TEPHIConnect

TEPHConnect Privacy Policy
(Last updated on December 2018)

This is the privacy policy for users of the TEPHIConnect website (also referred to within this statement as “the website” or “the site”), tephiconnect.org. TEPHIConnect is provided by Training Programs in Epidemiology and Public Health Interventions Network (TEPHINET) and is administered by the TEPHINET secretariat based in Atlanta, Georgia, United States at The Task Force for Global Health, Inc. TEPHIConnect is built on the community management software platform Hivebrite. Hivebrite’s contractual relationship with TEPHINET requires them to comply with all applicable laws and use industry standard security measures.

The purpose of the TEPHIConnect website is to connect field epidemiology training program (FETP) alumni around the world on a private networking platform where they can share information, resources, and opportunities.

The policy covers:

What personally identifiable information TEPHINET collects from authorized users.
What personally identifiable information do third parties collect on authorized users through the website.
What organization collects the information.
How TEPHINET uses the information.
With whom TEPHINET may share user information.
What choices are available to users regarding collection, use and distribution of the information, this includes updates to the policy in order to be compliant with the General Data Protection Regulations (GDPR) which went into effect across Europe in May 2018.
What types of security procedures are in place to protect the loss, misuse or alteration of information under TEPHINET's control.
How users can correct any inaccuracies in the information.

If TEPHIConnect users have questions or concerns regarding this statement, they should first contact TEPHINET at [email protected].

General Statement on Privacy

Please be mindful of the fact that sharing your personal information over the Internet always carries a risk. Exercise judgment and caution when providing sensitive and personally identifiable information, including but not limited to your name, contact information, and educational and employment histories. Do not share information that you are not comfortable with other TEPHIConnect members accessing. Do not share your passwords and login credentials with others.

Information Collection and Use

Information Collection
TEPHINET collects information from our users at different points on TEPHIConnect. Only users who have established an account on TEPHIConnect are able to post information onto the site. TEPHIConnect users must provide the data marked as “Required” in order to complete their user profiles:

Personal Data	Required?
First and last name	Yes
Maiden name	No
Gender	No
Countr(y)(ies) of citizenship	No
Country of residence	Yes
FETP affiliation	Yes
Professional skills	No
Language skills	Yes
Industries	No
Professional area(s) of expertise	Yes
Whether or not you’re looking for a mentor	No
Whether or not you’re looking for a mentee	No
Employer	Yes
Whether or not you’re a member of EpiCore	No
Your publications	No
Your outbreak investigations	No
Your date of FETP graduation	Yes
The highest level of FETP you’ve completed	Yes
Work experience including company, job function and dates for last 3 positions	No
Education including educational establishment, degree/diploma and dates for highest level completed	Yes
Curriculum vitae	No
Primary and secondary email addresses	Yes
Social media handles	No

As the data controller and in accordance with applicable legislation and regulations, TEPHINET commits to:

Only collect the Users’ data for the strict purpose as described in this privacy policy;
Put in place all necessary technical and organizational appropriate measures in order to ensure the security, confidentiality, integrity, availability and the resilience of the process systems and services;
Limit access to the Users’ data to the persons duly authorized to this effect;
Increase awareness and train staff members regarding the processing of personal data;
Guarantee to the Users their rights regarding the access, portability, erasure, rectification and opposition in relation to the collection and processing of their data;
Notify the competent supervisory authority of any security breach presenting a serious risk regarding the rights and liberties of the Users within 72 hours of the occurrence of such a breach;
Proceed with the deletion of the Users’ data in the event of an absence of any contact with the Company for a period of three (3) years;
Only subcontract the processing of the Users’ data to Hivebrite which, as subcontractor, has put all necessary technical and organizational measures in place in order to guarantee the security, confidentiality, integrity, availability and resilience of the processing systems and services.

