We wrote this policy to help you understand what information we collect, how we use it, and what choices you have.
This policy forms the basis of the contract through which ISAPS will deliver its service to you. By consenting to this policy, you are providing us with the appropriate consent to handle your personal information for these purposes.
As an international organization with members in 116 countries, we take seriously our obligations to protect your personal data. We aim to apply best practice principles to the management of your data and the policies below describe how we may use it.
Consent is where we ask you if we can use your information in a certain way, and you agree to this (for example when we send you marketing material via post, phone, text, or email). Where we use your information for a purpose based on consent, you have the right to withdraw consent for any future use of your information for this purpose at any time by telephoning +44 20 7031 6063, or emailing us at email@example.com.
We may use your personal information where we need to do so to comply with one of our legal or regulatory obligations. For example, in some cases we may need to share your information with a regulator, or to use information we collect about you for due diligence or ethical screening purposes.
Performance of a contract / take steps at your request to prepare for entry into a contract
We may use your personal information where we are entering into a contract with you or performing our obligations under that contract. Examples of this would be if you buy something from us (for instance membership or registration for one of our events), apply to work with us, or are engaged to undertake research, a fellowship, or some other activity by us.
We may use your personal information where it is necessary for us to protect life or health. For instance, if there is an emergency affecting individuals at one of our events, or a safeguarding issue which requires us to contact people unexpectedly or share their information with emergency services.
We may use your personal information if it is reasonably necessary for us (or others) to do so and in our/their “legitimate interests” (provided that the information used is used for fairly and does not unduly impact your rights). We consider our legitimate interests to include all of the day-to-day activities ISAPS carries out with personal information including:
- providing membership services;
- organizing and delivering events;
- communicating by email or telephone with our members and people who are in the process of applying for ISAPS membership;
- use of personal information when we are monitoring use of our website or apps for technical purposes;
- use of personal information to administer, review and keep an internal record of the people we work with, including our volunteers and contributors;
- sharing of personal information between relevant teams.
We only rely on legitimate interests only where we consider that any potential effect on you (positive and negative), how intrusive it is from a privacy perspective and your rights under data protection laws do not override our (or others’) interests in us using your information in this way.
We will only use sensitive personal information (for example, information about your gender, race or ethnic origin, your religious or political beliefs, or your health ) for general demographic purposes such as monitoring diversity, protecting your vital interests, or, if you have asked us to do so.
Collecting data about you
We collect information in a few different ways:
When you give it to us s directly or give us permission to obtain it.
When you join ISAPS as a member, pay dues or attend any of our meetings, you give us your information voluntarily. This may include your name, gender, degree (and other information relating to your qualifications), name, work address, home address, email address (personal and/or work), phone numbers (work, fax, cell, home), profile photo, date of birth, and payment information.
Information we may receive about you indirectly, from other sources:
ISAPS sometimes receives information about its members, and other people whose details we store on our systems, from our partners, suppliers and other third parties, such as exhibition, course and project organizers with whom we work.
- Log data. When you use ISAPS websites, our servers record information (“log data”), including information that your browser automatically sends whenever you visit a website, or that your mobile app automatically sends when you’re using it. This log data includes your Internet Protocol (IP) address, the address of and activity on websites you visit that incorporate ISAPS features.
- Device information. In addition to log data, we collect information about the device you use to access the ISAPS websites, including type of device, operating system, settings, unique device identifiers and crash data that helps us understand when something breaks.
Whether we collect some or all of this information often depends on what type of device you are using and its settings. For example, different types of information are available depending on whether you use a Mac or a PC, or an iPhone or Android phone. To learn more about what information your device makes available to us, please also check the policies of your device manufacturer or software provider.
Technical information we collect when you use our information tools
- Usage data and preferences
- Sign-up data
- Authentication detail
- Login history
- Session log – Actions taken during a session
- Device specific information (device type and identifiers; events, such as crashes)
- Account profile information
- Cookies associated with your account
- Verifying your login credentials
- Pages you view and actions taken on sites or with browsers incorporating ISAPS information
What we do with the information we collect
We use the information we collect solely to provide ISAPS services to you. We commit to showing you content that’s relevant to you. In order to do that, it’s necessary for us to use your information to:
- Identify you when you use the ISAPS websites, and process your transactions for registrations, dues payments and other orders.
- Respond to your questions or comments.
- We also have a legitimate interest to improve the ISAPS website, maintain our relationship with you as relates to your chosen level of engagement (as a member or otherwise), and to protect our users. We both benefit when we use your information to:
- Help your patients and contacts find you on the ISAPS website, if you agree to this.
- Conduct analytics on who is using the ISAPS websites and what they are doing .
- Improve ISAPS websites and offer new features.
- Ensure the authorized access to ISAPS benefits and products.
ISAPS email subscribers
When you are subscribed to ISAPS’ email list, you are subscribed to receive email communications from ISAPS, you will receive news about ISAPS, about our events, events organized by our partners, and news about aesthetic plastic surgery. All ISAPS members are added to our email list as subscribers, as we maintain a legitimate interest to contact our members as part of our membership arrangement.
In addition to the specific circumstances above, we’ll only use your information with your consent to send you ISAPS informational materials by mail, and email depending on your account or operating system settings.
Each time we send you an email about these informational materials, we give you the option to unsubscribe.
