Thank you for your interest in the Romanian Student Society of Surgery (‘RSSS’, ‘we’, ‘us’). As a non-profit NGO, our sole purpose is to provide access to surgical education.
Through our website, social media outlets and activities (workshops, conferences, camps and other scientific or social events), we aim to offer a secure online and offline experience, in which the data you are providing is safe and strictly used to ensure your access to medical education.
This Privacy Policy details how we collect, use, and share data about our users, as well as their rights to access, correct, or restrict our use of their personal data. This Privacy Policy applies when you visit or use the RSSS website (sscr.ro), social media or educational services (the ‘Services’).
By using the Services, you agree to the terms of this Privacy Policy. You shouldn’t use the Services if you don’t agree with this Privacy Policy.
1. Data we collect
When using our online or offline services there are 4 main ways we can collect data about you:
- Data you provide directly (info you enter yourself);
- Data provided by our volunteers about your participation in our activities;
- Data we collect automatically.
1.1.1 Data you provide directly - Online
Because our website is such an important tool in our day-to-day operations, we require all people wishing to enroll in our medical education activities to be registered users of our website. When creating and using a user account to access different features of our website, we collect any data you provide directly, including:
Account Data: Upon creating or updating an account, we collect and store any data you enter yourself, such as: e-mail address, password, first name, last name, phone number, gender, date of birth, academic status, country, university, faculty, graduation year. We also assign you a unique identifying number. You can also choose to provide a profile photo (visible for the user and our admins).
Enrollement Data: Every time you apply for a RSSS activity which requires online registration on our website, we store data about your application for said project and its status (‘Accepted’, ‘Rejected’, ‘Pending’, ‘Withdrawal’, ‘Completed’), including redacted answers to different questions in the application form (such as: ‘What is your motivation to participate in this course?’).
Applicant Payment Data: Some of our activities require a participation fee. Payment of said fee a few days prior to commencement is the participant’s confirmation and commitment to attend our activity and must be communicated to us by uploading a proof of payment on the website or by request through other means. It is the user’s sole responsibility to redact the proof of payment in such a way as to not make visible sensible information (such as personal numerical code, account details etc.). By uploading the proof of payment, the user accepts that any unredacted info will be visible to our team. The only info we require to see for validation is: first and last name of the participant (when these do not coincide with the name of the person who made the payment, they should be clearly stated in the Details section of the payment proof), date, sum, currency, purpose of payment (in the Details section of the payment proof). Should unclarities appear regarding payment, an organisation representative might require additional payment information. We never request sensitive information like PIN number or CCV. Please never send these info.
Communications and Support: If you contact us for support/to report a problem or concern/ to make a suggestion/ propose a collaboration/ make any sort of inquiry (regardless of whether you have created an account), we collect and store your contact information, messages, and other data about you, like your name, e-mail address, subject of inquiry, IP address, and any other data you provide or that we collect through automated means (detailed below). We use this data to respond to you and research your question or concern, in accordance with this Privacy Policy. Communication to other members of the website through the website forms is also logged and visible to our IT team. For sensitive information, please use e-mail or other means of communication.
1.1.2 Data you provide directly
Due to the nature of our activities as well as technical and legal limitations and regulations, we sometimes require our users to fill in hard copy forms, questionnaires or contracts. Some of these are purely for statistical/feedback purposes, in which case they are anonymous and the information we collect concerns self evaluations of different skills/sets of knowledge or evaluations of our own performance as a provider of medical education. All other written documents we require are different forms of legal contracts (such as volunteering contracts, custody contracts) which must abide by Romanian laws and regulations and include sensible information necessary to legally identify an individual, such as first name, last name, date of birth, city, address, personal numerical code, identity card number and series. As specified in these contracts, by filling them in the users gives their consent for us to collect and store this information (in hard copy). All legal contracts will be signed in at least two copies, one of which will be given to the user.
1.2. Data provided by our volunteers about you participation in our activities
Your performance during some of our activities (mainly the ones containing an evaluation) and your interaction with instructors and other participants will sometimes be evaluated by our volunteers in the form of grades/written feedback. Our Human Resources Department will collect these evaluations and attach them to your website account. This information will only be visible to our IT team, Human Resources representatives and higher management and its purpose is to identify either very gifted students or “red flag” users. The volunteers in charge of making these evaluations are following an objective, comprehensive, standardized and secret evaluation protocol. As such, no evaluations are visible to the user.
1.3. Data we collect automatically
When you access our services, we collect certain data by automated means, including:
System Data: IP address, device type, operating system type and version, unique device identifiers, browser, browser language, domain and other systems data, and platform types.
Usage Data: Usage statistics about your interactions with the Services, including projects you’ve applied to and their status, pages visited and time spent on them, features used, your search queries, click data, date and time, and other data regarding your use of the Services.