For any additional information on Hivebrite, you can consult the webpage available at the following address: www.hivebrite.com

The personal data collected by the Company is hosted by the following service providers:

Host

Nature of the hosting

Microsoft Azure Cloud

https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx

Hosting of all data and content produced / provided by the User, as well as images, profile pictures and backups

AmazonAWS

https://aws.amazon.com/compliance/gdpr-center/

In case of a breach of its systems, or theft, deletion, loss, alteration, disclosure, unauthorized access, or any other malicious act, TEPHINET commits, in the event that the said breach presents a serious risk regarding the rights and freedoms of the Users, to notify the Users, within a period of seventy two (72) hours as of the occurrence of the breach, of (i) the nature of the breach, (ii) the probable consequences of the malicious act, (iii) the appropriate measures proposed to remedy the malicious act.

The malicious act presenting a serious risk regarding the rights and freedoms of the Users shall be notified to the competent supervisory authority.

The User is duly informed that the Company shall not be liable in case of breach of IT security which can cause damages to computer equipment, as well as in case of breach or malicious act by a third party targeting the system or the Platform.

The data of the Users are accessible only to the persons duly authorized to do so by the Company for administrative or maintenance purposes of the Platform to the exclusion of any commercial use, and if applicable, in order to enforce the rights exercised by the Users regarding their data (in particular the right to access, rectify, oppose, port and to be forgotten).

The Company informs the User that, outside of hosting and payment services, it uses the following subcontractor:

The company KIT UNITED for its HIVEBRITE solution, a French société par actions simplifiée with a capital of 284.280,00 Euros, registered with the Paris Companies register under the number 75339171300017, having its registered office at 8, rue de la Grande Chaumière, 75008 – Paris.

Especially in light of any future developments of the applicable legislation and regulations, TEPHINET reserves its right to proceed with any modification of its privacy policy and commits to duly inform you if any such modification occurs.

Registration
Only users who have established an account on TEPHIConnect are able to post information to the site and view the members-only sections of the website (including the user directory, activity feed, jobs and opportunities page, member projects page, groups, and forums).

In order to establish a TEPHIConnect user account, a user must first complete the invitation request form wherein he/she will be required to provide their name, email address, FETP affiliation, FETP graduation date, and highest level of FETP completed. TEPHINET uses this information to contact the user to activate his/her account and password and to verify whether the user is eligible to join TEPHIConnect. All other information collected is optional. We never require the disclosure of sensitive information such as income or social security number.

Information Use
The purpose of the TEPHIConnect website is to connect field epidemiology training program (FETP) alumni around the world on a private networking platform where they can share information, resources, and opportunities. TEPHINET encourages collaboration, sharing of knowledge and effective practice to improve public health in the areas of surveillance accuracy and effectiveness, public health event management responsiveness, awareness of emerging trends and capabilities, and opportunities for professional growth and job development for members.

Among the information that TEPHINET shares is a catalog of degree and certificate programs offered by a wide range of regionally accredited member institutions, an effective practices database, conference and workshop proceedings, articles from our newsletter, articles from volumes of applied research studies, and research, surveys and fora to inform academic, government and private sector audiences.

Profile
TEPHINET does not link information that we collect through cookies, log files, and/or third parties to create profiles of our users. Collected information is not tied to the user's information except in aggregate form.

Groups
A group is an organized collection of alumni that is run day to day by an administrator and managed by TEPHINET. The administrator will be selected by regions or by request if an alumnus would like to form a topical group. The administrator will have the same access to the profiles as any other user and can invite alumni to join the group. The administrator will have some basic abilities to manage the group, but will not be able to download any data from users for personal of business use.

Cookies
A cookie is a piece of data stored on a user's computer tied to information about a user. Usage of a cookie is in no way linked to any personally identifiable information while on our site. We use only session ID cookies, once a user closes the browser, the cookie simply terminates. We do not use persistent cookies, a small text file stored on the user's hard drive for an extended period of time.

We use cookies so, for example, a user would not have to log in a password more than once, thereby saving time while on our site.

No business partners or other third parties use cookies on our site (for example, advertisers).

