​
The following privacy disclosures (the “Disclosures”) describe how we at OPENPediatrics and OPENPediatrics’s affiliates (collectively, “we” or “OPENPediatrics”) collect, use and share the Personal Information of all individuals who access our site, including those located in the European Economic Area (European Union, Iceland, Liechtenstein or Norway). The Disclosures apply to Personal Information gathered by any means, including hardcopy (such as, paper applications or forms) and electronic means (such as, websites, mobile apps, and other digital properties), that are owned and operated by OPENPediatrics and that link to, expressly adopt, or reference in writing the Disclosures (collectively, the “Services”).
OPENPediatrics and affiliates may run and maintain their own websites on either the openpediatrics.org domain or organization-specific domains. These sites may carry their own privacy notices or provide additional information relating to their activities, which will supersede or supplement the Disclosures
​
OPENPediatrics is the controller of the Personal Information described below.
​
If you have any questions about the Disclosures or our information practices, please contact us using the contact us link provided below.
​
How we collect and use personal information
Information We Obtain from Third Party Sources
Additional Uses of Personal Information
How We Share and Disclose Personal Information
Links to Third Party Sites and Social Media
Managing Communication Preferences
​
HOW WE COLLECT AND USE PERSONAL INFORMATION
When we use the term “Personal Information,” we mean information that can be used to identify you as an individual person either directly or indirectly. We collect several categories of Personal Information through our Services, including information you provide, information collected automatically (potentially including location information), and information we obtain from third party sources.
We generally use the Personal Information that we collect to operate the various functions of this institution and provide the OPENPediatrics services that may be available to you.
We rely on separate and overlapping bases to process your Personal Information lawfully. By way of example only, it may be necessary for us to process your Personal Information in certain ways in order to process a transaction you have requested or otherwise in accordance with a contract between us, or in certain cases we may process your Personal Information as necessary to conduct OPENPediatrics’s legitimate interests, when those legitimate interests are not overridden by your rights and interests.
The ways in which we collect and use your information vary depending on the relationship between you and OPENPediatrics, as well as the specific OPENPediatrics functions with which you interact. The following sub-sections of the Disclosures are intended to describe in more detail our collection and use practices for a number of these relationships and functions.
​
WEBSITE, ONLINE EDUCATION, AND RESEARCH
OPENPediatrics collects Personal Information you provide in a number of ways including when you enter the information into form fields upon registration for our Services, apply for online educational offerings, at the commencement and throughout your online education interactions, and for the purpose of providing online education courses. If applicable, OPENPediatrics may also collect Personal Information for evaluating qualification for online education certificates and credits and/or as part of a research study in which you have agreed to participate.
As is true of most digital platforms, we also gather certain information automatically when you use our Services.
For example, we and our vendors may collect:
​
​
USE OF COOKIES AND SIMILAR TECHNOLOGIES
OPENPediatrics and our affiliates (collectively, “OPENPediatrics” or “we”) uses cookies (small text files placed on your device) and similar technologies to provide our websites and online services and to help collect data. Cookies allow us, among other things, to store your preferences and settings; enable you to sign-in; combat fraud; and analyze how our platform is performing.
We also use web beacons to help deliver cookies and gather usage and performance data.
These small data files or graphic files serve various functions:
-
Strictly Necessary: Necessary to deliver our services (for example, essential cookies);
-
Performance and Functionality: Enhance the performance and functionality of our services but are non-essential to their use (for example, performance and functionality cookies);
-
Analytics and Customization: Allow us to understand the effectiveness of our services, as well as to customize our services based on this information (for example, customization cookies and analytical web beacons)
​​
How can you control cookies and similar technologies?
Browser Controls: Most web browsers allow some control of most cookies through the browser settings. For more information about how to reject, disable or delete cookies, please review your browser’s help menu or visit www.aboutcookies.org or www.allaboutcookies.org. If you choose to reject cookies, you may not be able to take advantage of certain features, services, applications or tools available through the Services that are only available through the use of these technologies.
You can control the use of certain cookies and related technologies by:
-
Opting out of targeted online advertising through advertising networks (please visit http://www.aboutads.info/choices/, http://optout.networkadvertising.org/?c=1#!/ or http://www.youronlinechoices.com for more information);
-
Setting or amending your web browser controls to accept or refuse cookies (please visit your browser’s help menu for more information). If you choose to reject certain cookies, you may still use our websites and online services, though your access to some functionality and features may be restricted.
