Information you provide directly

Most information ASCA collects is used only to help us better serve our members and customers. We collect and use information that, alone or in combination with other information, could be used to identify you in order to deliver our products and Services, process Applications to join programs, inform you of various opportunities and provide support for our products and Services.

In most cases, we will only obtain personally identifiable information if you voluntarily provide it to us when you interact with us or one of our Services, including but not limited to those described below.

Account and profile creation

A number of our Services enable users to create accounts or profiles. In connection with these Services, we will ask for you to provide certain information about yourself to set up the account or profile.

For example, you may provide us with your name, email address, mailing address, phone number, credentials, job title, organization or company affiliation and credit card number (if a purchase is made) when you apply for ASCA membership or the ASCA Affiliate Program. You may submit similar information if you register to attend our annual conference, a seminar or webinar; register for our email lists or newsletters; ask to download content (such as a brochure or white paper); submit an inquiry; or request a demonstration of our products or Services. If you log in to our Websites or Applications, you may be asked to provide your email address or member ID and a personal password. If you apply for continuing education credits, we will collect your name, state and professional license number. If your organization or company has applied for membership in ASCA or the ASCA Affiliate Program, your information may be added to our database as part of that registration, even if you have not visited our Websites or Applications. If you have been registered by your organization, please keep in mind that you may opt out of communications as described under the section labeled "Choices Regarding Your Information" below.

Moreover, when you create a profile in a member community on our Website (www.ascaconnect.org) or in our ASCA Meetings mobile Application, we will collect the information that you elect to upload to your profile, such as a biography, your education and job history and company or organization information. We also collect information that is provided, posted or uploaded by users to the member community or mobile Application. We do not control the content that users post. You should carefully consider whether you wish to submit Personal Data and whether you wish to make your profile available to other users, and you should tailor any content you submit appropriately.

Purchase of Services

If you order a product or paid Service from us, we will ask for your name, contact information, shipping and billing address(es) and credit card information to process your order.

Customer Service inquiries

If you contact our customer Services team to discuss a product or Service, make an inquiry or lodge a complaint, we will collect information from you regarding the Service you require from ASCA. The information we collect will include your name and, depending on the nature of your inquiry, may also include your mailing address, phone number, email address and device identifier.

Communications

Some of our Services enable you to communicate with other people. Those communications will be transmitted and logged through our systems.

Information about your use of our Services

In addition to the information you provide to us directly, we will collect information about your use of our Services through software and other means ("automatically collected data"), such as the use of cookies, web beacons and other technologies, Internet Protocol (IP) address tracking/URL tracking and other tools (collectively, "tracking technologies").

Device information

As you interact with our Websites and Applications, we use Google Analytics or similar tools to collect information about your use of our Services, including what pages you visited and what other sites you used prior to coming to our Websites. We may collect IP addresses and other information, such as length of session, to improve our Services, report aggregate information to our advertisers and sponsors and aid in administering our systems, among other uses related to the Websites and Applications.

Cookies and similar technologies

ASCA also uses "cookies," which are small data files that are transferred to your computer when you visit a Website. Additionally, ASCA uses third-party advertising or Service providers that use cookies, web beacons or similar tools to serve ads on our Websites and track users across other Websites and over time.

These tools automatically identify your web browser when you visit one of our Websites and save your preferences and other information related to your use of our Services. If you do not want information collected through the use of cookies, you may turn off cookies in your browser; however, some areas of our Websites may not provide you with a personalized experience if you have disabled the use of cookies.

Information received from other sources

We may receive information about you from publicly available and third-party databases or Services that provide information about business people and companies, or from third parties from whom we have purchased information and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers and provide products and Services that may be of interest to you. We will obtain your consent before contacting you if required by the law of the country in which you are located.

Provide our products and Services and respond to requests

We use the Personal Data we collect from you (unless otherwise restricted by law) for the following purposes:

• to register you or your device for a Service
• to provide the products, Services or information you have requested
• to enable you to access content you have purchased through our online stores or Websites
• to provide customized content and personalized Services based on your past activities through our Services
• for advertising, such as sending you customized advertisements, sponsored content and promotional communications
• to statistically analyze usage of our products or Services to better understand our members and customers
• to ask for your opinions on our products and Services and to carry out customer surveys
• to understand the way individuals use our Services so that we can improve them and develop new products and Services
• to provide maintenance Services and support for our products and Services
• to conduct free prize drawings, prize competitions or promotions, as permitted by law
• for general marketing or business purposes

Your information is used for the specific purpose it was provided. We may also use the information for marketing purposes to offer member benefits and products to customers who are likely to be interested in them.

