Thank you for your interest in the Romanian Student Society of Surgery (“RSSS”, “we”, “us”). As a non-profit NGO, our sole purpose is to provide access to surgical education.
Through our website, social media and activities (workshops, conferences, camps and other scientific or social events), we aim to offer a secure online and offline experience, in which the data you are providing is safe and strictly used to ensure your access to medical education.
1. Data we collect
When using our online or offline services there are 4 main ways we can collect data about you:
- Data you provide directly (info you enter yourself)
- Data provided by our volunteers about your participation in our activities
- Data we collect automatically
1.1.1 Data you provide directly - Online
Because our website is such an important tool in our day-to-day operations, we require all people wishing to enroll in our medical education activities to be registered users of our website. When creating and using a user account to access different features of our website, we collect any data you provide directly, including:
Account Data: Upon creating or updating an account, we collect and store any data you enter yourself, such as: email address, password, first name, last name, phone number, gender, date of birth, academic status, country, university, faculty, graduation year. We also assign you a unique identifying number. You can also choose to provide a profile photo (visible for the user and our admins).
Enrollement Data: Every time you apply for a RSSS activity which requires online registration on our website, we store data about your application for said project and its status (accepted, rejected, pending, withdrawal, completed), including redacted answers to different questions in the application form (such as: “What is your motivation to participate in this course?”)
Applicant Payment Data: Some of our activities require a participation fee. Payment of said fee a few days prior to commencement is the participant’s confirmation and commitment to attend our activity and must be communicated to us by uploading a proof of payment on the website or by request through other means. It is the user’s sole responsibility to redact the proof of payment in such a way as to not make visible sensible information (such as personal numerical code, account details, etc). By uploading the proof of payment, the user accepts that any unredacted info will be visible to our team. The only info we require to see for validation is: first and last name of the participant (when these do not coincide with the name of the person who made the payment, they should be clearly stated in the Details section of the payment proof), date, sum, currency, purpose of payment (in the Details section of the payment proof). Should unclarities appear regarding payment, an organisation representative might require additional payment information. We never request sensitive information like PIN number or CVV. Please never send these info.
Communication to other members of the website through the website forms is also logged and visible to our IT team. For sensitive information, please use email or other means of communication.
1.1.2 Data you provide directly
Due to the nature of our activities as well as technical and legal limitations and regulations, we sometimes require our users to fill in hard copy forms, questionnaires or contracts. Some of these are purely for statistical/feedback purposes, in which case they are anonymous and the information we collect concerns self evaluations of different skills/sets of knowledge or evaluations of our own performance as a provider of medical education. All other written documents we require are different forms of legal contracts (such as volunteering contracts, custody contracts) which must abide by Romanian laws and regulations and include sensible information necessary to legally identify an individual, such as first name, last name, date of birth, city, address, personal numerical code, identity card number and series. As specified in these contracts, by filling them in the users gives their consent for us to collect and store this information (in hard copy). All legal contracts will be signed in at least two copies, one of which will be given to the user.
1.2. Data provided by our volunteers about you participation in our activities
Your performance during some of our activities (mainly the ones containing an evaluation) and your interaction with instructors and other participants will sometimes be evaluated by our volunteers in the form of grades/written feedback. Our Human Resources Department will collect these evaluations and attach them to your website account. This information will only be visible to our IT team, Human Resources representatives and higher management and its purpose is to identify either very gifted students or “red flag” users. The volunteers in charge of making these evaluations are following an objective, comprehensive, standardized and secret evaluation protocol. As such, no evaluations are visible to the user.
1.3. Data we collect automatically
When you access our services, we collect certain data by automated means, including:
System Data: IP address, device type, operating system type and version, unique device identifiers, browser, browser language, domain and other systems data, and platform types.
Usage Data: Usage statistics about your interactions with the Services, including projects you’ve applied to and their status, pages visited and time spent on them, features used, your search queries, click data, date and time, and other data regarding your use of the Services.
All data above is collected through the use of server log files and tracking technologies (detailed in the “Cookies and Data Collection Tools” section) and is stored by us and associated with your account.
2. How we collect data about you
When using our services there are 3 ways we can collect data about you:
- Data you provide directly (info you enter yourself)
- Data provided by our volunteers about you participation in our activities
- Data we collect automatically
2.1 Cookies and Data Collection Tools
RSSS uses the following types of cookies:
· Preferences: cookies that remember data about your browser and preferred settings that affect the appearance and behavior of the Services (like your preferred language).
· Security: cookies used to enable you to log in and access the Services; protect against fraudulent logins; and help detect and prevent abuse or unauthorized use of your account.
· Session State: cookies that track your interactions with the Services to help us improve the Services and your browsing experience, remember your login details, and enable processing of your project applications. These are strictly necessary for the Services to work properly, so if you disable them then certain functionalities will break or be unavailable.
Some of the third-party partners who provide certain features on our site may also use Local Storage Objects (also known as flash cookies or LSOs) to collect and store data.
We use third-party browser and mobile analytics services like Google Analytics on the Services. These services use Data Collection Tools to help us analyze your use of the Services, including information like the third-party website you arrive from, how often you visit, events within the Services, usage and performance data, and where the application was downloaded from. We use this data to improve the Services, better understand how the Services perform on different devices, and provide information that may be of interest to you.
