International Medical Interpreters Association, Inc.
Data Privacy Policy

Version: November 2022

This Data Privacy Policy sets out how and to what extent International Medical Interpreters, Inc. and our affiliates (collectively, "IMIA," "us," "our," or "we") collect and use information from customers and other individuals who access or use our websites, including https://www.imiaweb.org, any related mobile applications, and/or any of our other sites, products, or services that link to this Privacy Policy (the "Services"). By accessing our website and/or using our Services, you understand and acknowledge that we may collect certain information from you. The purpose of this Privacy Policy is to openly and transparently explain and provide you with notice regarding whether and/or how we may use the information provided by or otherwise collected from you.

If you or your organization have one or more separate agreements with us, the terms and conditions of such agreement(s) may have privacy terms that also apply to information that you provide to us, and which may be different or more restrictive than the terms in this Privacy Policy.

This Privacy Policy does not apply to any third-party websites and other applications that you may use, including any that are linked to our website or otherwise related to our Services. You should review the terms and policies for third-party websites and apps before clicking on any links.

We may occasionally update or revise this Data Privacy Policy statement without advance notice. Therefore, we recommend that you check back periodically for any updates. Any questions regarding our Policy can be directed to us by means of the contact information provided in Section 11. If you do not agree with the terms of this Privacy Policy, please do not access the site.

SECTION 1: How We Collect Information

We may collect certain limited information about visitors to our website and users of our Services, potentially but without limitation including their locations and devices they use, in order to provide and improve our Services and to support our related advertising and marketing.

We collect certain information directly from you, such as when you fill out forms with a name or email address. We may collect other information automatically (usually about devices, browsers, or locations). We may also collect information about you from other sources, such as if we purchase a list of contact information of people who may be interested in our Services.

You have choices about whether you visit and use our sites or provide information to us. However, if you do not provide us with certain requested information, you may not be able to access and fully use some parts of our website or Services. For choices you may have, please see Section 5 of this Privacy Policy.

Information We Collect from You. You have the option - but no obligation - to provide us with information about yourself when you:

  • Register or log in to your account
  • Create or edit your user profile
  • Contact us through our website to obtain quotes or Services
  • Contact us through our website to inquire about employment
  • Contact customer support

Examples of the information you may provide are: name, email address, mailing address, phone number, and professional credentials or other typical resume/employment-related information.

Information We Collect Automatically.
We automatically collect information from you and your devices when you use our Services, even when you visit our sites or apps without logging in. For choices you may have on what information we automatically collect either actively or automatically, please see Section 5 of this Privacy Policy.

The information we may automatically collect includes:

Device, Usage Information, and Transactional Data about how you use our Services and the computers or other devices, such as mobile phones or tablets which you use to access our Services. Examples may include your IP address, precise geolocation information that you allow our apps to access (usually from your mobile device), unique device identifiers and device attributes, like operating system and browser type, usage data, such as web log data, referring and exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used our Services, the frequency of your use of our Services, error logs, and other similar information.

At IMIA, our only purpose for the automatic accessing and collecting transactional data is for assisting us to provide our clients and site visitors with the best possible user and Service experience, including maximizing our response and resolution times for resolving potential site and/or user issues. We have tried to reach a reasonable balance between the period of time that we maintain user activity logs and other data for the foregoing purposes, versus offering the maximum privacy afforded by either not collecting the information, or by deleting such information as quickly as prudent business practices and applicable laws allow.

We may use cookies, which are text files containing small amounts of information that are downloaded on your device ("Cookies"), or related technologies, such as web beacons, local shared objects and tracking pixels to store or collect information. We also allow others to use Cookies within the Services as described below. Cookies can store your preferences, your username, and help tailor advertisements.

Tailored Advertising/Ads for Other Products & Services.
Third parties whose products or services are marketed on our Services may place or read from Cookies on your computer or other device to collect information. They do this to: (a) Tailor and serve advertising based on information like past visits to our Services and other sites; and (b) To report the number of ads served and the responses to those ads.

Ads for our Products and Services.
We may also use third party services to serve tailored ads about our products and Services to you on our sites. We allow these third parties to use and access their own cookies on your computer or other device(s) you use to access our Services. We do not have access to these cookies or related technologies, and this Privacy Policy does not govern the use of those cookies and related technologies. For choices you have on cookies and related technologies, please see Section 5 of this Policy.