However, certain functionalities of the services proposed by the Platform may not function properly without cookies. In addition, even if most navigators are configured by default and accept the creation of cookie files, the User has the possibility to choose to accept the creation of all cookies other than the functional cookies or to systematically decline them or to accept the cookies s/he chooses depending on the issuer by configuring their browser settings.

Third Party Advertising
TEPHINET does not host or use any third party advertising system or software on the www.tephiconnect.org site.

Date of Last Visit
TEPHIConnect tracks users’ date of last visit, and this information is available to TEPHIConnect administrators in the “back office” (administrator dashboard). This information, in aggregate form, can help TEPHINET see how engaged the community is with the platform and how frequently members use it.

Clear Gifs (Web Beacons/Web Bugs)
TEPHINET does not employ a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs).

HTML-based emails
HTML-based emails sent by TEPHINET often contain images (gifs or jpegs) that are located on our web server. The loading of these images when the HTML-based email is opened is logged as part of our normal web-logging process. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. If users would like to opt-out of these emails, please see the Opt-out section.

Communications from the Site

Special Offers and Updates
TEPHINET sends all new members requesting invitations emails reminding them to activate their accounts. Established members will occasionally receive information on new features, content, and other platform updates. Out of respect for our users' privacy we present the option to not receive these types of communications. Please see the Choice and Opt-out sections.

Newsletter
If a user wishes to subscribe to our newsletter, we ask for contact information such as name and email address. Out of respect for our users' privacy we provide a way to opt-out of these communications. Please see the Choice and Opt-out sections.

Service Announcements
On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users emails. These communications are not promotional in nature. Users may not opt-out of these communications. Please see our Choice and Opt-out section.

Customer Service
TEPHINET communicates with users on a regular basis to provide requested services and in regard to issues relating to their accounts. We reply via email or phone, in accordance with the users’ wishes.

Sharing

Legal Disclaimer
Though TEPHINET makes every effort to preserve user privacy, we may need to disclose personal information without notifying the user when required by law wherein we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order or legal process served on our web site.

Aggregate Information (non-personally identifiable)
TEPHINET shares aggregated demographic information with our members, sponsors, and the general public. This is not linked to any personally identifiable information. Examples of the type of information we may share include the aggregated results of a survey or a report on the number of TEPHIConnect users per country or region.

Third Party Advertisers
TEPHINET does not share web site usage information about users with any third parties for the purpose of targeting Internet banner advertisements on this site and other sites. We DO NOT Share Personal Information with Third Party Advertisers.

These are the instances in which we will share users' personal information:

Verification of FETP Affiliation: All TEPHIConnect users are required to select at least one Field Epidemiology Training Program (FETP) or FETP network affiliation upon signup. TEPHINET might share users’ personal information with the FETP or FETP network to which the user indicates an affiliation in order to verify that the affiliation is true.
FETP Alumni Management Request: TEPHIConnect might share users’ personal information with the FETP or FETP network to which the user indicates an affiliation for the purpose of assisting the FETP/FETP network with their own alumni management initiatives.
Business Transitions: In the event TEPHINET goes through a business transition, such as a merger, being acquired by another company, or selling a portion of its assets, users' personal information may be part of the assets transferred. Users will be notified via email and a prominent notice on our web site for 30 days prior to a change of ownership or control of their personal information. If as a result of the business transition, the users' personally identifiable information will be used in a manner different from that stated at the time of collection they will be given choice consistent with our notification of changes section.
Public Health Emergencies: If a user selects that they would like to be considered for emergency responses, their name and contact information may be shared with an outside partner such as Centers for Disease Control and Prevention or The World Health Organization. In order to share information with the partner, they would have to request the data and the user will be asked prior to their name and contact information being shared with an outside partner.

Choice/Opt-out
Users who no longer wish to receive our newsletters and promotional communications may opt-out of receiving these communications by changing their notification settings in their user profile settings and/or by clicking the ‘unsubscribe’ link contained within promotional emails.

