Privacy Policy

Privacy Policy

Overview:

The Privacy Policy of the Clinical TracTM. ("CT") describes how the organization and their affiliates (we) collect, use and share personally identifiable information that you provide via the use of our web sites (the "Sites") through membership, volunteerism, conference/webinar attendance, purchases and other interactions in which information is collected. The term "you" indicates web site visitors, CT members, customers, candidates, affiliates, associates, volunteers, authors and any user of the Sites or anyone doing business with this organization. "You" does not include this organization' employees, vendors, contractors or persons in similar business relationships where personally identifiable information may be provided and used. Clinical TracTM. is based in the United States and as such this policy was developed under the laws of the United States. This Privacy Policy is subject to change periodically. This Privacy Policy is posted on the Sites and is effective at the time denoted by its date. It is recommended that you regularly check the Sites for updates.

THIS NOTICE DESCRIBES HOW INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED. PLEASE REVIEW IT CAREFULLY.

The use of the Sites and services offered by this organization constitutes your acceptance of this Privacy Policy. If you use the Sites, register, login, post comments, participate in forums, wikis or blogs, register for courses, exams or other events, purchase license, or otherwise submit personally identifiable information in any manner, you are consenting to the use of such data in accordance with this Privacy Policy. If you are an international user, the use of any web site covered by this Privacy Policy constitutes consent to this Privacy Policy and an acknowledgement that use of any web site covered by this Privacy Policy is solely subject to the laws governing the use of data in the United States and as indicated by this policy.

Additionally, the Sites contain links to other web sites managed by third parties (some of which use cookies). As a user of links displayed on the Sites, it is your responsibility to understand the privacy policies of the web sites you visit. Once you leave our web site using links, we have no control over information that is submitted to, or collected by any third parties and we are not responsible for activities or practices of the other web sites.

Collection of Personally Identifiable Information

We collect and maintain demographic information and personally identifiable information such as, but not limited to, your name, date of birth, email address, home, and business address (including country), and telephone, cell and fax numbers. Additionally, we collect credit card, bank account and other payment information and other business information that you provide for transactional purposes such as, but not limited to, purchases, conferences, applications, examinations, and membership. We also collect personally identifiable information from authors, vendors, contractors and from vendors via purchased or rented lists.

The minimum information you need to provide to complete any specific transaction or access any particular area of the Sites is detailed on the Sites' pages or forms. You will be unable to place an order or complete a registration without providing minimal information required for the transaction. In some cases, other optional information is also requested, which you may elect to provide. This optional information allows us to provide a more personalized experience for the web site user.

Your preferences are collected through information you provide via your membership and "My Account" submissions, web site registration, purchases, conference/webinar registration/attendance, tradeshows, examinations, credential registration, participation in committees/special interest groups and task forces, subscriptions, scholarship and fellowship applications, online surveys, as well as other information you provide. Some of these functions, forms or activities provide for opt-outs as to providing information. If opt-outs are utilized, certain web sites, benefits and/or web site functionality may not be available. We also collect and use personally identifiable information as part of various programs such as, but not limited to, contests, peer review, ethics inquiries and investigations, award nominations, volunteer and committee activities and benevolent fund and foundation applications and donations.

Online Networking Features

By participation in networking functions such as, but not limited to, initiating your public profile, posting your resume, posting a comment or review, participating in a community activity, discussion forums, blogs, wikis or similar activity, be advised that information you provided may be publicly viewable when using these functionalities. This includes information such as, but not limited to, username or other information you have used as your username (e.g., email address or your name). This may result in unsolicited messages or communication beyond our control.

Collection of Passive Information

Upon any use of the Sites, providing email address, enrolling in programs, or completing various forms, we collect non-identifying information through the use of cookies technology and/or Internet Protocol (IP) address tracking/URL tracking. This technology collects non-personal information such as, but not limited to, new or returning user, browser information, computer type, operating system, internet service providers, web site usage, referring/exit pages, platform type, date/time stamp, number of clicks, advertisement viewing, and performance to personalize the content to better serve you and all web site users. We collect this information to perform effective capacity planning, administer the Sites, troubleshoot web site performance, track aggregate users' movements, gather aggregate demographics and accurately document transactional information for business partners.

The Use of Cookies for Advertising

Our Sites may contain advertisements, whose related cookies may collect data, but also track your movement and behavior on other sites. These types of cookies, from third-party advertisers or from links accessed via our Sites and are not controlled by us.

We utilize our own cookies to track visitor behavior on clinicaltrac.com to optimize your experience on our site and provide promotional advertising on other sites for CT products or services.