Information We Collect from Other Sources.
We may collect information about you from others, such as: (a) Third-Party Sources. Examples of third-party sources include marketers, partners, researchers, our affiliates, and others in instances where they are legally permitted to share your information with us. For example, if you register for our Services on another website, the website may provide your information to us; (b) Combining Information from Different Sources. We may combine the information we receive from other sources with information we collect from you (or your device) and use it as described in this Privacy Policy.

SECTION 2: Use of Information

In general, we collect, use and store or process your information solely in order to provide and improve our Services, to assist us with developing new services, and/or to market our services. Here are some examples of how we use the information we process:

  • Provide you with the services and/or products you request, and collect related fees;
  • Send you records of our relationship, including for purchases or other events;
  • Market features, products, or special events or send you marketing communications about third party products and services we think may be of interest to you;
  • Choose and deliver content and tailored advertising;
  • Create and review data about our users and how they use our Services;
  • Test changes in our Services and develop new features and products;
  • Fix problems you may have with our Services, including answering support questions and resolving disputes;
  • Prevent, investigate and respond to fraud, unauthorized access to or use of our Services, breaches of terms and policies, or other wrongful behavior; and
  • Meet legal retention periods.
Other Uses.
We may combine the information we collect ("aggregate") or remove pieces of information ("de-identify") to limit or prevent identification of any particular user or device to help with goals like research and marketing. This Privacy Policy does not apply to our use of such aggregated or de-identified information.

Lawful Basis for Processing Your Information.
If European data protection law applies and IMIA acts as a controller, our lawful basis for collecting and using the information described in this Privacy Policy will depend on the information concerned and the specific context in which we collect or use it.

We normally collect or use information from you or others only where we have your consent to do so, where we need the information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may have a legal obligation to collect or retain personal information or may need the personal information to protect your vital interests or those of another person. For example, when we:

  • Use information to create and manage an account, we need it in order to provide relevant services;
  • Use names and email addresses for email marketing purposes, we do so with your consent (which you are permitted to revoke at any time); and
  • Gather usage data and analyze it to improve our Services, we do so based on our legitimate interest in safeguarding and improving our Services.

If you have additional questions or need further information concerning the lawful basis on which we collect and use your personal information, please contact us using the contact details provided in Section 11.

SECTION 3: Information Sharing

We do not rent, sell, or share your information with third parties except as described in this Privacy Policy.

We share information as follows:

Service Providers.
We share your information with other companies we use to support our Services. These companies provide services like search technology, advertising, authentication systems, bill collection, fraud detection, and customer support. We request our service providers to abide by the terms and conditions of this Privacy Policy, and except as expressly permitted and set forth in this policy, we do not permit our service providers to use your personal information for their other/outside purposes.

Affiliates.
We may share your information with other companies under common ownership or control with IMIA. These companies may only use your information as described in this Privacy Policy.

Safety, Security, and Compliance with Law.
We may share your information to comply with applicable law, or to respond to legal process (like a subpoena). We also may share your information when there are threats to the physical safety of any person, violations of this Privacy Policy or other agreements, or to protect the legal rights of third parties, including our employees, users, or the public.

Business Transactions.
We may share your information during a corporate transaction like a merger, or sale of our assets. If a corporate transaction occurs, we will provide notification of any changes to control of your information, as well as choices you may have.

Consent.
We may share your information in other ways if you have asked us to do so or have given consent. For example, with your prior consent, we may post user testimonials that may identify you.

SECTION 4: Retention of Information

We keep your personal information for no longer than we deem reasonably necessary or prudent for the purposes for which that information is collected. The length of time for which we retain information depends on the known or reasonably anticipated collection purposes and uses and/or as required for compliance with applicable laws. Where there are technical limitations that prevent deletion or anonymization, we use both internal policy measures and commercially reasonable technical protocols to both safeguard personal data and limit or prevent the unauthorized access and/or use of that data.

See Section 5 for choices about storage of your information.

SECTION 5: Your Choices

This section describes many of the actions you can take to change or limit the collection or use of your information.

