Privacy Policy

Introduction

Welcome. The National Association of Chronic Disease Directors (“NACDD,” “Organization,” “we,” “our,” or “us”) provides a variety of events, trainings, and resources to support our membership of 7,000 public health professionals who work to reduce the burden of chronic disease in every U.S. state and territory.

We respect your privacy and want to protect your Personal Information.

This Privacy Notice applies to all data collected by The National Association of Chronic Disease Directors in connection with Healm for diabetes program services (“Healm”) located at www.HealmAtWork.org  (the “Site”). It describes our business practices and notifies you of your rights and options.

Healm is designed for human resource benefit decision makers and subject matter experts (SME) who can provide technical assistance to employers on the process of designing and implementing the National Diabetes Prevention Program (National DPP) lifestyle change program for their employees. Healm provides related interactive guidance, assessment tools and calculators, and downloadable resources, collectively our “Products.”

Personal Information” is defined as any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means and may have various additional meanings under applicable data privacy laws.

The National Association of Chronic Disease Directors collects, uses, shares, and secures Personal Information when Organization clients use Healm. Through Healm, NACDD provides technical assistance to users of the Site and a guided journey toward offering the National DPP lifestyle change program for their employees. This Privacy Notice is also part of Healm. We refer to all of the above as our “Services.”

By visiting the Site, contacting us to inquire about our Services, or using Healm, you consent to our Privacy Notice.

If you voluntarily provide your information while interacting with our Site, Healm, or otherwise using our Services, we will take that as your agreement to our collection, use, and disclosure of your information as set forth in this Privacy Notice.

We are required by law to tell you what information we collect from you, why we collect it, how we use it, under what circumstances we may share it with third parties, how we protect that information, and how you may opt out of the use or sale of that information. If you have questions about this Privacy Notice, contact us at info@chronicdisease.org.

This Privacy Notice does not apply to other websites or programs sponsored by the Organization. Those websites and programs are covered by their own privacy policies and terms of use.

This Privacy Notice also does not apply to any products, services, websites, or content that are offered by third parties (“Third-Party Services”), which are governed by their respective privacy policies.

PLEASE READ CAREFULLY PRIOR TO USING OUR SERVICES. BY ACCESSING AND USING OUR SERVICES, YOU AFFIRM THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO ABIDE BY THIS PRIVACY NOTICE AND THE TERMS OF SERVICE. IF YOU DO NOT AGREE TO ABIDE BY THE TERMS OF SERVICE AND THIS PRIVACY NOTICE, YOU MAY NOT ENTER, ACCESS, OR OTHERWISE USE OUR SERVICES. IF YOU USE OUR SERVICES ON BEHALF OF SOMEONE ELSE, YOU REPRESENT TO US THAT YOU ARE AUTHORIZED BY SUCH INDIVIDUAL TO ACCEPT THIS PRIVACY NOTICE AND YOU DO ACCEPT THIS PRIVACY NOTICE ON SUCH INDIVIDUAL’S BEHALF.

What Information We Collect

(a) Personal Information You Provide to Us

In connection with the Services we provide, we may ask you to provide us with certain Personal Information, including your:

  • First and last name
  • Email address
  • Business address
  • Telephone number or mobile number
  • Username
  • Employment data such as position within your organization
  • Account name and password and other online identifiers
  • Other information that could reasonably be used to identify you personally
  • Demographic information, such as your country, state, or county of residence or business operation (“Demographic Information”)

We may collect this information when you:

  • Request information from us via webforms, emails, or when you sign up for our Services or access Healm
  • Contact us regarding a question, concern, or inquiry, such as when you make inquiries concerning our Site and/or Services
  • Register and create an account on our Site
  • Sign up or request to be placed on our mailing and/or email marketing lists

Your decision to provide us with information is voluntary, but, if you choose not to provide any requested information, you may not be able to take advantage of all of the Site’s features or use our Services or Healm.

