Retention of Personal Information
It is our intent to not keep personal information for longer than required. The duration depends on the nature of the personal data and the purposes for which it was received. While the International College of Surgeons-United States Section is the owner of the membership data contained in the SOTA Registry, the data custodian is IntraHealth International, which maintains a data retention policy informed by:
- Legal or regulatory requirements of the location of the data processing;
- The completion of a contract or employment engagement with you or work you supported with our clients;
If your personal data is held for reasons other than legal requirement or contractual engagement (i.e. – newsletter, recruitment database), we will maintain that data until you request its removal or correction.
IntraHealth International uses HTTP cookies to improve the performance of our site. All retained data is anonymized—no personally identifiable information is collected, stored, or placed in cookies that can be accessed by third parties.
Breaches of Personal Data
IntraHealth International applies best business practices and secure systems to protect personal information. If a data breach that included personal information were to occur, IntraHealth International will respond to the breach as required by the relevant regulations. If you are aware of a breach of personal data that involves IntraHealth International, please contact IntraHealth immediately.
Your Rights Regarding Your Personal Data
The EU’s GDPR details an individual’s rights regarding their personal data. IntraHealth International respects and supports these rights and applies them to personal data held generally. These rights include:
- Right to Access – Subject to certain conditions, you are entitled to have access to your personal data. You may contact IntraHealth International to request a copy of your personal data held by us.
- Right to Data Portability – Subject to certain conditions, you are entitled to receive the personal data which you have provided to us and which is processed by us by automated means, in a structured, commonly-used machine readable format.
- Right to Correction – You may challenge the accuracy or completeness of your personal data and have it corrected or completed, as applicable. You have a responsibility to help us to keep your personal information accurate and up to date.
- Right to Object to or Restrict Processing – Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal data.
- Right of Erasure – Subject to certain conditions, you are entitled to have your personal data erased (e.g. where your personal data is no longer needed for the purposes it was collected for, or where the relevant processing is unlawful).
- Right to Withdraw Consent – As stated above, where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time. If you withdraw your consent, this will only take effect for future processing and is subject to certain conditions based on IntraHealth International’s legal obligations.
To act on any of the above rights, IntraHealth International may need to request additional information regarding the specifics of the request as well as confirm your identity. We will respond to these requests in accordance with regulatory requirements once we confirm the validity of the request. Requests regarding these rights can be submitted to IntraHealth International by following the instructions in the “Contact for Requests and Complaints” section below.
Contact for Requests and Complaints
An email communication to the above address is the quickest way to receive a response from IntraHealth International. However, you may also submit requests in writing to the contact below:
IntraHealth Data Protection Officer
6340 Quadrangle Drive, Suite 200
Chapel Hill, North Carolina 27517