Privacy & Cookies Statement
This Privacy & Cookies Statement explains how The Joint Commission, The Joint Commission Resources, Inc. (JCR) with its division Joint Commission International, (collectively, “The Joint Commission,”) (with contact details below) collects, uses, shares, and otherwise processes individually identifiable data obtained about visitors to our website, as well as contact persons for our customers, distributors, sales representatives, end users, and suppliers (“Personal Information”). This Privacy & Cookies Statement pertains to Personal Information that we collect through our public websites, mobile applications, and other online properties (each, a “Site”) as well as through trade shows and offline means.
Summary of Key Points
|Collection||As a business to business (“B2B”) organization, we collect names, business contact details, and other Personal Information related to our commercial relationships.|
|Use||We use Personal Information to perform transactions and respond to inquiries, to manage accounts and maintain business operations, to provide relevant marketing, and to fulfill other business and compliance purposes.|
|Sharing||We share Personal Information as necessary to perform transactions and respond to requests, for our own administration and management, and to fulfill other business and compliance purposes.|
|Marketing choices||You have control on how we use Personal Information for marketing.|
|Data subject rights||You have certain rights to request access, rectification, deletion, objection, or other actions regarding your Personal Information where required by applicable law.|
|Data security||We maintain technical and organizational measures to protect Personal Information from loss, misuse, alteration, or unintentional destruction of Personal Data.|
|Cross-border data transfers||We provide appropriate protections for cross-border transfers where specified by law.|
|Other issues||We provide other information in this Privacy & Cookies Statement about: (i) the legal basis for our collection and processing of Personal Information, (ii) the consequences for not providing Personal Information, (iii) automated decision-making, (iv) do-not-track (DNT) signals, (v) data retention, (vi) links to third party websites, (vii) employee and contractor issues; and (viii) changes to this Privacy & Cookies Statement.|
|Contact us||Please contact us as detailed below with any questions.|
Collection of Personal Information
We collect the following categories of Personal Information about Site visitors, customers, distributors, sales representatives, end users, and suppliers:
|Basic data: Name, title, company, job responsibilities, phone number, mailing address, email address, and contact details.||Compliance data: Government identifiers, passports, beneficial ownership data, and due diligence data.|
|Registration data: Newsletter requests, subscriptions, downloads, and username/passwords.||Job applicant data: Data provided by job applicants or others on our Sites or offline means in connection with employment opportunities.|
Transaction data: Transaction history, payment details, and performance data.
Marketing data: Data about individual participation in marketing campaigns including webinars, trade shows and conferences, credentials, associations, product interests, and preferences.
|Device data: Computer Internet Protocol (IP) address, unique device identifier (UDID), cookies and other data linked to a device, and data about usage of our Sites (Usage Data). Note, however, we do not consider Device Data to be Personal Information except where we link it to you as individual or where applicable law provides otherwise.|
Specific Collection Points of Personal Information
When you visit our site, we may ask you for any of the above information. We may also ask you to create a password for your account and to provide demographic data in certain circumstances as described below. The specific areas where Personal Information is collected includes:
- Websites: There are places on each of the following Sites where information is collected when you sign up to received information about the services and products.
- Webstore: Each individual who creates a webstore account to become a registered customer and purchase products or services will have a username and password. For reasons of security and privacy, as a user, you are responsible for not sharing your username and password. As a registered customer you can purchase products and/or services, access your web order history and reorder, create and maintain your own address book, manage a wish list that you can send to friends, setup reminders, request e-mail announcements, view saved orders and expedite your checkout process. We will capture and retain email address, name, accredited organization affiliation, professional title (optional), company (optional), country, billing address, shipping address and phone number to accurately process your order.
- E-mail alerts/Newsletters and Journals: You can sign up to receive e-mail alerts, newsletters or journals. We capture and retain name, organization and e-mail address to provide the information you specifically request.
- Public Comment on Standards/Measures: Periodically, The Joint Commission seeks public comment on draft standards, performance measures or other matters. This is usually accomplished through the use of an electronic survey tool. In order to validate the comment, The Joint Commission requests some demographic information in the survey. Completion of this section is optional to you. Should you submit the requested demographic data this information will be retained until no longer necessary for the purpose of the study.
- Registration to the Joint Commission Connect or JCI Direct Connect Extranets: Each individual who registers to use the Joint Commission Connect will have a username and password. For reasons of security and privacy, as a user, you are responsible for not sharing your username and password. For additional information about Joint Commission Connect see Log In Help.