(b) General Browsing

In addition to information that you submit to us, we and/or our service providers may automatically collect and/or store certain information when you visit or interact with the Site and Healm (“Usage Data”). This Usage Data may be stored and/or accessed from your personal computer, laptop, tablet, mobile phone, or other device (a “Device”) whenever you visit or interact with our Site. Usage Data may include:

  • Your Internet Protocol (IP) address, Identifier for Advertiser (IDFA), Android/Google Advertising identification (ID), International Mobile Equipment Identity (IMEI) number, or another unique identifier (“Device Identifier”)
  • Your Device functionality (including browser, browser language, operating system, hardware, mobile network information)
  • Referring and exit web pages and Uniform Resource Locators (URL)
  • The areas within our Site that you visit and your activities there, including remembering you and your preferences
  • Your Device location or other geolocation information, including the zip code, state, or country from which you accessed our Services
  • Your Device characteristics
  • Certain other Device data, including the time of day you visit our Site

(c) Location Data

For location information, we may use this information to provide customized Services, content, and other information that may be of interest to you. If you do not wish for us or our service providers to collect and use location information, you may disable the location features on your Device. Consult your Device manufacturer settings for instructions. Please note that if you disable such features, your ability to access certain features, Services, content, or products may be limited or disabled.

(d) Use of Cookies and other Tracking Technologies

We may use various methods and technologies to store or collect Usage Data (“Tracking Technologies”). Tracking Technologies may set, change, alter, or modify settings or configurations on your Device. A few of the Tracking Technologies used on the Site include, but are not limited to, the following (as well as future-developed tracking technology or methods that are not listed here):

  • Cookies. A cookie is a file placed on a Device to uniquely identify your browser or to store information on your Device. Our Site may use Hypertext Transfer Protocol (HTTP) cookies, Hypertext Markup Language 5 (HTML5) cookies, Flash cookies and other types of cookie technology to store information on local storage.
  • Web Beacons. A Web Beacon is a small tag (which may be invisible to you) that may be placed on our Site’s pages and messages.
  • Embedded Scripts. An embedded script is programming code that is designed to collect information about your interactions with the Site, such as the links you click on.
  • ETag, or entity tag. An ETag or entity tag is a feature of the cache in browsers. It is an opaque identifier assigned by a web server to a specific version of a resource found at a URL.
  • Browser Fingerprinting. Collection and analysis of information from your Device, such as, without limitation, your operating system, plug-ins, system fonts and other data, for purposes of identification.
  • Recognition Technologies. Technologies, including application of statistical probability to data sets, which attempt to recognize or make assumptions about users and devices (g., that a user of multiple devices is the same user).

We may use Tracking Technologies for a variety of purposes, including:

  • To allow you to use and access the Site, including for the prevention of fraudulent activity and improved security functionality
  • To assess the performance of the Site, including as part of our analytic practices or otherwise to improve the content, products, or services offered through the Site
  • To offer you enhanced functionality when accessing the Site, including identifying you when you sign into our Site or keeping track of your specified preferences or to track your online activities over time and across third-party sites
  • To deliver content relevant to your interests on the Site and third‑party sites based on how you interact with our content

Tracking Technologies we use include, but are not limited to:

  • Google Analytics. To learn more about how to opt out of Google’s use of the Google analytics cookies, visit here https://tools.google.com/dlpage/gaoptout.
  • LifterLMS, which uses cookies and other technologies like pixel tags to help us identify and track visitors, usage, and access preferences for our Services, as well as track and understand email campaign effectiveness and deliver targeted ads.

Please note that even if you exercise the opt-out choices above, you may continue to receive advertisements, for example, ads based on the particular website you are viewing (e.g., contextually based ads). Also, if your browser (like some Safari browsers) is configured to reject opt-out cookies when you opt out on the Digital Advertising Alliance (DAA) or Network Advertising Initiative (NAI) websites, your opt-out may not be effective.