Use of Information and Sharing and Disclosure to Third Parties

We use personally identifiable information collected for membership, non-member/customer activity, and account maintenance. We may communicate with you regarding membership benefits, any program enrollment or special interest group, or account billing and maintenance and potential membership. We also communicate with members or licensed customers regarding peer review or ethics inquiries, violations and/or sanctions. We use and maintain various records regarding interactions such as, but not limited to, continuing professional education. In addition, we use and maintain your information as determined by the organizations' business needs, or as required or permitted by law. Some member information or customer transaction email or communications are not available for opt out (see Choice and Opt Out, below).

Information is used to process transactions/orders, send conference/webinar information, subscriptions, periodicals and other information, noting that credit card/banking/payment information is restricted for the purchase/uses identified. We often facilitate billing and payment of transactions through the use of third parties responsible for processing credit card, banking and payment information and invoicing transactions.

We use collected information to build quality and useful services and user interactions by analyzing user trends and by measuring demographics and interests. We analyze demographics, user trends, and member and non-member purchases to develop interest areas for referral listings and to offer suggestions on specialty membership or product areas. We may use information you provide or passive information collected to improve and offer additional services to you and may contact you directly.

We personalize various aspects of the Sites by pre-populating online forms for your convenience and for member validation. We use information to provide you with prompt and effective services. We may use non-identifying profile information in the aggregate (such as interest area information) and disclose such aggregated information to third parties to assist in developing new features and content, as well as information on trends and usage patterns.

Collected information is used to send newsletters, promotional messages, product announcements, request for contributions or other communications that may be of interest to you. We also use information collected to refer you to our specialty membership areas. We request participation in online surveys and communicate as defined by the individual survey. You may opt out of receiving some of these communications (see Choice and Opt Out below).

We share your information with third parties as permitted or required by law. Types of disclosures, including but not limited to the following, may be made without asking for explicit consent from you:

  • As necessary pursuant to lawful requests, such as to respond to subpoenas, warrants, court orders, or other related legal requests or proceedings and as permitted or required by law;
  • In connection with the sale or transfer of CT or substantially all of their assets;
  • If certain other disclosures, such as, but not limited to, those connected to CT enforcement proceedings, are required or authorized pursuant to CT bylaws and resolutions of CT Council. As a condition of CT user license agreement, you have consented to comply with the bylaws and Code of Professional Conduct, including those relevant to disciplinary actions; and
  • If you volunteer on a CT committee, your name, committee, and city/state are visible to the public on any section of the Sites.

Additionally, third parties with whom we may share information include but are not limited to:

  • All CT affiliated organizations;
  • Networking communities and discussion forums vendors;
  • Conference attendees, expert panels and fellow committee members;
  • Mailing and fulfillment houses and third-party vendors for various communications and orders;
  • Individuals accessing the peer review public file, firm search, and referral or resume searches;
  • Individuals accessing the specialty member referral web sites;

Your information may also be shared to:

  • Verify that you are a member of the university, college or technical school you attend;
  • Complete various internal and external audits;
  • Promote you or your firm through a specialty referral program; and
  • Respond to technical accounting and auditing questions.

Mailing address information may be used for direct mail list rental, which is managed by CT and is for one-time limited use for companies and organizations offering products, services or programs of interest to Mental Health Providers, other mental health executives related to the profession's business environment. Third parties are bound by agreements which prohibit use of information for any purpose outside of the scope of the contracted activities.

CT share email and web site usage information about visitors who have received a targeted email promotional campaign from the organizations with a third-party email service provider organization (eSend Marketing) for the sole purpose of targeting future email campaigns and upgrading visitor information used in reporting statistics. For this purpose, CT Interactive track some of the pages you visit on our web site through the use of meta tags. This information is not shared with any third parties.

Your personal information may also be used or shared in other than ways that you either imply or expressly give consent to or instruct us to undertake.

Choice and Opt-In

When you receive your Welcome Email which includes your username and temporary password, you will need to opt-in to receive certain communications related to the CT platform. As a practice we do not include promotional or marketing text messages in our communications to you. You can contact the Customer Service Center at 1 888-856-9772 (8 am – 6 pm CST, M-F) or by emailing service@clinicaltrac.com.
Opt-In Message

Choice and Opt-Out

If you have a CT username, you can opt out of certain communication, including direct mail list rentals, via "My Account" on clinicaltrac.com, by contacting the Customer Service Center at 1 888-856-9772 (8 am – 6 pm CST, M-F) or by emailing service@clinicaltrac.com. If you receive a specific email regarding products, conferences or other services, you can follow the "unsubscribe" instructions at the bottom of the specific email. Opt outs for specific emails do not serve as a global opt out of communications for all products or for services communications. To perform a global opt out, a CT username is required on clinicaltrac.com, as noted above. It will take 10 days for your email opt-out selections to take effect and longer for other communications/mailings. Though a member may opt out of receiving communications from the CT, the CT will continue to contact the customer regarding his/her account, membership, or member's surveys for which he/she will have the opportunity to elect or decline to participate. Click here to see our OPT OUT messages.

