This site is not optimized for Internet Explorer 8 (or older).
Please upgrade to a newer version of Internet Explorer or use an alternate browser such as Chrome or Firefox.
- Who We Are and What We Do
- How We Collect Information
- That You May Withhold Data
- How We Use Information
- Our Lawful Reasons for Processing Your Information
- Links to Other Sites
- How We Keep Your Data Secure
- How Long We Keep Your Information
- The Personal Data Rights of Individuals to Whom the GDPR Applies
CTSNet only uses your personal data, such as your name, contact details, and profile information in our legitimate business interest to connect the global cardiothoracic community and to nurture communication, collaboration, and education amongst the worldwide cardiothoracic community via electronic resources. We do not sell your data to any third parties. However, in accordance with our mission, we do send carefully vetted communications regarding important topics, including educational meetings, research initiatives, and medical devices, on behalf of trusted third parties. Further, in order to provide our services to you, we may be required to send your relevant personal data to our trusted third-party data processors and participating cardiothoracic organizations.
In order to carry out the important work of CTSNet, we collect your personal data. One of the reasons we do so is that it helps to ensure that our interactions with you are timely, relevant, and personalized. We collect personal data during your visit to our websites. By personal data we mean “any information relating to an identified or identifiable natural person” such as name, postal address, and email address. The personal data we process is either provided directly by you on a voluntary basis or collected automatically via our websites.
Personal data you provide to us voluntarily
You may choose to provide CTSNet with personal data. If you choose not to provide some data, this may affect the way you navigate our websites or receive the services that we offer you. When you are creating or updating your CTSNet profile or submitting materials for publication on CTSNet, we may ask for personal data such as your name, title, postal address, email address, telephone number, the name of your institution, qualifications, areas of practice/interest, and, where necessary, your date of birth. This data is used to establish your identity and eligibility verification in various scenarios. When you contact us via email or information request links on our websites, we will use the data you provide in order to provide the information or support that you have requested.
Personal data we collect automatically
• Allowing you to avoid having to log in to your account repeatedly when visiting our websites.
• Helping us to understand how visitors use our websites so that we can enhance their experience.
Website browsers typically permit you to configure settings so that your device accepts all cookies, to notify you when a cookie is issued, or to not accept cookies at any time. If you disable cookies, this will prevent us from being able to provide some personalized services. We recommend that you read the information that comes with your browser software to learn how to configure its treatment of cookies.
From time to time, we use social media platforms to promote our educational offerings to visitors to our websites. To opt out of receiving these cookies, please visit the social media platforms that you use and configure the settings accordingly. Further information about cookies is available from these third-party sites: http://www.allaboutcookies.org and http://www.youronlinechoices.eu (these provide information tailored to users in European Union countries).
You may choose not to provide CTSNet with any or all of the personal data that we request. However, if you choose not to provide some data, it may affect the way you navigate our websites or receive the services that we provide. Depending on the information you choose to withhold, we may not be able to provide particular services to you.
We enlist the services of other companies and organizations to help us deliver services to you; we maintain privacy contracts with them to ensure they will safeguard any personal data that they process on our behalf. These companies and organizations include but are not limited to:
- Website development vendors (for creating, enhancing, and maintaining our websites)
- Website hosting vendors (for hosting our websites)
- Mass emailing software providers (for transmitting our global electronic communications via email)
- Mobile app development vendors (for creating, enhancing, and maintaining our mobile applications)
Our Lawful Reasons for Processing Your Information
The GDPR states that we are only allowed to process personal information of individuals to whom it applies if we have a proper reason to do so. This includes sharing it with third parties. We must be clear about why we process their data and what our lawful basis is for processing such data. The six lawful bases for processing are set out in the GDPR, and at least one of them must apply whenever we process personal data of individuals to whom the GDPR applies. Further information is available at this third-party website: https://ico.org.uk/For-Organisations/Guide-To-The-General-Data-Protection-Regulation-Gdpr/Lawful-Basis-For-Processing. These lawful bases are:
- Contract: The processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
- Legal obligation: The processing is necessary for us to comply with the law (not including contractual obligations).