Profile.
You are not required to fill out a profile. If you do, you can access and review this information. If any information is inaccurate or incomplete, you can make changes in your account settings.

Marketing Messages.
You can opt out of email marketing messages we send. You can opt out of these messages by clicking on the "unsubscribe" link in the email message. Please note that we may send you one message to confirm you want to opt out. If you are a registered user of our Services, or if you have engaged in transactions with us, we may continue to send transactional or relationship messages (e.g., signing notifications or account notifications) after you opt out of marketing messages. To opt out of any notifications that do not include an embedded "unsubscribe" function, please contact us using the information provided in Section 11.

Cookies and Other Related Technology.
You can choose to decline cookies through your browser settings. However, if you decline cookies, you may not be able to use some parts of our Services.

While we use reasonable efforts to comply with our users' wishes, our system may not recognize or respond to browser-initiated Do Not Track signals.

Device and Usage Information.
If you do not want us to see your device location, you can turn off location sharing on your device, change your device privacy settings, or decline to share location on your browser.

Closing Your Account.
If you wish to close your account, please contact us, or go to your account settings.

Complaints.
We are committed to resolving valid complaints about your privacy and our collection or use of your personal data. For questions or complaints regarding our data use practices or Privacy Policy, please contact us using the email address listed in Section 11. If you are in Switzerland or the European Economic Area ("EEA"), please also refer to Section 8 of this Privacy Policy.

SECTION 6: Children's Privacy

Our website and Services are not designed for and are not marketed to people under the age of 18 ("minors"). We do not knowingly collect or ask for information from minors. We do not knowingly allow minors to use our Services without a parent, guardian or other legally responsible adult. If you are a minor, please do not use our Services or send us your information. We delete information that we learn is collected from a minor without appropriate parental/adult consent. Please contact us if you believe we might have information from or about a minor.

SECTION 7: California Residents' Privacy

If you are a California resident, you may ask for a list of third parties that have received your information for direct marketing purposes during the previous calendar year. This list also contains the types of information shared. We provide this list at no cost. We do not share your information with third parties for their own marketing purposes.

SECTION 8: Users From Outside the United States

Acknowledge that your information will be processed as described in this Privacy Policy, and consent to having your information transferred to our affiliates and facilities, in the United States or elsewhere, and to the facilities of those third parties with whom we share it as described in this Privacy Policy.

If you are in Switzerland or the European Economic Area (EEA), you may have additional rights under data protection law, expressly but without limitation including such rights as are set forth in the Data Protection Attachment (DPA) appended to this Privacy Policy and made a part hereof by reference.

Transfers to the U.S. and Third Countries.
If you are in Switzerland or the European Economic Area ("EEA"), you understand and acknowledge that we may transfer your personal data outside of Switzerland and the EEA for processing. IMIA has adopted Binding Corporate Rules to facilitate the transfer of personal data from the EEA to IMIA outside of the EEA. You may view our Binding Corporate Rules upon request, using the contact information provided at Section 11.

Other Rights:
You can access and review information associated with your account at any time. You also can request the following information: (a) How we collect and use your information and why; (b) The categories of personal data involved; (c) The categories of recipients of your personal data; (d) How we received your personal data; and (d) How long we use or store your personal data or the manner in which we determine relevant retention periods.

You also have a right to correct your personal data. In certain situations, you can ask that we erase or stop using your information (and object to use of your personal data) or export your data. Where we rely on your consent to process your personal data, you have the right to decline consent and/or if provided, to withdraw consent at any time. This will not affect the lawfulness of processing prior to the withdrawal of your consent. At any time, you can request that we stop using your information for direct marketing purposes. See Section 5 of our Privacy Policy for more information on your choices.

You have a right to provide us with guidance on the use, storage, and deletion of your personal data after your death. You have a right to raise questions or complaints with your local data protection authority at any time. If you wish to exercise these rights, please contact us via the information set forth below.