(e) Information We Collect When You Interact with Third-Party Sites

The Site may include functionality that allows certain kinds of interactions between the Site and your account on a third-party website or application. These third parties may retain any information used or provided in any such communications or activities and these third parties’ practices are not subject to our Privacy Notice. We may not control or have access to your communications through these third parties. Further, when you use Third-Party Services or sites, you are using their services and not our Services and they, not we, are responsible for their practices. You should read the applicable third-party privacy policies before using such third-party tools on our Site.

We Do Not Collect Personal Health Information

The Organization does not collect any personal health information from users or providers. The Organization is not a Covered Entity (or “CE”) as that term is defined in the Health Insurance Portability and Accountability Act of 1996 and its related regulations set forth in Parts 160, 162, and 164 of Title 45 of the Code of Federal Regulations (collectively, “HIPAA”). We do not purposefully collect or store “protected health information” (“PHI”), as defined in HIPAA (45 C.F.R. § 160.103).

Please do not send PHI to us or post or display PHI anywhere on the Site or while using our Services. Sending, submitting, posting or otherwise providing to us, or uploading, storing, or otherwise transferring to the Site, any PHI (or other personally identifying information for any individuals from which the PHI is derived), including “individually identifiable information,” as defined in HIPAA, and “personal data,” as defined in the California Consumer Privacy Act or other applicable law, is strictly prohibited and we disclaim all responsibility or liability with respect to any such information.

By using our Services, you agree to indemnify and hold us harmless against any Losses (as defined below) which results from or arise out of any claim asserted against or sought from any party arising from or relating to your uploading, storing, or transferring of PHI or related information using the Services or otherwise providing such information to us in connection with the Services. As used herein, “Loss” means any financial loss, damage, injury, penalty, sanction, judgment, fine, liability, cost, expense, and fee (including reasonable attorneys’ fees, expert witness fees, investigator fees, court costs, and/or costs and fees associated with arbitration or mediation).

Why We Collect Information

We may use your information for various purposes, including:

  • Responding to your requests for information
  • Maintaining your account
  • Verifying your identity and for fraud prevention
  • Aiding your navigation through Healm
  • Assisting you to make decisions about offering the National DPP lifestyle change program
  • Sending you email communications such as electronic newsletters about our Products, Services, events, and promotions
  • Improving the effectiveness of our Site, our marketing endeavors, and our Products and Services offerings
  • Identifying your product and service preferences, providing personalized content, and informing you of new or additional information, products, and services that may be of interest to you
  • Helping us address problems with and improve our Site and Services, including testing and creating new products, features, and services
  • Protecting the security and integrity of the Site, including understanding and resolving any technical and security issues reported on our Sites
  • Engaging in analysis, research, and reports regarding the use of our Site and Services, for internal business purposes
  • Complying with the law and protecting the safety, rights, property, or security of The National Association of Chronic Disease Directors, the Services, and the general public
  • For purposes disclosed at the time you provide your information or as otherwise set forth in this Privacy Notice

When We Disclose Information

We do not sell your Personal Information to anyone.

We may share your information, including your Personal Information, with our affiliates and other third parties, such as companies with whom we have marketing or other relationships, for direct marketing purposes.

We may aggregate, de-identify, and/or anonymize any information collected through the Site or Services such that such information is no longer linked to your personally identifiable information. This may include information about the number of employees screened for prediabetes, enrolled in the National DPP lifestyle change program, completing the program, and/or meeting designated health goals for program success. This information may be aggregated to inform benchmarking future in the future. It may also be used for conference presentations, publications, and communications to funding partners.

 

To Whom We May Disclose Information

We may share the information we have collected about you, including Personal Information, as disclosed at the time you provide your information and as described in this Privacy Notice.