Sharing your information

ASCA may disclose Personal Data that we collect internally within our organization to relevant staff. We may also share your Personal Data with third parties who provide certain Services to us to assist in meeting business operation needs and delivering the information, goods or Services you have ordered.

Affiliates

Your information may be shared among ASCA affiliates for purposes described in this Privacy Policy. The term 'affiliates' refers to companies related to ASCA by common ownership or control, such as the ASCA Foundation.

Business partners

We may also share your information with trusted business partners. These entities may use your information to provide you with the Services you request and make predictions about your interests, and may provide you with promotional materials, advertisements and other materials with your separate consent.

Service providers

We may also disclose your information to carefully selected companies and organizations that provide Services for or on behalf of us. These companies are limited by contractual provisions in their ability to use your information for purposes other than providing Services for us.

Other parties when required by law or as necessary to protect our Services

There may be instances where we disclose your information to other parties when required to comply with the law or respond to compulsory legal process; verify or enforce compliance with the policies governing our Services; and protect the rights, property or safety of ASCA or any of our respective affiliates, business partners, members or customers.

Other parties in connection with corporate transactions

We may disclose your information if we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets or transition of Service to another provider, in which case your Personal Data and other information may be transferred to a successor or affiliate as part of that transaction along with other assets.

We take protection of your data seriously. We are committed to taking reasonable efforts to secure the information that you choose to provide us, and we use a variety of security technologies and procedures to help protect against unauthorized access to or alteration, disclosure or destruction of Personal Data. We restrict access to Personal Data to our employees, contractors and Service providers who need to know the information to operate, develop or improve our Services.

Unfortunately, no transmission of Personal Data over the internet can be guaranteed to be 100% secure. Accordingly, and despite our efforts, ASCA cannot guarantee or warrant the security of any information you transmit to us. If you have questions about this Privacy Policy or the security of your Personal Data, please contact us as indicated under the "Contact Us" section below.

We collect, store and process the information from our Websites and Applications in the United States (US). If you are outside the US, then your Personal Data and other information will be transferred to the US. By using our Services or otherwise providing us with your Personal Data, you agree to the transfer of your Personal Data as described in this Privacy Policy.

We retain your Personal Data for as long as your account is active or as needed to provide you Services, comply with our legal obligations, resolve disputes and enforce our agreements.

ASCA and certain third parties that provide content, advertising and/or other functionality for our Services use cookies and other technologies to administer our Websites and Applications, trace users' Website visits, collect demographic information about those that use our Services and analyze trends.

What are cookies?

Cookies are small data files that are transferred to your computer or mobile device when you visit a Website. Cookies are only stored on your computer when your browser settings permit the acceptance of cookies. Cookies may store information like your preferences but cannot read data from your hard drive or access cookie files created by other Websites.

Managing cookies

If you do not want information collected through cookies, you may configure your browser to reject all cookies or notify you when a cookie is sent; however, some areas of our Websites may not provide you with a personalized experience if you have disabled the use of cookies. Each browser is different, so check the "help" menu of your browser to learn how to change your cookie preferences.

How we use cookies

We use cookies to make use of our Websites easier by saving your preferences and to deliver content tailored to your interests. We use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for a set period of time or until you delete it.

Strictly necessary cookies

Strictly necessary cookies are essential to basic functions of our Websites and Applications. These cookies enable you to log in to secure areas of the Websites, use a shopping cart and help make Services available through our Websites and Applications work. Because these cookies are strictly necessary to deliver our Services, users cannot refuse them.

Preferences cookies

Preferences cookies ensure information displayed on your next visit to our Websites match up to choices you made and your preferences regarding our Services. These cookies are not essential for using our Services, but certain functionality may become unavailable or may not function properly without these cookies.

Analytics and performance cookies

Analytics and performance cookies are designed to allow us to recognize that you have visited our Websites before and track your movement as you consume content across our Websites. These cookies help us to analyze the performance and design of our Services and detect errors. We use cookies from Google Analytics, AddThis and similar analytics programs.

Advertising cookies

Advertising cookies are used to make the advertising displayed on our Websites more meaningful to you. These cookies prevent ads from appearing repeatedly and ensure that ads are properly displayed. Certain third-party cookies may track users over different Websites and will provide ads relevant to your interests.