If you choose to reject certain cookies, you may still use our websites and online services, though your access to some functionality and features may be restricted.
​
INFORMATION WE OBTAIN FROM THIRD PARTY SOURCES
We may obtain certain Personal Information about you from third party sources, which we may use to serve our legitimate interests, comply with legal obligations, perform a contract, or in some cases, in accordance with your consent.
​
PARTNERS AND SERVICE PROVIDERS
We use partners and service providers, such as payment processors and analytics providers, to perform services on our behalf. Some of these partners have access to Personal Information about you that we may not otherwise have (for example, if you sign up directly with that provider) and may share some or all this information with us. We use this information to administer the Services and conduct marketing and advertising campaigns as well as to process transactions that you request.
​
OPENPediatrics maintains accounts on the following external social media websites for purposes of marketing and advertising:
-
Facebook
-
Instagram
-
Twitter
-
LinkedIn
From these websites, OPENPediatrics staff involved in data reporting and analytics are able to access aggregated, de-identified data relating to content utilization and social media metrics pertaining to each respective website, as applicable.
​
Such data include:
-
Plays of content
-
Time viewed/listened to content
-
Number of account followers/subscribers
-
Social media visibility and engagement indices (impressions, reach, etc.)
These data are accessed via the analytics dashboards provided by each respective site. The data are used in order to measure trends in content access in settings outside of the OPENPediatrics website, and to understand the reach and impact of OPENPediatrics in the general non-medical online social context. Data are reported in aggregated and de-identified fashion, mainly for internal process and performance improvement, but also may be utilized as part of educational research efforts. As with data from the OPENPediatrics website, data is only utilized for educational research after study protocols have been reviewed and approved by the Boston Children’s Hospital Institutional Review Board.
​
ADDITIONAL USES OF PERSONAL INFORMATION
In addition to the uses described above, including, but not limited to, under “Purposes of Processing” and “Information We Obtain from Third Party Sources,” we may use your Personal Information for the following purposes, which uses may under certain circumstances be based on your consent, may be necessary to fulfill our contractual commitments to you, and are necessary to serve our legitimate interest in the following operations:
-
Conducting our operations, administering the Services and managing your accounts;
-
Contacting you to respond to your requests or inquiries;
-
Processing and completing your transactions including, as applicable, course registration, order confirmation, enrollment in academic groups or other programs, processing payments for online purchases and course registration, and delivering products or services;
-
Providing you with newsletters, articles, service alerts or announcements, event invitations, and other information that we believe may be of interest to you;
-
Providing you with promotional information, offers, and other information that are personally tailored to your interests;
-
Conducting market research, surveys, and similar inquiries to help us understand trends and needs of our users;
-
Alerting you about a safety announcement;
-
Preventing, investigating, or providing notice of fraud, unlawful or criminal activity, or unauthorized access to or use of Personal Information, our website or data systems; or to meet legal obligations;
-
Enforcing our Terms of Use and other agreements
​
LEGITIMATE INTERESTS
We rely on several legitimate interests in using and sharing your Personal Information. These interests include:
-
Improving and customizing the Services for you;
-
Understanding how the Services are being used;
-
Obtaining insights into usage patterns of the Services;
-
Exploring ways to develop and grow our operations;
-
Ensuring the safety and security of the Services;
-
Conducting research and improving understanding in fields of public interest and health; and
-
Enhancing protection against fraud, spam, harassment, intellectual property infringement, crime and security risks.
​
DATA RETENTION
OPENPediatrics will de-identify Personal Information after 3 years of inactivity, subject to your right, under certain circumstances, to have certain of your Personal Information erased (see Your Rights below), unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights.
​
DATA SECURITY/PROTECTION
OPENPediatrics makes every reasonable effort to ensure that all of the transactions that occur on our website are secure. The website itself does not record/transmit any personal information which is separate from the application. OPENPediatrics’ website user profiles and user activity data and reports are stored within the website, which is hosted on a secure, password-protected instance of Amazon Web Server. Webpage loading events are also recorded in anonymous, aggregated fashion in a secure, password-protected Google Analytics instance, for purposes of understanding general trends in website access frequency.
