340B HEALTH PRIVACY POLICY

LAST UPDATED AS OF: MAY 1, 2018

This Privacy Policy is provided for websites operated by 340B Health, Inc., a nonprofit membership organization (“340B Health”, “Organization”, “we”, “us” or “our”) found at www.340BHealth.org, http://340binformed.org/, http://careers.340bemployed.org/, and other domains and social media accounts linked to this Privacy Policy (collectively “Website”) (please see our mobile privacy notice for additional information). The Privacy Policy describes our privacy practices and those of our vendors and business partners on the Website (“Service Providers”), but we do not own, operate, or control, the privacy practices of Service Providers or other third parties.

We collect and use information from or about you according to the Privacy Policy in effect at the time the information is gathered. Please be aware that our Privacy Policy may be changed by updating this page. The Website is offered to you, conditioned on your acceptance without modification of the terms, conditions, and notices contained in the Terms of Use (“Terms”) and our Privacy Policy. Your use of the Website constitutes your acknowledgment that you have read and agreed to these Terms.  If you choose not to agree to this Privacy Policy or the Terms, do NOT use the Website. You should review this Privacy Policy periodically to ensure you are in agreement with any updates or changes. Your continued use of our Website following any changes will mean you accept such changes.

CONTACT US:
If you have questions or concerns regarding our Website, Privacy Policy or practices, please contact us at privacypolicy@340bhealth.org or Attn.: Operations Department, 340B Health, Inc., 1101 15th Street, NW, Suite 910, Washington, DC 20005.

ABOUT US:
340B Health is a nonprofit organization that provides information and advocacy concerning 340B programs for and, on behalf of, its members, affiliates, and corporate partners (collectively, “members”). The users of the 340B Health Website include (a) users of the publicly accessible portion of the Website (“visitors”) with access to information concerning 340B programs, the Organization, and its services, as a complementary service for informational and educational purposes only, (b) professional users including employees and Service Providers who operate, administrate, maintain and support the Website, (c) vendors, exhibitors, and non-member conferees who register on the Website, and (d) members who register for discussion boards, forums, content, and interactive features through the non-public portion of the Website (collectively, “users”).

INFORMATION WE COLLECT
The information we collect about you includes:

Non-Personally Identifiable Information: 
The Website may collect or request anonymous or non-personally identifiable information, data about use of the Website and demographic information (“Non-PII”) from visitors. Non-PII cannot identify a specific individual unless combined with Personally Identifiable Information (“PII”).

Web Browsing Data 
The Website collects anonymous Non-PII known as “Web Browsing Data.” Web Browsing Data alone does not personally identify you. When you visit our Website, we or our Service Providers may collect the Internet Protocol (IP) address of your computer or Internet Service Provider, your domain, operating system, web pages you viewed while visiting our Website, date, time of day, browser type and other similar information. To collect Web Browsing Data, we use small computer files which ask permission to be stored on your computer, which may include one or more cookies, persistent cookies, web beacons, tags, java script, flash cookies, and data stored in log files (collectively, “Cookies”). When you visit the Website, a Cookie attaches to your computer and collects Web Browsing Data to allow the Website to remember members’ passwords.

Demographic Information
By using 340B Health’s Contact form you may provide the Website with Non-PII that may include your job title, gender, email address, location, and other demographic facts. We may use your email address to communicate with you and provide Services, including newsletters and administrative communications.

Personally Identifiable Information (“PII”):
Our Website and our Service Providers collect personal information including PII when you provide personal information in our Website registration forms. Such PII may include: your name, contact information, country, geo-location, email address, telephone numbers, and other personal information including your employer’s or company’s name, and any communications you provide to the Website.

California Online Personal Privacy Act Notice
(1) This Website does not track users across third party websites and therefore does not interfere with “do not track” signals.

(2) This Website authorizes certain Service Providers to process PII in connection with providing a mobile app and exhibits kiosk for conference registration, information, schedules, and vendor expo. 340B Health does not otherwise authorize Service Providers or other third parties to collect PII or track users  without separate consent.

Business Users of the Website
We collect personal information including PII from individuals and companies who visit our Website to learn about our Services, register as conference exhibitors, or enter into business relationships with us (“business information”). We maintain business information that may include PII provided by individuals, for purposes of administering our business, such as maintaining account contact information, sending invoices, etc. We may share such business information with third parties who provide administrative services (and they are required to maintain the confidentiality of the information), as well as pursuant to a court order or to law enforcement or government officials as we deem necessary or appropriate.

Canadian and European Union Users
We do not intend to collect PII from Canadian and European Union users. If you are from the United Kingdom, the European Union, or Canada, do not provide us with PII, use our Services, or the Website. If we learn that we collected PII from a user from the United Kingdom, European Union, or Canada, we will promptly delete that information.