All data above is collected through the use of server log files and tracking technologies (detailed in the ‘Cookies and Data Collection Tools’ section) and is stored by us and associated with your account.
2. How we collect data about you
When using our services there are 3 ways we can collect data about you:
- Data you provide directly (info you enter yourself);
- Data provided by our volunteers about you participation in our activities;
- Data we collect automatically.
The first two sources of data have been detailed in the section above (1. Data we collect). Data obtained automatically is gathered through the use of cookies and analytics services.
2.1 Cookies and Data Collection Tools
RSSS and service providers acting on our behalf (such as Google Analytics/third party advertisers) use server log files and automated data collection tools like cookies, tags, scripts, customized links, device or browser fingerprints, and web beacons (together, ‘Data Collection Tools’) when you access and use the Services. These Data Collection Tools automatically track and collect certain System Data and Usage Data (detailed in Section 1. Data we collect) when you use the Services. In some cases, we tie data gathered through those Data Collection Tools to other data that we collect as described in this Privacy Policy.
We use cookies (small files that websites send to your device to uniquely identify your browser or device or to store data in your browser) for things like analyzing your use of the Services, personalizing your experience, making it easier to log into the Services, and recognizing you when you return. We use web beacons (small objects that allow us to measure the actions of visitors and users using the Services) for things like identifying whether a page was visited, identifying whether an e-mail was opened, and advertising more efficiently by excluding current users from certain promotional messages or identifying the source of a new mobile app download.
RSSS uses the following types of cookies:
- Preferences: cookies that remember data about your browser and preferred settings that affect the appearance and behavior of the Services (like your preferred language);
- Security: cookies used to enable you to log in and access the Services; protect against fraudulent logins; and help detect and prevent abuse or unauthorized use of your account;
- Session State: cookies that track your interactions with the Services to help us improve the Services and your browsing experience, remember your login details, and enable processing of your project applications. These are strictly necessary for the Services to work properly, so if you disable them then certain functionalities will break or be unavailable.
You can set your web browser to alert you about attempts to place cookies on your computer, limit the types of cookies you allow, or refuse cookies altogether. If you do, you may not be able to use some or all features of the Services, and your experience may be different or less functional.
Some of the third-party partners who provide certain features on our site may also use Local Storage Objects (also known as flash cookies or LSOs) to collect and store data.
2.2 Analytics
We use third-party browser and mobile analytics services like Google Analytics on the Services. These services use Data Collection Tools to help us analyze your use of the Services, including information like the third-party website you arrive from, how often you visit, events within the Services, usage and performance data, and where the application was downloaded from. We use this data to improve the Services, better understand how the Services perform on different devices, and provide information that may be of interest to you.
2.3 Online Advertising
We use third-party advertising services like Facebook and Instagram to deliver advertising about our Services. The ads. are based on things that these ad. service providers know about you based on their tracking data. The ads. can be based on your recent activity or activity over time and across other sites and services, and may be tailored to your interests.
Facebook may place cookies or other tracking technologies on your computer, phone, or other device to collect data about your use of our Services, and may access those tracking technologies in order to serve these tailored advertisements to you.
During our events, the RSSS volunteers take pictures or record video which are later edited by the Graphics&Design Department members, and PR Department members, respectively, who will post them on social media platforms (Facebook, Instagram etc.). If you do not agree, please inform the organizers of the project you attend, in order to be excluded from the visual materials. If you do not inform the organizers of this fact, we consider that you agree with the facts that the visual materials will be public online.
3. How we use your data
RSSS uses your data in order to provide our Services, communicate with you, troubleshoot issues, secure against fraud and abuse, improve and update our Services, analyze how people use our Services and as required by law or necessary for safety and integrity.
We use the data we collect through your use of the Services (both online and offline) to:
- Provide and administer the Services;
- Process your applications for our educational activities:
- Automatically link the data in your account to each of your applications:
- Send confirmation e-mails after each application to one of our projects, containing the information the user has filled in for that particular application;
- Access the list of applicants, their name, year of study, previous applications and their status, motivation and other information required in the application forms;
- Assign a status for each project application, in accordance with our Internal Rules and using the data provided by the user and their previous applications on our website;
- Publicly display the list of accepted participants and team members for each project (first and last name only).
- Sending e-mails to all applicants informing them of the status of their application;
- Receive proof of payments for projects requiring a fee;
- Communicate with you ( by e-mail/phone):
- Responding to your questions and concerns.