Beacons, pixels and other technologies

We use other technologies, like web beacons, to recognize and track visitors to our Websites. A web beacon (also known as a "tracking pixel") is a clear graphic image (typically a one-pixel tag) that is delivered through a web browser or HTML email, usually in conjunction with a cookie. Web beacons can be embedded in online content, videos and emails, and allow us to collect information about your device, like your IP address, and how and when you viewed specific content.

Accessing and managing your Personal Data

Please remember that it is possible to access and use many areas of our Services without giving us any personally-identifiable information. If you give us personally-identifiable information, you will be included in our database and you may receive communications from ASCA or others as described in this Privacy Policy. However, you may unsubscribe from these communications by:

• Updating your communications preferences (log in to org, click "My Profile," click "My Discussion Settings," then click "Email Preferences")
• Clicking on the unsubscribe link at the bottom of an email (to unsubscribe from that type of email)
• Sending an email to support@ascassociation.org or calling 703.836.8808

Upon request, ASCA will provide you with information about whether we hold any of your Personal Data. You can update or correct your Personal Data or remove it from our system by making a request to us at the contact information provided below. Requests typically receive a response within thirty (30) days.

California privacy rights

Under California's "Shine the Light" law, California residents who provide "personal information" in obtaining products or Services for personal, family or household uses are entitled to request and obtain from us, once per calendar year, information about the personal information we shared, if any, with other businesses for marketing purposes. To obtain this information, please contact us at the contact information below.

European rights

FOR EUROPEAN RESIDENTS ONLY. This section applies if you are an individual located in the European Union (EU). For the purposes of the General Data Protection Regulation 2016/679 (the "GDPR"), the data controller is the Ambulatory Surgery Center Association (ASCA) registered in Alexandria, Virginia, United States.

Under European data protection law, in certain circumstances, you have the following rights in relation to your Personal Data:

• Right to access: You have the right to request access to any Personal Data we hold about you.
• Right to correct: If your Personal Data is inaccurate or incomplete, you are entitled to have it corrected or completed without undue delay.
• Right to erasure: You have the right to request that we delete or remove your Personal Data in certain circumstances.
• Right to object or restrict processing: You have the right to request that we restrict or 'block' the processing of your Personal Data in certain circumstances.
• Right to data portability: You have the right to obtain the Personal Data that you gave us with prior consent or that is necessary to perform a contract with you.
• Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time.
• Right to lodge a complaint: If you have a concern about our privacy practices, you can report it to an EU Data Protection Authority.

We will not keep your Personal Data for longer than is necessary for the purpose it was collected. Data will be destroyed or erased from our systems when it is no longer relevant. We maintain data:

• For at least the duration that the information is used to provide you with a product or Service
• As required under law, a contract or with regards to our statutory obligations
• Only for as long as it is necessary for the purpose for which it was collected or until it is processed, or longer if required under any contract, by applicable law or for statistical purposes, subject to appropriate safeguards

This Privacy Policy only addresses ASCA's use and disclosure of your Personal Data. Our Websites and Applications may contain links to other third-party Websites or Applications, which may collect or receive certain information about your use of the Services. ASCA does not control the data collection or use practices of these companies and, as such, we are not responsible for the privacy practices of other Websites nor liable for their misuse of Personal Data.

Additionally, should you use a social media Website or Service, such as Facebook, LinkedIn, Twitter and others, we may receive and store authentication information for that Service to enable you to log in. The information that you share with the social media sites will be governed by the specific privacy policies and terms of Service of those sites and not by this Privacy Policy.

Our Websites and Applications are not intended for use by or targeted at children under 13, and we do not knowingly or intentionally collect information about children under 13.

By using one or more of our Services or otherwise providing information to us online, you consent to the collection, processing, disclosure and other use of your personal information as described in this Privacy Policy. You agree that any dispute over privacy or the terms contained in this Privacy Policy, conditions of use and any other agreement we have with you will be governed by the laws of Virginia. You also agree to arbitrate any such dispute in Alexandria, Virginia, and to abide by any limitation on damages contained in any agreement we may have with you.

As our products and Services change from time to time, we may update this Privacy Policy to reflect changes to our information practices. We reserve the right to amend the Privacy Policy at any time, for any reason, and may do so by posting a new version online. Your continued use of our Websites, Applications and/or continued provision of Personal Data to us will be subject to the terms of the then-current Privacy Policy. If we make any material changes or if otherwise required by applicable law, we will notify you by email (sent to the email address specified in your account).

If you have any questions about this privacy policy or our treatment of the information you provide us, please contact us at:

Ambulatory Surgery Center Association (ASCA)
277 S Washington St, Ste 375, Alexandria, VA 22314-3646
Email: data-privacy@ascassociation.org