​
OPENPediatrics minimizes the number of individuals with access to user data in general, and identified user data in particular. Only a limited set of OPENPediatrics staff are given access to website user data, when such access is directly relevant to their role. Such individuals are required to complete Collaborative Institute Training Initiative (CITI) human subject protection training before being granted access to data. OPENPediatrics regularly reviews the list of staff with such access and removes access privileges when appropriate (for example, if a staff member leaves OPENPediatrics or if their role changes to one which does not require access to website user data).
​
SURVEY DATA
OPENPediatrics regularly requests users to participate in optional, anonymous online surveys for purposes of educational and website needs assessment, and to solicit user needs, behaviors, motivations, preferences and feedback. These surveys are created on SurveyMonkey, RedCap or equivalent secure platforms, and users are invited to participate anonymously. Survey data are password-protected and only accessible to OPENPediatrics staff involved in data reporting and analysis.
​
HOW WE SHARE AND DISCLOSE PERSONAL INFORMATION
We share your Personal Information with third parties only in the ways described in the Disclosures. We may share your Personal Information with service providers and partners, and to comply with the law, protect health and safety and enforce our legal rights
​
SERVICE PROVIDERS
We may share your Personal Information with third-party service providers who complete transactions or perform services on our behalf or for your benefit, such as:
-
Payment and donation processing
-
Marketing and analytics
-
Course registration and coordination
-
Course evaluations and assessments
-
Research insights and analytics
AFFILIATES
We may share your Personal Information with affiliated legal entities for purposes and uses that are consistent with the Disclosures.
​
PARTNERS
We may share your Personal Information with our partners for the purposes of administering programs and services, such as:
-
Online education offerings through online platforms
-
Joint research arrangements with other hospitals and universities
-
Events with clubs and special interest groups
THIRD-PARTY MOBILE APP PROVIDERS
With your knowledge and consent, the Services may gather and transfer your Personal Information, including location information, from and to other applications, functions and tools within your mobile device.
​
SOCIAL MEDIA PLATFORMS
We may also use services provided by third parties (such as social media platforms) to serve targeted ads to you on third party platforms. We may do this by providing a hashed version of your Personal Information to the third party for matching purposes. For more information, including on how to control your privacy settings and your ad choices, see our Use of Cookies policy.
​
LEGAL PROCESS, SAFETY AND TERMS ENFORCEMENT
We may disclose your Personal Information to legal or government regulatory authorities as required by applicable law. We may also disclose your Personal Information to third parties as required by applicable law in connection with claims, disputes or litigation, when otherwise required by applicable law, or if we determine its disclosure is necessary to protect the health and safety of you or us, or to enforce our legal rights or contractual commitments that you have made.
​
CHILDREN
We do not intend to collect and we will not knowingly collect or solicit Personal Information online from children under the age of 16 or as defined by local legal requirements.
​
YOUR RIGHTS
We process all Personal Information in line with your rights, in each case to the extent required by and in accordance with applicable law (including in accordance with any applicable time limits and fee requirements).
​
GENERAL DATA PROTECTION REGULATION (GDPR)-SPECIFIC RIGHTS
These rights apply only to Personal Information collected during EEA Processing Activities. Upon request, we will provide you with information about whether we hold any of your Personal Information along with any details required to be provided to you under applicable law. In certain cases, you may also have a right to:
-
rectify any of your Personal Information that is inaccurate;
-
to restrict or limit the ways in which we use your Personal Information;
-
to object to the processing of your Personal Information;
-
to request the deletion of your Personal Information, and
-
to obtain a copy of your Personal Information in an easily accessible format.
To submit a request, please contact us as set forth in the contact us section below. We will respond to your request within a reasonable time.
​
You also have the right to withdraw your consent to our processing of your Personal Information, if our processing is solely based on your consent. You can do this by discontinuing use of the Services, including by closing all of your online accounts with us and contacting us as set forth in the contact us section below to request that your Personal Information be deleted. If, however, you provided consent in connection with participation in a research study, you should follow the instructions in the research consent form to withdraw your consent. If you withdraw your consent to the use or sharing of your Personal Information for the purposes set out in the Disclosures, you may not have access to all (or any) of the Services, and we might not be able to provide you all (or any) of the Services. Please note that, in certain cases, we may continue to process your Personal Information after you have withdrawn consent and requested that we delete your Personal Information, if we have a legal basis to do so. For example, we may retain certain information if we need to do so to comply with an independent legal obligation, or if it is necessary to do so to pursue our legitimate interest in keeping the Services safe and secure, or if deleting the information would undermine the integrity of a research study in which you are enrolled.