Information may be sent by ‘direct mail’ out of our member database, where we still control what you access according to our legitimate interest and your embedded consents; OR it may be sent to you via a third party mailing system which allows us to design the material we send to you (e.g. our ISAPS News / E-Magazine). Please be aware that if you choose to unsubscribe to one of these products, ISAPS is not able to reinstate that subscription for you.
Data transferred when signing up for an ISAPS event
We transmit personal data by which you may be identifiable data to third parties (data processors) only to the extent required to fulfil the terms of your contract with us, for example, to one of our event organizers, suppliers to allow you to register and attend the event. This applies equally, whether the event is being held "in person" (sometimes referred to as “IRL” or "in real life), a "hybrid event" taking place IRL and/or virtual, and for our "virtual" and "on demand" events, those being events that take place online.
Sharing your personal data with exhibitors and sponsors
By attending an ISAPS event, whether in person or online (by logging into one of ISAPS virtual platform) your name, country, job title, organization, area of interest and other details you choose to populate your event profile with, e.g., profile picture, may be visible to all attendees including sponsors and exhibitors. Your contact details (email address, telephone number and postal address) remain hidden.
You can revoke any consent you have given under this policy at any time by informing the exhibitor or sponsor when connecting with them.
Transferring your information
ISAPS is a worldwide organization. By using the ISAPS websites, you authorize us to transfer and store your information outside your home country for the purposes described in this policy and those that you choose to participate in. The privacy protections and the rights of authorities to access your information in these countries may not be the same as in your home country.
Choices you have about your information
Our goal is to give you simple and meaningful choices regarding your information. If you are an ISAPS member, or applying for membership, many of the choices you have with ISAPS are built directly into the ISAPS website or your settings. For example, you can:
- Edit information posted on the website in your member profile, or by contacting the Executive Office at any time, decide whether your profile is available on the ISAPS website, or choose whether others can find you using your email address.
- Withdraw your ISAPS membership at any time. When you do this, we will remove your information from the ISAPS website.
You also have choices available to you through the device or software you use to access the ISAPS website. For example:
- The browser you use lets you control cookies or other types of local data storage.
- Your mobile device lets you choose how and whether your location, photos, advertising identifiers and other data is shared.
To learn more about these choices, please see the information provided by your device or software provider.
How and when we share information
As part of your ISAPS member benefits, if you are an Associate, Active or Life member of ISAPS, you will be listed in our Find a Surgeon directory on ISAPS’ public website. In this case anyone can see your information. This information can include your profile photo, name, hospital address, phone number, professional website and social media accounts (if provided) and email address, as provided by you, when you set up your member profile.
All ISAPS members in all member categories are listed in our member directory, which is available for all members to view when logged in to our website. In this case anyone can see your information on the ISAPS Members’ Directory. This information includes your name, profile photo, hospital address, phone number, professional website social media accounts and email address, as provided by you, when you set up your member profile.
Some of our services require us to share information with third parties, so we can provide you the access requested (for example an online product, such as our Journal) or to improve your ISAPS experience, make sure our customization is effective, and that it complies with laws that apply to us. We may share your information with:
- Our third-party suppliers (if you are a member) to allow you to access other member services / products that you have requested, and which are hosted on third party (e.g., the ISAPS Journal publisher) secure websites.
- We also share data with security consultants to help us get better at identifying spam. Some information we acquire may be collected by third party providers on our behalf. Our website developer has access to your data in order to include it on the website.
- Other services (like Facebook or Google) when you decide to link your ISAPS account to those services or publish your activity on Facebook.
- Online advertisers, and third-party companies that we or they use to audit or improve the delivery and performance of ads or content on websites, and apps (for example, through Google Analytics). This includes what website pages you visited and whether or how you engaged with those pages, or other information about your activity on any ISAPS websites.
How long we keep your information
We keep your information for five years after your membership lapses, or after an event such as a course or congress has ended in the case that you do not have any ongoing relationship with ISAPS.
You have options in relation to the information that we have about you, described below. To exercise these options, please contact us. You can:
- Have your information corrected or deleted. You can update your information by contacting us, or by logging in to your ISAPS profile and changing it yourself.
- Object to us processing your information. You can ask us to stop using your information, including when we use your information to send you marketing emails. If you opt-out of receiving marketing messages from us, we may still send you newsletters and updates about upcoming events. We only send you marketing material if you've agreed to it, but if you'd rather we don't, you can easily unsubscribe at any time.
- Complain to a regulator. If you're based in the EEA and think that we haven't complied with data protection laws, you have a right to lodge a complaint with the Data Protection Commission or with your local supervisory authority.
How we keep your information safe
We ensure that there are appropriate technical and organizational controls (including physical, electronic and managerial measures) in place to protect your personal details. For example, our network is protected and routinely monitored.
We do not store credit card details, nor do we share financial details with any third parties.
SSL and/or TLS encryption: For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this our websites uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line. If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.
Tel: +44 20 7038 7810
Mail: ISAPS | 19 Mantua Road, Mount Royal, NJ 08061 United States
Our team member responsible for oversight of data protection is Sarah Johnson, ISAPS’ Executive Director.
The ISAPS Executive Office is responsible for protecting your information.
Effective May 1, 2018 Last Edited: 14 July, 2022