User Account Deletion
TEPHIConnect users who no longer wish to be part of the community should submit an account deletion request to the admin, who currently has the ability to delete a user account. Users can expect their accounts to be deleted within one week under normal circumstances, barring any office closures due to inclement weather, emergencies, etc.

Links
TEPHIConnect contains links to other sites. Please be aware that we, TEPHINET, are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects personally identifiable information. This privacy statement applies solely to information collected through TEPHConnect.

Surveys
From time-to-time, the TEPHINET program requests information from users via surveys. Participation in these surveys is completely voluntary and the user therefore has a choice whether or not to disclose this information. The requested information typically includes contact information (such as name and email address), and demographic information (such as country). Survey information will be used for purposes of monitoring or improving the use and satisfaction of this site. Users' personally identifiable information is not shared with third parties.

User Invitations
If a current TEPHIConnect user elects to invite others to join the platform using the user invitations feature, they will be required to share the invitees’ names and email addresses with TEPHIConnect. TEPHIConnect administrators have access to this information in the “back office” (admin dashboard) as well as the date the invitation was sent to each person. TEPHINET may send the invitees a separate email inviting him/her to register on the site. TEPHINET stores this information for the sole purpose of sending this invitation email and tracking the success of the user referral program.

Security

This web site takes every precaution to protect our users' information.

When our registration form and user profile fields ask users to enter sensitive information, that information is encrypted and protected with encryption software - SSL. While on a secure page, the lock icon on web browsers such as Google Chrome and Microsoft Internet Explorer becomes locked, as opposed to un-locked, or open, when users are just 'surfing'.

While we use SSL encryption to protect sensitive information online, we also protect user-information off-line. All of our users' information, not just the sensitive information mentioned above, is restricted in our offices and the secure location of our server-hosting provider. Only employees who need the information to administer the website are granted access to personally identifiable information. ALL employees are kept up-to-date on our security and privacy practices. Finally, the servers that store personally identifiable information are in a secure environment, in a locked facility.

If users have any questions about the security of our website, they can contact TEPHINET using the contact information provided below.

Exercise of the User’s Rights
The User is duly informed that s/he disposes at any time, meaning prior to, during or following the processing of data, to the right to access, copy, rectify, oppose, port, limit and delete his/her data.

The User can exercise its rights by sending an email to the following address [email protected] or by mail at the following address provided that the User justifies his/her identity:

TEPHINET
A program of The Task Force for Global Health
325 Swanton Way
Decatur, GA 30030
United States of America.

TEPHINET informs the User that the data is retained only during the length of the User’s subscription on the Platform.

Following the termination of said subscription, the data collected upon the subscription as well as the content published by the User on the Platform shall be deleted after a period of 30 days

In accordance with application legislation, cookie data will be automatically deleted thirteen (13) months following their placing on the User’s terminal.

Correcting/Updating/Deleting/Deactivating Personal Information If a user's personally identifiable information changes (such as zip code, phone, email or postal address), or if a user no longer desires our service, we provide a way to correct, update or delete/deactivate users' personally identifiable information. Procedures for correcting this information are provided in our user guide.

Notification of Changes

If TEPHINET decides to change it’s privacy policy, it will post those changes to this privacy statement, the TEPHIConnect homepage, and other places deemed appropriate so that our users are always aware of what information is collected, how it is used and under what circumstances, if any, it is disclosed .

If TEPHINET is going to use users' personally identifiable information in a manner different from that stated, it will notify users via email. Users will have a choice as to whether or not their information is used in this different manner. In addition, if we make any material changes in our privacy practices that do not affect user information already stored in our database, we will post a prominent notice on our web site notifying users of the change. In some cases, when we post a notice, we will also email users, who have opted to receive communications from us, notifying them of the changes in our privacy practices.

Contact Information

If users have any questions or suggestions regarding our privacy policy, please contact us at:

Email address: [email protected]

Postal address: TEPHINET
A program of The Task Force for Global Health
325 Swanton Way
Decatur, GA 30030
United States of America