​
If you have any complaints regarding our privacy practices, you have the right to lodge a complaint with your national data protection authority (i.e., supervisory authority).
​
LINKS TO THIRD PARTY SITES AND SOCIAL MEDIA
The Services may include links to websites and digital services operated by third parties. The Disclosures do not apply to, and we are not responsible for the content, privacy policies or data practices of third parties that collect your information. We encourage you to review the privacy policies for those third parties to learn about their information practices.
​
The Services may feature “like” buttons and widgets hosted by other companies. These features may collect your IP address, which page you are visiting on our Service and may set a cookie to enable the feature to function properly. The loading, functionality and your use of the plugins are governed by the privacy policy and terms of the third party that provided the plugin.
​
The Services may also allow you to log in using a social network or other third-party account. An example of a third-party login is “Log in with Facebook.” Logging into one of our Services with your social network or other third-party account may allow us to gather information that you give us permission to access from that social network or third party. The login feature may also transfer information to the social network or third party, such as your username and password, to authenticate you. The social network or third party may also automatically collect information such as your IP address, information about your browser and device, and the address of the web page you are visiting on our site. The login feature may also place and read cookies from that third party that may contain a unique identifier the social network or other third party assigns to you. The functionality of and your use of the login is governed by the privacy policy and terms of the party that provided the login functionality.
​
USER GENERATED CONTENT
Some of our Services may enable users to submit their own content for courses, assignments, contests, blogs, videos, and other functions. Unless otherwise indicated, please remember that any information you submit or post as user-generated content to the Services become public information. You should exercise caution when deciding to disclose your personal, financial or other information in such submissions or posts. We cannot prevent others from using such information in a manner that may violate the Disclosures the law, or your personal privacy and safety. We are not responsible for the results of such postings.
​
UPDATES TO THE DISCLOSURES
The Disclosures are subject to occasional revision, and if we make any material changes in the way we use your Personal Information, we will notify you by sending you an email to the last email address you provided to us and/or by prominently posting notice of the changes on the Services and updating the effective date above.
​
Any changes to the Disclosures will be effective upon the earlier of thirty (30) calendar days following our dispatch of an email notice to you or thirty (30) calendar days following our posting of notice of the changes on the Services. These changes will be effective immediately for new users of our Services.
​
Please note that at all times you are responsible for updating your Personal Information to provide us with your most current email address. In the event that the last email address that you have provided us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the email containing such notice will nonetheless constitute effective notice of the changes described in the notice.
​
If you do not wish to permit changes in our use of your Personal Information, you must so notify us prior to the effective date of the changes and discontinue using the Services. Continued use of our Services, following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.
​
MANAGING COMMUNICATION PREFERENCES
If you have opted in to our marketing (or when permitted by law, if you have provided us with your contact information), we may send you email messages, direct mail, push notifications or other communications regarding educational offerings or other products or services depending on the method of communication selected. You may ask us not to do so when you access our websites or mobile applications, or change your preferences by updating any accounts you have with us. At any time, you may elect to discontinue receiving messages about these offerings, products, or services from us by submitting an opt-out request to the contact information below or by following the unsubscribe instructions in the form of the communication you received, as described below.
​
EMAILS
To opt out of receiving communications about our offerings, products, or services via email, please send an unsubscribe request to the email address set forth in the contact us section below or click on the unsubscribe link at the bottom of the email that was sent to you and follow the directions on the resulting web page. Please note that you may continue to receive certain transactional or account-related electronic messages from us.
​
CONTACT US
Questions, comments, requests or concerns about the Disclosures or other privacy-related matters, may be directed to:​
Email: openpediatrics@childrens.harvard.edu
Phone: 617-355-7327
​
Address:
Boston Children's Hospital
OPENPediatrics Program
300 Longwood Avenue
Boston, MA 02215
Last Updated: June 2020