- Blogs/News and Discussion Boards: If you sign-up to participate on blogs and discussion boards, we capture name and e-mail address to allow posting of comments to the Site.
- Speakers Bureau Form: By completing the electronic form to retain a Joint Commission speaker, you provide name, e-mail address, city, state, zip and phone. This information is captured and retained for securing Joint Commission Speakers.
- Events/Podcasts/Audio-conferences: If you chose to sign-up for any event, podcast or audio-conference, we may capture and retain the name, business title, business company, phone number, state and e-mail address for registration.
- Business Development: If you complete a form requesting additional information about an accreditation or certification program, we capture and retain the name of the individual, the organization, the e-mail address and demographic data for the purpose of responding to your questions on accreditation and/or certification. This information is not shared outside The Joint Commission.
- Tools and online applications: There are tools (TST® and Oro® 2.0) whether provided for purchase or at no additional cost are available to accredited organizations where user’s name, password and email address are collected for the purpose of facilitating your use of the tool. There are application specific privacy statements available on each. JCR has several online applications available for purchase (Tracers with AMP®, ECM® Plus, CMSAccess®, and E-dition®) each which collect first name and last name, username, password and email addresses for the purposes of facilitating use of the tool, and to provide system/tool status updates.
We may use your Personal Information to provide you with information of interest and other marketing communications via email. You may opt-out of receiving such marketing communications at any time through the use of the subscription center or by completing the unsubscribe form or by responding to the instructions in any marketing communication.
- Other sources – Personal information may be obtained from other sources, such as publicly available databases, or information purchased from personal information aggregators or through the provision of services to you.
Use of Personal Information
The purposes for which we use Personal Information which is collected as identified above include:
- To perform transactions and respond to inquiries we use basic data, registration data, transaction data, and device data.
- To manage accounts and maintain business operations we use basic data, registration data, transaction data, and device data.
- To make our Sites more intuitive and easy to use we use device data.
- To protect the security and effective functioning of our Sites and information technology systems we use basic data, registration data, transaction data, and device data.
- To provide relevant marketing we use marketing data, basic data, registration data, transaction data, and device data, some of which is obtain through publicly available sources.
- To provide customers with updates, reminders, or other information about products and services that they have ordered or that may interest them we use marketing data, basic data, registration data, transaction data, and device data.
- To address compliance and legal obligations we use compliance data, basic data, registration data, transaction data, and device data.
- To protect us and our customers from fraudulent transactions and investigate inappropriate or unauthorized use of The Join Commission Enterprise services, products, accounts, intellectual services or other assets we use compliance data, basic data, registration data, transaction data, and device data.
- To consider individuals for employment and contractor opportunities and manage on-boarding procedures we use job applicant data and compliance data.
- Where needed for corporate audits or to investigate or respond to a complaint or security threat we use compliance data, basic data, registration data, transaction data, and device data.
Sharing of Personal Information
We share Personal Information with the following categories of recipients:
- Employees and Affiliates: We share Personal Information with our employees and within the Company group of affiliated companies as necessary for the purposes identified above. The list of affiliates within the Company group includes; The Joint Commission, and Joint Commission Resources, Inc. (JCR) with its division Joint Commission International (JCI), (with contact details for each provided below).
- Distributors and sales representatives: We share Personal Information with distributors and sales representatives in order to: perform transactions and respond to inquiries; manage accounts and maintain our business operations; provide relevant marketing; and address compliance and legal obligations.
- Suppliers and service providers: We share Personal Information with suppliers and service providers to enable such parties to perform functions on our behalf and under our instructions in order to carry out the purposes identified above. We require such parties by contract to provide reasonable security for Personal Data and to use and process such Personal Information on our behalf only.
- Auditors, advisors, and financial institutions: We share Personal Information with auditors for the performance of audit functions, with advisors for the provision of legal and other advice, and with financial institutions in connection with payment and other transactions.
- Mandatory disclosures and legal claims: We share Personal Information in order to comply with any subpoena, court order or other legal process, or other governmental request. We also share Personal Data to establish or protect our legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims.
- Contractors: We may disclose Personal Information to contractors to help us support our Site or perform other functions on our behalf. We require such parties by contract to only access Personal Information to the extent needed to provide the functions on our behalf, to maintain appropriate security controls to protect the data, and to use the data for the purposes specified in the agreement.
We do not sell your Personal Information for purposes of allowing others to use such information for their own marketing purposes. If you have questions about the parties with which we share Personal Information, please contact us as specified below.