SECTION 9: How We Protect Your Information

To keep your information safe, we use physical, electronic, and managerial tools. We apply these tools based on the sensitivity of the information we collect, use, and store, and the current state of technology. Although we take steps to prevent unauthorized access to or use of personal information, the Internet and our Services are not 100% secure. For this reason, we are not able to guarantee that information we collect or store will always be protected from unauthorized access, or that it will only be used as described in this Privacy Policy. For this reason, we have endeavored to maintain a policy of maintaining our User information and log data for the minimum reasonable period we feel is prudent for the maximum benefit of the stated purposes defined in Section 2.

SECTION 10: Changes to This Policy

We may amend this Privacy Policy to reflect changes in the law, our companies, our Services, our data collection use and practices, or advances in technology. Our use of the information we collect is subject to the Privacy Policy in effect at the time such information is used. Depending on the type of change, we may notify you of the change by posting on this page or by email. Please carefully review any changes made to this Privacy Policy.

SECTION 11: How to Contact Us

For questions or complaints regarding our use of your information or Privacy Policy, or other related requests as set forth in this Policy, please contact us at info@imiaweb.org, or by post at:

International Medical Interpreting Services, Inc.
C/O Litman, Gerson Associates, LLP
500 W. Cummings Park, #5650
Woburn, MA 01801
Attn: IMIA Data Privacy Officer

FOR SWITZERLAND AND EUROPEAN ECONOMIC AREA (EEA) USERS:
DATA PROTECTION ATTACHMENT

Version: November 2022

This Data Protection Attachment ("DPA") is incorporated into and made part of the IMIA Data Privacy Policy, and governs the Processing of Personal Data by IMIA as a Processor on behalf of Customer or Customer Affiliates, as applicable. Unless otherwise defined in this DPA, capitalized terms will have the meaning given to them in the Privacy Policy.

SECTION 1: Definitions

General.
The terms "Personal Data," "Process/Processing," "Controller," "Processor," Subprocessor," and "Data Subject" have the meanings ascribed to them under the General Data Protection Regulation; provided that the term "Personal Data" as used herein only applies to Personal Data for which IMIA is a Processor.

"EEA" means the European Economic Area.

"General Data Protection Regulation" or "the GDPR" means Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as amended.

"Processor Privacy Code" or "Processor Code" means IMIA's processor binding corporate rules for the Processing of Personal Data, the most current version of which is available upon IMIA's website or otherwise upon request.

SECTION 2: Data Processing and Protection of Personal Data

2.1 Scope of Data Processing.
Subject to IMIA's corporate policies regarding the retention of User data and applicable law, the maximum duration of the Processing of Personal Data will be the same as the duration of the Privacy Policy, except as otherwise agreed to in writing by the parties. The subject matter of the Processing of Personal Data is set out in the Privacy Policy and this DPA. The nature and purpose of the Processing of Personal Data involve the provision of IMIA Services service to the Customer, as set out in the Privacy Policy and this DPA.

2.2 Data Processing Limitations.
With respect to Personal Data Processed by IMIA or an IMIA Affiliate as a Processor on behalf of Customer or Customer Affiliate or as a Subprocessor where Customer Processes such Personal Data on behalf of its customers (or both), IMIA will: (a) Process Personal Data only as necessary to provide the Services in accordance with the terms of the Privacy Policy or as instructed by Customer in writing, including in electronic form, and consistent with the terms of the Agreement; and (b) Not disclose Personal Data to third parties except: (i) To employees, service providers, or advisers who have a need to know the Personal Data and are under confidentiality obligations at least as restrictive as those described under this DPA; or (ii) As required to comply with valid legal process in accordance with the terms of the Privacy Policy. If IMIA has reason to believe Customer's instructions infringe the GDPR or other EEA data protection provisions, then IMIA will immediately notify the Customer.

2.3 Assistance to Customer and Regulatory Investigation.
Upon written request, IMIA will provide reasonable assistance and information to Customer in fulfilling any legal obligations that Customer may have under the GDPR regarding data protection impact assessments, data and systems inventory, records of Processing, and related consultations of data protection authorities, or in the event of an investigation by any governmental authorities, if and to the extent that such investigation relates to Personal Data Processed by IMIA in accordance with the Agreement. Such assistance will be at Customer's sole expense, except where such an investigation was required due to IMIA's failure to act in accordance with the Agreement.