2.3 Online Advertising
We use third-party advertising services like Facebook to deliver advertising about our Services. The ads are based on things that these ad service providers know about you based on their tracking data. The ads can be based on your recent activity or activity over time and across other sites and services, and may be tailored to your interests.
Facebook may place cookies or other tracking technologies on your computer, phone, or other device to collect data about your use of our Services, and may access those tracking technologies in order to serve these tailored advertisements to you.
3. How we use your data
RSSS uses your data in order to provide our Services, communicate with you, troubleshoot issues, secure against fraud and abuse, improve and update our Services, analyze how people use our Services and as required by law or necessary for safety and integrity.
We use the data we collect through your use of the Services (both online and offline) to:
· Provide and administer the Services
· Process your applications for our educational activities
Automatically link the data in your account to each of your applications
Send confirmation e-mails after each application to one of our projects, containing the information the user has filled in for that particular application
Access the list of applicants, their name, year of study, previous applications and their status, motivation and other information required in the application forms
Assign a status for each project application, in accordance with our Internal Rules and using the data provided by the user and their previous applications on our website
Publicly display the list of accepted participants and team members for each project (first and last name only)
Sending e-mails to all applicants informing them of the status of their application
Receive proof of payments for projects requiring a fee
· Communicate with you ( by e-mail/phone):
Responding to your questions, concerns
Sending you administrative messages and information, including messages from our project coordinators
· Generate administrative documents used for our educational activities such as badges, diplomas
· Protect our property, such as in the case of custody contracts (offline data)
· Keep a hard copy archive of contracts, as required by law, such as volunteering contracts (offline data)
· Evaluate the performance of all people involved in our projects (students and team members alike), by analyzing grades and feedback linked to accounts by our Human Resources Department
· Send you periodic Newsletter about our future projects
· Facilitate the Services’ technical functioning, including troubleshooting and resolving issues, securing the Services, and preventing fraud and abuse
· Identify unique users across devices;
· Improve our Services and develop new projects, services and features;
· Analyze trends and traffic, track usage data;
· Advertise the Services on third-party websites and applications (such as Facebook);
· As required or permitted by law or as we, in our sole discretion, otherwise determine to be necessary to ensure the safety or integrity of our users, volunteers, third parties, the public, or our Services.
4. Who we share your data with
RSSS shares some of your data with our project coordinators and with our Human Resources and IT administrators.
· With our Institutional Partners, in the case of co-organized projects and events, in which the applicants use our Services in order to apply/participate.
· With Analytics and Data Enrichment Services: As part of our use of third-party analytics tools like Google Analytics we share certain contact information, Account Data, System Data, Usage Data (as detailed in Section 1), or de-identified data as needed. De-identified data means data where we’ve removed things like your name and email address and replaced it with a token ID. This allows these providers to provide analytics services or match your data with publicly-available database information (including contact and social information from other sources).
· For Security and Legal Compliance: We may disclose your data to third parties if we (in our sole discretion) have a good faith belief that the disclosure is:
o Permitted or required by law;
o Requested as part of a judicial, governmental, or legal inquiry, order, or proceeding;
o Reasonably necessary as part of a valid subpoena, warrant, or other legally-valid request;
o Required to detect, prevent, or address fraud, abuse, misuse, potential violations of law (or rule or regulation), or security or technical issues; or
o Reasonably necessary in our discretion to protect against imminent harm to the rights, property, or safety of RSSS, our users, employees, members of the public, or our Services.
RSSS takes appropriate security measures to protect against unauthorized access, alteration, disclosure, or destruction of your personal data that we collect and store. Unfortunately, however, no system can be 100% secured, so we cannot guarantee that communications between you and RSSS, or any information provided to us in connection with the data we collect through the Services will be free from unauthorized access by third parties. Your password is an important part of our security system, and it is your responsibility to protect it. You should not share your password with any third party, and if you believe your password or account has been compromised, you should change it immediately and contact firstname.lastname@example.org with any concerns.
6. Your rights concerning your data
6.1 Your choices about the use of your data
You can choose not to provide certain data to us, but you may not be able to use certain features of the Services, such as applying for projects.
· The browser or device you use may allow you to control cookies and other types of local data storage. Your wireless device may also allow you to control whether location or other data is collected and shared.
· To opt out of allowing Google Analytics to use your data for analytics or enrichment, see the Google Analytics Opt-out Browser Add-on,
· If you have any questions about your data, our use of it, or your rights, contact us at email@example.com.
6.2 Accessing, updating and deleting your personal data
You can access and update your personal data that RSSS collects and stores:
· To update data you provide directly, log into your account and update your account at any time.
· To terminate your sscr.ro account, email us at firstname.lastname@example.org. Please note that terminating your account is irreversible and will automatically lead to all of you past applications to projects being deleted from our website, along with all your information regarding said applications (status, performance, diplomas). Even after your account is terminated, e-mails sent/received from our website will still be visible to our admins in our logs.
· When contacting our support team, please allow up to 30 days for a response. For your protection, we may require that the request be sent through the email address associated with your account, and we may need to verify your identity before implementing your request.
6.3 Underage minor data
Parents who have reason to believe RSSS may have collected and stored personal data from an underage minor can submit a request for the data to be removed at email@example.com.
8. Contact Info