De-Identified Aggregate Data
We may also use the information you provide in a de-identified format as to both individual and organization, for research, quality improvement, or benchmarking purposes, and may provide this information in the aggregate to third parties. For example we might inform other users regarding the number of users to the Site.
You have control regarding our use of Personal Information for directing marketing. If you no longer wish to receive any marketing communications, remain on a mailing list to which you previously subscribed, or receive any other marketing communication, you can choose to not receive such communications at any time. Please follow the unsubscribe link in the relevant communication, or contact us as per below.
Cookies and Tracking
We may collect information about your browser and usage activity on our Site using cookies, trackers, web beacons, scripts and other technologies. In particular, we may obtain: the IP address of the computer you are using; the name of the domain you use to access the Internet (e.g., gmail.com); the date, time and length of your visit, device, browser, and the pages you visited. We use this information in order to present relevant content to a user for both marketing and informational value, to assist with diagnosing and solving problems with our server, and to assist with the administration of our Site.
- Essential Cookies: These are required for the operation of our Sites. They include, for example, cookies that enable you to log into secure areas. These cookies are session cookies that are erased when you close your browser. These cookies and scripts are essential for enabling a user to move around the website and use its basic features, such as accessing secure areas of the website, opening navigation, displaying content.
- Marketing: These improve the functional performance of our Sites and make it easier for you to use. For example, cookies are used to remember that you have previously visited the Sites and asked to remain logged into it. These cookies qualify as persistent cookies, because they remain on your device for us to use during a next visit to our Sites. You can delete these cookies via your browser settings. These cookies and scripts allow for the delivery of advertisements more relevant to visitors and their interests. They may also be used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. Advertising networks usually place them on the page with the website operator’s permission.
- Personalization: These record your visit to our Sites, the pages you have visited and the links you have followed to recognize you as a previous visitor and to track your activity on the Sites and other websites you visit. These cookies qualify as persistent cookies, because they remain on your device for us to use during a next visit to our Sites. You can delete these cookies via your browser settings. See below for further details on how you can control third party targeting cookies. These cookies and scripts allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features.
Control Over Cookies
You can review your internet browser settings, typically under “Help” or “Internet Options” to exercise choices you have for Cookies on your computer or device.
To learn more about certain cookies used for interest based advertising by third parties, including through cross-device tracking, and to exercise certain choices regarding use of such cookies for personalized advertising, please visit the Digital Advertising Alliance, Network Advertising Initiative, Digital Advertising Alliance-Canada, European Interactive Digital Advertising Alliance or your device settings for if you have the DAA or other mobile app. You can also delete all cookies that are already on your computer's hard drive by searching for and deleting files with “cookie” in it. If you disable or delete certain cookies in your Internet browser settings, you might not be able to access or use important functions or features of this Site, and you might be required to re-enter your log-in credentials. More information about cookies and how they work is available at www.allaboutcookies.org.
Data Subject Rights
Where required by applicable law, you have the right to obtain confirmation of the existence of certain Personal Information relating to you, to verify its content, origin, and accuracy, as well as the right to access, review, rectify, obtain a copy, port, delete, or to block, or withdraw consent to the processing of certain Personal Information (without affecting the lawfulness of processing based on consent before its withdrawal), by contacting us as detailed below. Additionally, you have the right to object to our use of Personal Information for direct marketing and in certain other situations at any time. Contact us below for more details. Please note that we need to retain certain Personal Information as required or permitted by applicable law.
We maintain technical and organizational measures in place to protect Personal Information from loss, misuse, alteration or unintentional destruction. Although we make every reasonable attempt to secure your information, there is always some risk in transmitting information across the internet. No security measure can guarantee against compromise. We cannot guarantee that the Personal Information we collect will never be disclosed in some manner not consistent with this Privacy & Cookies Statement. We also cannot protect against any misuse, loss, or alteration of any user-editable content. You also have an important role in in protecting Personal Information. You should not share your username and password with anyone, and you should not re-use passwords across more than one site. If you have any reason to believe that your username or password has been compromised, please contact us as detailed below.
“Phishing” is a common email scam where your email address is used to contact you and ask for personal or sensitive information. Always be cautious when opening links or attachments from unsolicited third parties. Also know that The Joint Commission is committed to keeping credit card and social security information out of emails. So, if you are ever asked for this information, please contact us as detailed below.
Cross-Border Data Transfers
Children Under Age 18
For questions or suggestions regarding anything on this page, please contact us.