2.4 Transfers of Personal Data from EEA.

In providing the IMIA Services, IMIA may transfer and access Personal Data to and from other countries where IMIA has operations or Subprocessors, or as otherwise required by applicable law. IMIA's Data Privacy Policy and the additional terms in this Section 2.4 will apply to IMIA's Processing of Personal Data on Customer's behalf as a data processor, where such Personal Data is: (a) Subject to any restriction under the GDPR or other applicable EEA data protection laws regarding outbound transfers of Personal Data; and (b) Processed by IMIA in a country outside of the EEA. The most current version of the Data Privacy Code is available on IMIA's website, currently located at http://www.language-link.com, and the terms of the Data Privacy Policy are incorporated by reference into this DPA. Capitalized terms used but not defined in this Section 2.4 have the meanings set forth in the Data Privacy Policy. IMIA will make commercially reasonable efforts to maintain the EU authorization of its Privacy Policy for the duration of the Agreement and will promptly notify Customer of any subsequent material changes in the EU authorization thereof. IMIA will at all times remain solely liable to Customer or Customer Affiliate for IMIA's obligations (and those of its Affiliates, if any) under this DPA, and in no event will any other IMIA Affiliate owe liability to Customer or Customer Affiliate under this DPA, except where and to the extent required by applicable law.

SECTION 3: Customer Responsibilities

By accessing our site, users acknowledge and accept the responsibility for properly implementing access and use controls and configuring certain features and functionalities of IMIA Services that they may elect to use, in such manner that the user in each case deems adequate to maintain appropriate security, protection, deletion, and backup of their Personal Data. IMIA will be entitled to rely solely on the user/Customer or the Customer Affiliate's instructions relating to any Personal Data Processed by IMIA. The Customer is responsible for coordinating all communication with IMIA under this DPA, including, without limitation, any communication in relation to this DPA on behalf of any applicable IMIA Affiliates.

SECTION 4: Information Security

IMIA will safeguard Personal Data with appropriate technical, physical, and organizational measures as described more fully in the Data Privacy Policy. The parties agree that the audit reports and audit rights provided under the Data Privacy Policy will be used to satisfy any audit or inspection requests by or on behalf of Customer and to demonstrate compliance with applicable obligations of IMIA under this DPA.

SECTION 5: Personal Data Breach

IMIA will notify the Customer without undue delay if IMIA becomes aware of a Personal Data Breach affecting the Personal Data. Taking into account the nature of Processing and the information available to IMIA, IMIA will assist the Customer at the Customer's request and expense in complying with the Customer's notification obligations regarding Personal Data Breaches as required by the GDPR.

SECTION 6: Data Privacy Contact

IMIA's data privacy officer can be reached at the following address:

International Medical Interpreting Services, Inc.
C/O Litman, Gerson Associates, LLP
500 W. Cummings Park, #5650
Woburn, MA 01801
Attn: IMIA Data Privacy Officer

SECTION 7: Data Subjection Rights; Access, Correction, Restriction and Deletion

We will use best commercially reasonable efforts to provide the site functionality reasonably required to provide Customers/site users with appropriate technical measures to access, correct, amend, restrict, or delete Personal Data that we collect, and to address requests by a Data Subject under the GDPR.

SECTION 8: Subprocessors

IMIA may engage Subprocessors to provide certain services, subject to the restrictions of the Data Privacy Policy and this DPA. IMIA will ensure that Subprocessors Process Personal Data only in accordance with the terms of this DPA and that Subprocessors provide at least the level of data protection required by this DPA. A user may object to IMIA's appointment or use of a Subprocessor by giving written notice to IMIA, and if within thirty (30) days of IMIA's receipt of said objection, IMIA fails to provide a commercially reasonable alternative to avoid the Processing of Personal Data by the appointed Subprocessor, the use may, as its sole and exclusive remedy, terminate any IMIA services to which this DPA applies.

SECTION 9: Return or Disposal

Prior to termination or expiration of the Agreement for any reason, a user may retrieve Personal Data collected by IMIA in accordance with the terms of the Agreement, and at the user's request provided in writing to IMIA, IMIA will promptly return or (at IMIA's sole discretion), confirm in writing the deletion of said Personal Data, expressly excluding any instance where IMIA reasonably believes that the continuing storage of all or any part of said data is required by applicable law.