Examples of when The National Association of Chronic Disease Directors may share your information include as follows:

(a)        Third Parties Providing Services to The National Association of Chronic Disease Directors. We may use third-party service providers to perform certain services on behalf of us or the Site or Services, such as: (i) creating and updating Site functionality; (ii) billing or processing credit cards, and/or electronic or manual payments, if applicable; (iii) assisting us in Site operations; (iv) managing a database of customer and consumer information; (v) hosting the Site and improving performance of the Site; (vi) designing and/or operating the Site’s features; (vii) tracking the Site’s activities and analytics, including marketing and market research; (viii) data enhancement (to learn more about our customers); (ix) enabling us to perform administrative services, such as customer service, security, tech, operational support; and (x) other services designed to assist us in maximizing our business potential and disease prevention support. We may provide these vendors with access to user information to carry out the services they are performing. Those vendors may have additional or different privacy policies and/or privacy notices. You should be sure to read and agree to those policies and Terms.

We currently use the following as third-party service providers:

  • Amazon World Services
  • Ardent Learning (supports content development)
  • Leavitt Partners (SME support)
  • Rocket Camp (brand and marketing development)
  • Troy Web Consulting (web developer)
  • VenVenn Consulting (technology liaison)

Additional third-party service providers may be added from time to time and are available on request from The National Association of Chronic Disease Directors.

(b)        To Protect the Rights of The National Association of Chronic Disease Directors and Others. To the fullest extent permitted by applicable law, we may also disclose your information when required to by law, or if we believe in good faith that doing so is necessary or appropriate to: (i) protect or defend the rights, safety, or property of The National Association of Chronic Disease Directors, its affiliates, third parties, or the general public (including through the enforcement of this Privacy Notice, our Terms of Use, and other applicable agreements and policies); (ii) comply with legal and regulatory obligations (e.g., pursuant to law enforcement inquiries, subpoenas, or court orders); or (iii) to respond to claims that any content violates the rights of a third party. This includes exchanging information with other companies and organizations for fraud prevention, spam/malware protection, and other similar purposes. To the fullest extent permitted by applicable law, we have complete discretion in electing to make or not make such disclosures, and to contest or not contest any requests for such disclosures, all without notice to you.

(c)        Business Transfer. We also reserve the right to disclose and transfer all information: (i) to a subsequent owner, co-owner, or operator of the Site and/or our Services; or (ii) in connection with a merger, consolidation, restructuring, the sale of substantially all of our interests and/or assets or other corporate change, including during any due diligence process.

Retention of Your Personal Information

We will retain your Personal Information only for as long as is necessary for the purposes set out in this Privacy Notice. We will retain and use Your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your Information to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Services, or we are legally obligated to retain this data for longer time periods.

 

Your Choices About the Information We Collect

We give you many choices regarding our use and disclosure of your Personal Information for marketing purposes. You may opt-out from:

Receiving electronic communications from us: If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out of receiving these marketing-related emails by sending a request for list removal to info@chronicdisease.org or following the instructions for unsubscribing in the email. If you have provided your information to The National Association of Chronic Disease Directors, and opt-out, The National Association of Chronic Disease Directors will put in place processes to honor your request. This may entail keeping some information for the purpose of remembering that you have opted out.

We will try to comply with your request(s) as soon as reasonably practicable.

Administrative correspondence: Please also note that if you do opt-out of receiving marketing-related emails from us, we may still send you messages for administrative or other purposes directly relating to your use of the Services, and you cannot opt-out from receiving those messages.

You may also contact us with any issues related to your Personal Information by contacting technical support or submitting a ticket in our on-line support portal.

The privacy issues raised in your email will be reviewed and handled by the appropriate Organization personnel.

Children’s Privacy

The National Association of Chronic Disease Directors recognizes the importance of children’s safety and privacy. The Site and Services are not intended for use by any children under the age of 18. We do not request, or knowingly collect, any personally identifiable information from children under the age of 18. If you are the parent or guardian of a child under the age of 18 who has provided her or his information to us, please contact us at info@chronicdisease.org to request the deletion of that information.

Your California Privacy Rights

Pursuant to California’s “Shine the Light” law (California Civil Code § 1798.983), California residents are entitled, once a year and free of charge, to request the disclosure of certain categories of personal information to third parties for their own direct marketing purposes in the preceding calendar year, if any. Under the law, a business should either provide California customers certain information upon request or permit California customers to opt out of this type of sharing. You may request this information by contacting us at info@chronicdisease.org and indicating in the email subject line, “California Shine the Light Request.” Please include your mailing address, state of residence, and email address with your request.