- Vital interests: The processing is necessary to protect someone’s life.
- Public task: The processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
- Legitimate interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.
- Consent: You have given clear consent for us to process your personal data for a specific purpose.
When it is in our legitimate interest, we process your data to accomplish various objectives, including:
- Communicating with you about your membership in the CTSNet community
- Notifying you about important updates and enhancements to CTSNet.org and other CTSNet platforms
- Emailing you information on our global news summaries, Journal and News Scan posts, and our educational publications and initiatives
- Inviting you to submit educational materials to CTSNet
- Inviting you to interact with the global cardiothoracic community
- Informing you about cardiothoracic educational meetings and courses around the world
- Making you aware of new medical devices and techniques
- Inviting you to participate in or watch live streamed educational events
- Inviting you to serve on a CTSNet leadership body
- Inviting you to participate in a CTSNet educational roundtable recording
- Promoting our educational offerings
- Encouraging you to update your CTSNet profile
We may also use social media sites such as Facebook, LinkedIn, Twitter, and YouTube to reach you about CTSNet educational materials and other offerings. If you do not want to see targeted advertising from us on social media, please refer to the instructions provided by the social media platforms that you utilize.
We may disclose personal information if required to do so by law or if we believe that such action is necessary to protect and defend the rights, property, or personal safety of CTSNet, our websites, or our visitors, and for other lawful purposes.
We may provide links on our websites to non-CTSNet websites for your convenience and information. These websites operate independently and are neither affiliated with CTSNet nor under our control. These websites may have their own privacy policies in place, which we strongly suggest you review if you choose to visit such websites. We cannot be responsible for the privacy policies and practices of other websites, even if you access them using links from our websites.
We maintain appropriate administrative, technical, and physical safeguards to protect your personal data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and all other unlawful forms of processing of the personal data in our possession.
We limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. All CTSNet-dedicated staff with access to your personal data understand the importance of keeping your information safe and secure at all times and are given applicable training.
However, the transmission of information over the internet is never completely secure and as a result, while we strive to protect your personal information, CTSNet cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your data, we make every reasonable effort to ensure its security, both on our systems and while in transit between our systems and third parties who work on our behalf.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
If you are a resident of the European Economic Area, you should be aware that the personal data we collect from you is collected and stored in the United States, which may not have the same level of data protection as your home country.
How Long We Keep Your Information
We will hold your personal information on our systems for as short a time as is necessary or appropriate for the relevant activity and to meet any legal or regulatory requirement. This is so that we can provide the services, products, or information you have requested, to administer your relationship with us, to ensure that we do not communicate with you if you have asked us not to, and to comply with the law.
Personal Data Rights of Individuals to Whom the GDPR Applies
If you are a person to whom the GDPR applies, you have the right to:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request that we transfer your personal data to someone you designate.
- Withdraw any consent you have granted to us regarding your personal data.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request under such circumstances.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex, or you have made a number of requests. In this case, we will notify you and keep you updated.
If you would like to know more about the personal data we process about you; access a copy of the personal data we have collected from you; correct, update, erase, or transfer the data we hold about you; revoke your consent for us to use your data; or ask any other questions you may have about our privacy practices, we offer two options:
1) To review and update your personal data stored on CTSNet, please at https://www.ctsnet.org/user/me/edit.
2) To make a request or inquiry regarding your personal data, please submit using the Contact CTSNet form.
When you tell us that you no longer want to hear from us for marketing purposes, please be aware that we may still contact you for administrative purposes.
Lastly, if you are a citizen of the European Union, you also have the right to lodge a complaint about the way we manage your data with the applicable European Union Data Protection Authority (DPA). We would, however, appreciate the chance to hear your concerns and resolve any problems before you approach the DPA, so please contact us first in one of the two ways described above.
Last revised: May 25, 2018