONSIBLE FOR THE USE OR DISCLOSURE OF SUCH INFORMATION.

How We Protect Your Information

ASH maintains reasonable and appropriate measures to protect your information from loss, misuse and unauthorized access, disclosures, alterations and destruction taking in to account the risk involved in the processing and the nature of PII. Unfortunately, no site, server or database is completely secure or “hacker proof.” We therefore cannot guarantee that information about you will not be disclosed, misused or lost by accident or by the unauthorized acts of others.

California Residents Rights (As provided by California Civil Code Section 1798.83)

(As provided by California Civil Code Section 1798.83)

A California resident who has provided personal information to a business with whom he/she has established a business relationship for personal, family, or household purposes (“California customer”) is entitled to request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. In general, if the business has made such a disclosure of personal information, upon receipt of a request by a California customer, the business is required to provide a list of all third parties to whom personal information was disclosed in the preceding calendar year, as well as a list of the categories of personal information that were disclosed.

Although ASH is a non-profit organization, California customers may request further information relating to their personal information by e-mailing [email protected].

Commercial Electronic Messages (“CEM”) in Canada

Canada’s Anti-Spam Law requires that the Company obtain the express consent of Canadian citizens before sending an electronic message such as an email that contains a promotion about our products. We will ask you for your explicit consent when you provide us with your email address or other personal information through which we intend to encourage your participation in a commercial activity, such as a promotion for our products.

If you explicitly consent to receiving CEM, each communication sent to you will contain an option to unsubscribe to the communications or to revoke your consent to receive CEM. Alternatively, you can contact us at the address or email provided below in the “Contact Us” section to be removed from our mailing lists.

General Data Protection Regulations (GDPR)

In the event that we collect Personal Data (as defined in the GDPR) that is subject to the GDPR or other similar international data protections laws, this section will apply. Terms in this section are to be understood in a manner consistent with GDPR including the definition of such term in the GDPR. Such term may have a different definition or meaning in other portions of this Privacy Policy because GDPR may not apply to those sections.

Identification of Data Controller:

The Data Controller is the ѻý. ASH is located at 2021 L Street NW in Washington, DC. You may contact the ASH Customer Relations Department by phone, please call 866-828-1231 (U.S. toll free) or 001-202-776-0544 (for International callers), Monday through Friday from 8:30 a.m. to 5:00 p.m. Eastern time.

Identification of Data Protection Officer and Contact Details:

You may contact the Data Protection Officer by phone, 001-202-776-0544, Monday through Friday from 8:30 a.m. to 5:00 p.m. Eastern time, by email: [email protected] or by mail at 2021 L St., NW, Suite 900, Washington, DC 20036.

Identification of Primary Member State Supervisory/Data Protection Authority:

You have the right to lodge a complaint regarding the processing of your Personal Data with us by contacting our Data Protection Officer listed above. You also may lodge a complaint with the Data Protection Authorities in the Member State where you habitually reside, work, or where an infringement occurred. You can .

Identification of Data Protection Representative:

We have appointed DPR Group as our Data Protection Representative in the European Union so that you can contact our Representative directly in your home country. DPR Group has locations in each of the EU countries and the UK.

If you want to raise a question to ASH, or otherwise exercise your rights in respect of your personal data, you may do so by contacting our Data Protection Officer listed above or by:

  • sending an email to DPR Group at [email protected],
  • contacting DPR Group on its online webform at , or
  • mailing your inquiry to DPR Group at the most convenient of the addresses set forth below.

PLEASE NOTE: When mailing inquiries, it is ESSENTIAL that you mark your letters for “DPR Group” and not “ѻý” or your inquiry may not reach us. Please refer clearly to ѻý in your correspondence. On receiving your correspondence, ASH is likely to request evidence of your identity to ensure your personal data and information connected with it is not provided to anyone other than you.

If you have any concerns about how DPR Group will handle the personal data it will require to undertake its services, please refer to DPR Group’s privacy notice at .