 

Your Nevada Privacy Rights

If you are a Nevada resident, you have the right to request certain information from us regarding the collection and sale of your Personal Information (as defined in Nevada Revised Statutes 603A.320) during your visit to our Site or when you otherwise interact with us online.

As a Nevada resident, you may also request to opt out of us sharing such information about you. To make this inquiry, please submit a request in writing to info@chronicdisease.org with “Nevada Privacy Rights” in the subject line. You must include your email address, and attest that you are a Nevada resident by providing a Nevada postal address in your request. Please state whether you are requesting information and/or opting out.

We will process your request within 60 days, or we will let you know if we need additional time. We may require additional information to verify your identity before we can respond.

 

California / Delaware Do Not Track Disclosures

Do Not Track (“DNT”) is a web browser setting that requests that a web application disable its tracking of an individual user. Our Site responds to and supports the DNT header request field. If you turn DNT on in your browser, those preferences are communicated to us in the HTTP request header, and we will not track your browsing behavior.

Visitors to the Site Outside of the United States

If you are visiting the Site from a location outside of the United States, your connection will be through and to servers located in the United States. All information you receive from the Site may be created on servers located in the United States, and all information you provide might be maintained on web servers and systems located within the United States. The data protection laws in the United States may differ from those of the country in which you are located, and your information may be subject to access requests from governments, courts, or law enforcement in the United States according to laws of the United States. By using the Site or providing us with any information, you consent to the transfer to, and processing, usage, sharing and storage of your information in the United States and in other countries, as set forth in this Privacy Notice.

Updating Personal Information

We prefer to keep your Personal Information accurate and up to date. If you would like to change your contact information, please contact us at info@chronicdisease.org.

You may also contact us with any issues related to your Personal Information by contacting technical support or submitting a ticket in our on-line support portal.

If so, we will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable (but we may retain prior information as business records). Please note that it is not always possible to completely remove or delete all of your information from our databases and that residual data may remain on backup media or for other reasons, such as a legitimate business reason.

In addition, please note that if you implement a deletion request but later sign up for information or Services, your most recent request will control our information relationship with you.

Links

For your convenience, the Site and this Privacy Notice may contain links to other websites. The National Association of Chronic Disease Directors is not responsible for the privacy practices, advertising, products, services, or the content of such other websites. None of the links on the Site should be deemed to imply that The National Association of Chronic Disease Directors endorses or has any affiliation with the links.

Security

We incorporate commercially reasonable safeguards to help protect and secure your Personal Information. However, no data transmission over the internet, mobile networks, wireless transmission, or electronic storage of information can be guaranteed 100% secure. As a result, we cannot guarantee or warrant the security of any information you transmit to or from our Site, and you provide us with your information at your own risk.

International Data Transfers

Because The National Association of Chronic Disease Directors works with global companies and technologies, we may transfer your Personal Information outside of the country in which it was originally provided. This may include transfers to third parties, such as service providers who are located outside the United States or the European Union, where data protection laws may not offer the same level of protection as those in the United States, European Union, or European Economic Area (“EEA”). When we transfer personal data outside of these areas, we take steps to make sure that appropriate safeguards are in place to protect your Personal Information. Our transfers of your personal data outside of the European Union, if any, are safeguarded by data processing agreements (“DPA”) incorporating Standard Contractual Clauses. You may request a copy of the relevant portions of such agreements by contacting us at info@chronicdisease.org. Please include the nature of your request in the subject line.

Questions / Changes in Privacy Notice

If you have any questions about this Privacy Notice, you can contact us:

We may elect to change or amend our Privacy Notice. In such event, we will provide e-mail notification of the changes and post a notice about the changes in our Privacy Notice on the Site. Changes will become effective on the date posted. If you are concerned about how your Personal Information is used, please visit our Site often for this and other important announcements and updates.