In addition, you can opt out of receiving future e-mailed messages or newsletters from CT by changing your preferences in the "Preference Center," which can be accessed from the "My Account" section of the site.

Data Accuracy

Individuals are responsible for providing accurate and complete personally identifiable information, and for contacting the CT to correct or update information as needed. CT members and non-members with CT usernames may view and update their account information at any time by logging on to clinicaltrac.com and clicking Update Personal Information from the My Account screen, or alternatively contact the Customer Service Center at 1 888-856-9772 or service@clinicaltrac.com from (8 am – 6 pm CST, M-F) to update their accounts.

CT registered users also can check or verify the information they have provided to CT by signing in, then clicking on the "My Profile" page of the "My Account" tab and making any necessary edits to this information.

Delete Registered Accounts

Registered CT users can have their account deleted from our application by contacting Customer Support at support@clinicaltrac.com. We can process this written request for you after completing our account verification process or CT members can contact their School Administrator directly. Closed accounts are considered banned and will no longer be accessible.

Security and Other

We use reasonable measures to strive to safeguard and secure the personally identifiable information we collect. Any transmission is at your own risk. Technology, such as, but not limited to, Secured Socket Layer (SSL), is used to enhance security and reduce risk of loss. Our security practices, processes or technology do not guarantee absolute security of your information and you should take all normal personal precautions such as, but not limited to, not sharing passwords, closing browsers, and not using public networks (e.g., internet cafes, etc.). Employees of the organizations are advised to treat any personally identifiable information with care. Internally, we limit access to personally identifiable information to employees, contractors and agents who need access to the information to do their jobs or perform services on behalf of the CT.

Use of these Sites, with respect to privacy, is covered by binding arbitration. Users of the Sites are encouraged to report any suspected breach of privacy or site security to our Service Center Operations Team at the telephone number, e-mail address, or mailing address indicated at the bottom of this page. All reports of suspected breaches will be investigated by staff familiar with the related security operations. Any controversy or claim related to privacy that cannot be settled to your satisfaction shall be settled by arbitration in Dallas, Texas. Such disputes will be administered by the American Arbitration Association, http://www.adr.org/, Dallas Regional Office, Galleria North Tower 2, 13727 Noel Road, Suite 700, Dallas, Texas 75240, (972) 774-6947, in accordance with its arbitration rules, and judgment upon the award rendered by the arbitrator(s) may be entered in any court having jurisdiction thereof.

Consent to Transfer

Some of the uses and disclosures mentioned in this Privacy Policy may involve the transfer of your personal information to various countries around the world that may have different levels of privacy protection than your country. By submitting your personal information through this Site or otherwise, as described above, you consent to the collection, processing, use, and transfer to the United States and other various countries of your personal information for the purposes of and in accordance with the principles stated in this Privacy Policy.

Canvas API/LTI

Below are the security measures we've implemented for Clinical Trac™, especially with regards to its integration with Canvas. We take security very seriously and have made every effort to follow the best industry practices. To ensure the utmost security, we have implemented the following measures:

  • Utilize a stable PHP Version
  • Implemented prevention from Cross-site scripting (XSS)
  • Implemented prevention from SQL Injection Attacks
  • Validate all User Inputs
  • Limited Directory Access
  • Utilize URL Encoding
  • Prevented Session Hijacking
  • Files are hidden from the Browser
  • Utilize SSL Certificates with every access
  • Deployed on a secure Google Cloud with private buckets to secure files
  • Ensured that no school or student access tokens are shared with any third party
  • Stored sensitive access tokens, developer keys, etc. with encrypted storage
  • Utilize various security algorithms while integrating (names cannot be shared)
  • Routed all API calls to and from a secured channel
  • Created a secured link with Canvas using the best API security techniques
  • WE DO NOT share any other keys or credentials with any third party applications
  • Regularly discarded all unused sensitive data

With these measures in place, you can rest assured that privacy concerns will not be an issue when sharing Canvas Access Tokens or approving our Clinical Trac™ Developer Key with your Canvas account.

VPAT/HECVAT

To request our Clinical Trac VPAT (Voluntary Accessement Template) please send an email to support@clinicaltrac.com
To request our HECVAT (Higher Education Cloud Vendor Accessement Tool) Report please send an email to support@clinicaltrac.com

Contact Information

Users of these Sites are encouraged to report any improvements, suggestions, any suspected breach of privacy or web site security to our Service Center Operations Team at the telephone number, mailing address, or email address indicated as follows:

888-856-9772

Clinical Trac
P.O. Box 153237
Arlington, Texas 76018

E-mail: service@clinicaltrac.com

Effective Date: January 2021