- Sending you administrative messages and information, including messages from our project coordinators:
- Generate administrative documents used for our educational activities such as badges and diplomas;
- Protect our property, such as in the case of custody contracts (offline data);
- Keep a hard copy archive of contracts, as required by law, such as volunteering contracts (offline data);
- Evaluate the performance of all people involved in our projects (students and team members alike), by analyzing grades and feedback linked to accounts by our Human Resources Department;
- Send you periodic Newsletter about our future projects;
- Facilitate the Services’ technical functioning, including troubleshooting and resolving issues, securing the Services, and preventing fraud and abuse;
- Identify unique users across devices;
- Improve our Services and develop new projects, services and features;
- Analyze trends and traffic, track usage data;
- Advertise the Services on third-party websites and applications (such as Facebook);
- As required or permitted by law or as we, in our sole discretion, otherwise determine to be necessary to ensure the safety or integrity of our users, volunteers, third parties, the public, or our Services.
- Automatically link the data in your account to each of your applications:
4. Who we share your data with
RSSS shares some of your data with our project coordinators and with our Human Resources and IT administrators.
We may share your data with third parties under the following circumstances or as otherwise described in this Privacy Policy:
- With our Institutional Partners, in the case of co-organized projects and events, in which the applicants use our Services in order to apply/participate;
- With Analytics and Data Enrichment Services: As part of our use of third-party analytics tools like Google Analytics we share certain contact information, Account Data, System Data, Usage Data (as detailed in Section 1), or de-identified data as needed. De-identified data means data where we’ve removed things like your name and email address and replaced it with a token ID. This allows these providers to provide analytics services or match your data with publicly-available database information (including contact and social information from other sources);
- To Power Social Media Features: The social media features in the Services (like the Facebook Like button) may allow the third-party social media provider to collect things like your IP address and which page of the Services you’re visiting, and to set a cookie to enable the feature. Your interactions with these features are governed by the third-party company’s privacy policy.
- For Security and Legal Compliance: We may disclose your data to third parties if we (in our sole discretion) have a good faith belief that the disclosure is:
- Permitted or required by law;
- Requested as part of a judicial, governmental, or legal inquiry, order, or proceeding;
- Reasonably necessary as part of a valid subpoena, warrant, or other legally-valid request;
- Reasonably necessary to enforce our Privacy Policy, and other legal agreements;
- Required to detect, prevent, or address fraud, abuse, misuse, potential violations of law (or rule or regulation), or security or technical issues; or
- Reasonably necessary in our discretion to protect against imminent harm to the rights, property, or safety of RSSS, our users, employees, members of the public, or our Services.
- We may also disclose data about you to our auditors and legal advisors in order to assess our disclosure obligations and rights under this Privacy Policy;
- With Your Permission: with your consent, we may share data to third parties outside the scope of this Privacy Policy.
5. Security
RSSS takes appropriate security measures to protect against unauthorized access, alteration, disclosure, or destruction of your personal data that we collect and store. Unfortunately, however, no system can be 100% secured, so we cannot guarantee that communications between you and RSSS, or any information provided to us in connection with the data we collect through the Services will be free from unauthorized access by third parties. Your password is an important part of our security system, and it is your responsibility to protect it. You should not share your password with any third party, and if you believe your password or account has been compromised, you should change it immediately and contact webmaster@sscr.ro with any concerns.
6. Your rights concerning your data
-
- Your choices about the use of your data
You can choose not to provide certain data to us, but you may not be able to use certain features of the Services, such as applying for projects.
The browser or device you use may allow you to control cookies and other types of local data storage. Your wireless device may also allow you to control whether location or other data is collected and shared.
To opt out of allowing Google Analytics to use your data for analytics or enrichment, see the Google Analytics Opt-out Browser Add-on.
If you have any questions about your data, our use of it, or your rights, contact us at webmaster@sscr.ro.
6.2 Accessing, updating and deleting your personal data
You can access and update your personal data that RSSS collects and stores:
- To update data you provide directly, log into your account and update your account at any time;
- To terminate your sscr.ro account, e-mail us at webmaster@sscr.ro. Please note that terminating your account is irreversible and will automatically lead to all of you past applications to projects being deleted from our website, along with all your information regarding said applications (status, performance, diplomas). Even after your account is terminated, e-mails sent/received from our website will still be visible to our admins in our logs.
When contacting our support team, please allow up to 30 days for a response. For your protection, we may require that the request be sent through the email address associated with your account, and we may need to verify your identity before implementing your request.
6.3 Underage minor data
Parents who have reason to believe RSSS may have collected and stored personal data from an underage minor can submit a request for the data to be removed at webmaster@sscr.ro.
7. Updates to this Privacy Policy
If we make any material changes to this Privacy Policy, we will notify you via email, through a notification posted on our website (or as required by applicable law) in which we will include a summary of the key changes. Any updates will become effective on the day they are posted, unless stated otherwise.
As permitted by applicable law, by continuing to use the Services after the effective date of any change, your access and/or use will be considered an acceptance of the revised Privacy Policy. The revised Privacy Policy supersedes all previous Privacy Policies.
8. Contact Info
For any questions, concerns, or disputes regarding our Privacy Policy, please contact us at webmaster@sscr.ro.