Children
We do not intend to collect PII from children under 13. If you are under the age of 13, do not provide us with PII, use our Services, or the Website. If we learn that we collected PII from a child under 13, we will promptly delete that information. If you believe that we collected information from a child under 13, contact us at privacypolicy@340bhealth.com.

USE AND SHARING OF INFORMATION

Non-PII that we or our Service Providers collect is used for demographic surveys, to authenticate users, provide access to Website accounts, remember your Website preferences, marketing, sales of membership and corporate sponsorships, to better reach members and identify potential new members and corporate partners .

PII collected on the Website is used to set up a user account, apply for membership, register for the career center, and to allow users to participate in various discussion boards, forums, and blogs. 340B Health also maintains a database of email addresses of members and other individuals, conducts email campaigns to members and other individuals in our database, send dues reminders, send confirmation emails to users who purchase products, send alerts to members who signed up for notifications from updates from 340B Health blogs and discussion boards services. 340B Health shares the PII in contact information of the rosters of various 340B Health committees with the members of such committees. 340B Health provides PII in conference attendees contact information to exhibitors at 340B Health conferences.

340B Health uses your geo-location to operate certain services in the Website, including members using their geo-location to identify 340B peers and other members near the user.

Sharing PII with other Members and Service Providers
PII that we or our Service Providers collect is maintained in confidence, however, we will share your PII with other members and list your name and company name in the 340B Health member and vendor directories, committee rosters, and third party Service Providers who provide membership, conference, email, CRM, and other business services to 340B Health. These trusted Service Providers may include website and communications technology providers and other business vendors.

Visitors who Request Services via the Website
Visitors who register on our Website and apply to become members consent to be contacted by us, and to receive emails from us about the Services. If you do not wish to be contacted again by us or receive our emails, follow the unsubscribe instructions at the bottom of our emails.

With Consent
Except as set forth above, users will be notified when PII may be shared with third parties, and will be able to prevent the sharing of this information.

HOW WE PROTECT AND RETAIN YOUR INFORMATION
We take security measures to protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of data. These include the use of secure socket layers (for on-line financial transactions, registration, membership renewal, submitting PAC contributions), firewalls and encryption, internal reviews of our data collection, storage and processing practices, and security measures, as well as physical security measures and personnel training to guard against unauthorized access to systems.

Currently, we retain individual records of PII and all Non-PII for 340B Health members indefinitely. Members who change employers are marked inactive until reactivated.  We reserve the right to change this policy subject to applicable laws and regulations.
When we retain PII in our systems, we restrict access to PII to employees, contractors, and agents who need to know that information in order to operate, develop, or improve our Website and Services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination, if they fail to meet these obligations.

However, the internet and mobile web are inherently insecure and so we are unable guarantee that the security measures we take will not be penetrated or compromised or that your information will remain secure under all circumstances.

HOW TO CONTROL AND CORRECT YOUR INFORMATION
You may visit the Website and utilize some Website functionality without entering any personal information. You may visit the Website without accepting cookies or collection of other Web Browsing Data by following the opt-out procedures set forth below, but our Website and some services may not work properly.

Learn More about Cookies, Web Beacons, and other Technologies
You can accept or decline cookies. Most browsers automatically accept cookies. To learn more about cookies, including how to refuse cookies on your computer by adjusting web browser settings, follow these links:

Opting Out of Cookies
To opt-out from collection and use of your Web Browsing Data by the Website, you may block cookies by changing the privacy settings in your Internet browser; but our Website and some services may not work properly.

Social Media
We may engage with you on third party social media sites such as LinkedIn, if you engage with us. By doing so, you “opt in” to sharing your content with us. Be aware that such content (PII, images, captions, and comments, etc.) that you submit (upload, post, comment, share, “like”, etc.) to third party social media sites (including any of our message boards or tweets) is publicly visible, not private and cannot be considered private PII. To manage social media notifications you receive, correct or delete your PII, adjust your privacy settings in your social media accounts. To learn more about social media privacy settings, follow these links:

Your California Privacy Rights:
Under California Civil Code Section 1798.83, California residents who have an established business relationship with us have the right to request that we provide certain information regarding the disclosure of their personal information to third parties for their direct marketing purposes during the immediately preceding calendar year. You may send your request for such information to privacypolicy@340bhealth.org. Requests shall only be accepted via this email address. We shall not be responsible for requests made over the telephone or by any other means.

By using our Website, you signify your consent to the data practices described in this Privacy Policy and agree that your visit and any dispute over privacy is subject to our privacypolicy@340bhealth.org, including without limitation, the terms regarding limitations on liability and application of the laws of Washington, DC.

Correcting your Personal Information:
Users may access, update, and correct their personal information by logging on to the Website. In corporate membership accounts, the primary contact can correct the personal information of other employees in the account.

If you have any questions about accessing or updating information we have on file about you, please contact us at privacypolicy@340bhealth.org.