Country Address
Austria DPR Group, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
Belgium DPR Group, Place de L’Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium
Bulgaria DPR Group, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria
Croatia DPR Group, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia
Cyprus DPR Group, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus
Czech Republic DPR Group, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic
Denmark DPR Group, Lautruphøj 1-3, Ballerup, 2750, Denmark
Estonia DPR Group, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia
Finland DPR Group, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland
France DPR Group, 72 rue de Lessard, Rouen, 76100, France
Germany DPR Group, 3rd and 4th floor, Altmarkt 10 B/ D, Dresden, 01067, Germany
Greece DPR Group, 24 Lagoumitzi str, Athens, 17671, Greece
Hungary DPR Group, EMKE Building, Rákóczi Út 42, Budapest, 1072, Hungary
Ireland DPR Group, Phoenix House, Monahan Road, Cork, T12 H1XY, Republic of Ireland
Italy DPR Group, BPM 335368, Via Roma 12, 10073 , Ciriè TO, Italy
Latvia DPR Group, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia
Lithuania DPR Group, Vilniaus g.31, Vilnius, LT- 01402, Lithuania
Luxembourg DPR Group, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg
Malta DPR Group, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta
Netherlands DPR Group, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands
Poland DPR Group, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland
Portugal DPR Group, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal
Romania DPR Group, World Trade Centre, Piata Montreal no 10, Entrance F, 1st Floor, Sector 1, Bucharest, 11469, Romania
Slovakia DPR Group, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia
Slovenia DPR Group, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia
Spain DPR Group, Puerta de las Naciones, Ribera del Loira 46, Madrid, 28042, Spain
Sweden DPR Group, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden
United Kingdom DPR Group, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom

Processing Purposes:

ASH processes your Personal Data for the following lawful purposes and based upon the legal justification set forth in the parenthetical:

  • Your submission of Personal Data to complete your membership application. (CONSENT)
  • Your submission of Personal Data to complete the sale of ASH publications, Webcasts and to obtain CME Test Credit. (CONTRACT)
  • Processing Personal Data associated with your participation as a Speaker or in association with your submission of content for ASH’s annual meeting or other ASH meetings (CONSENT)
  • Your submission of Personal Data for Registration at ASH’s annual meeting. (CONSENT)
  • Your submission of abstracts, manuscripts or other content, as well as payment of any applicable author fees, for ASH publications such as Blood or Blood Advances (CONSENT)
  • Your submission of Personal Data to our third party vendors for enrollment in our awards program (CONSENT, CONTRACT)
  • Your submission of Personal Data to our third party vendors for services like our Resume Listing Feature. (CONSENT)

To the extent that Sensitive Information is collected in a manner not described above, it will be collected based on your consent.

Legal Basis for Processing:

We process your Personal Data with your consent or subject to the performance of a contract to which you as the data subject are a party or alternatively in order to take steps at your request to enter into an agreement with ASH. You have the right to withdraw your consent at any time. The Personal Data collected by ASH originates from the individual providing his/her Personal Data (either directly or through a clinical site) or, in the cases of the submission of abstract data, from such individual and other publicly available sources.

Recipients of Personal Data:

We share your Personal Data with our third party vendors on the basis of the consent you provide to us or in order to fulfill our contractual obligations as part of the services we provide to you when you decide to engage with us. The recipients of your Personal Data include our third party data processors, which include but are not limited to our “software as a service” providers, consisting of our third-party database administrators, lead management vendors, third party application developers, attendee, exhibitor and registration vendors, and third party digital content managers. When we share your Personal Data with these third party vendors, we do so subject to a Data Protection Agreement to ensure that they are in compliance with the requirements of the GDPR.

These recipients process Personal Data for the below purposes:

Processing Purposes:

  • To fulfill a service or provide a publication to you in furtherance of your choices or in order to fulfill the terms of a contractual agreement between you and ASH.
  • Subject to your choices, in order to offer you products from our affiliates, strategic partners, agents, or from third-party marketers and other unaffiliated parties that we believe may be of interest to you, or to assist such parties for research, administrative, and/or business purposes.
  • Subject to the execution of a data protection agreement, to unaffiliated third-party service providers, agents, or independent contractors who help us maintain our services and with other administrative services (including, but not limited to, order processing and fulfillment, providing customer service, maintaining and analyzing data, sending customer communications on our behalf, and entry collection, winner selection and prize fulfillment for contests, sweepstakes, and other promotions).
  • To comply with law, or in the good faith belief that such action is necessary to conform to the requirements of law, or comply with legal process served on us, and to protect and defend our rights or property, or act in urgent circumstances to protect the personal safety of you and our other visitors. To the extent permitted, ASH will inform Data Subjects before making such disclosure and provide it with a reasonable opportunity to object to such disclosure.
  • To third parties as part of a corporate reorganization process including, but not limited to, mergers, acquisitions, and sales of all or substantially all of our assets. To the extent permitted, ASH will inform Data Subjects before making such disclosure and provide it with a reasonable opportunity to object to such disclosure.
  • Subject to your choices and your consent to track and analyze non-identifying, aggregate usage and volume statistical information from our visitors and customers and provide such information to third parties.

Onward Transfer:

ASH will not disclose Personal Data to a third party except as stated below:

ASH may disclose Personal Data to subcontractors and third-party agents. Before disclosing Personal Data to a subcontractor or third-party agent, ASH will obtain assurances by contractual agreement from the recipient that it will: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the subcontractor or third-party agent is obligated to provide at least the same level of privacy protection as is required by the GDPR; (iii) take reasonable and appropriate steps to ensure that subcontractors and third-party agents effectively process the personal information transferred in a manner consistent with the organization’s obligations under the GDPR; (iv) require subcontractors and third-party agents to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the GDPR; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with subcontractors and third-party agents to the Supervisory Authorities upon request.

ASH also may be required to disclose, and may disclose, Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements, or in the event of a merger or acquisition.

Data Integrity:

ASH is responsible for ensuring that (a) Personal Data collected is accurate, complete, current and reliable for its intended uses; and (b) Personal Data is retained only for as long as is necessary to accomplish the legitimate business purposes disclosed to the Data Subject and for any compatible purposes. ASH will cooperate with reasonable requests for assistance in meeting these obligations.

Retention of Personal Data:

Personal Data obtained by ASH is adequate, relevant and not excessive in relation to the purposes described in this Privacy Policy. The Personal Data is processed for purposes specified herein and will only be processed consist with these purposes described herein. ASH will request only the minimum amount of information required to perform the applicable services and will retain such information only for as long as necessary to provide the services or for compatible purposes, such as to provide additional services, to comply with legal requirements, or to preserve or defend ASH’s legal rights.

Right of Access to your Personal Data:

Data Subjects have the right to access the Personal Data an organization holds about them. If such Personal Data is inaccurate or processed in violation of the GDPR, a Data Subject may also request that Personal Data be corrected, amended, or deleted. When ASH receives Personal Data, it does so on behalf of the individual submitting such Personal Data. To request access to, or correction, amendment or deletion of, Personal Data, Data Subjects should contact ASH’s Data Protection Officer. ASH will cooperate with all reasonable requests to assist Data Subjects to exercise their rights under the GDPR.

Choice:

Data Subjects have the right to opt out of (a) disclosures of their Personal Data to third parties not identified at the time of collection or subsequently authorized, and (b) uses of Personal Data for purposes materially different from those disclosed at the time of collection or subsequently authorized. Data Subjects who wish to limit the use or disclosure of their Personal Data should submit that request to ASH’s Data Protection Officer. ASH will cooperate with the Data Subjects’ instructions regarding Data Subjects’ choices.

Security:

See “How We Protect Your Information” above for further information about our security practices.

Transfers to the United States from the European Union:

In using the Sites, your Personal Data will be transferred to the United States, which is not recognized as a country having adequate safeguards for the protection of Personal Data. ASH relies on Article 46 and/or Article 49 of the GDPR for transfers of data collected from Data Subject in the EU and EEA. Transfers may be made to ASH from the EU/EEA into the United States if: (i) the data subject has explicitly consented to the proposed transfer after having been informed of the possible risks of such transfers; the transfer is necessary for the performance of a contract between you as the data subject and ASH as the Controller, to data processors who have an agreement with ASH that includes protecting your privacy and the security of your data, and in cases where your Personal Data is necessary for the implementation of pre-contractual measures taken in accordance with your requests; (iii) the transfer advances the science of Hematology, which is important to the interests of the public; or (iv) the transfer is pursuant to standard contractual clauses or other agreements or safeguards in compliance with Article 46 of GDPR.


Last Modified: August 13, 2021.