Overview and Contact Information
The American Orthopaedic Foot & Ankle Society (AOFAS) is a medical specialty society comprised of more than 2,300 orthopaedic specialists who specialize in the care of patients with injuries, diseases, and other conditions of the foot and ankle. AOFAS
and control, including without limitation, personal data of individuals within the European Union (EU) and the European Economic Area (EEA). For residents of the EU or the EEA, we are the controller of the processing of your data and our processes
relating to your personal data are governed by the General Data Protection Regulation (GDPR).
If you have questions or require further information, please contact the AOFAS Executive Office at:
9400 W. Higgins Road
Rosemont, Illinois 60018
847-698-4654 (Outside US)
In general AOFAS does the following with respect to personal data:
Collects, uses and stores the minimum amount of personal data that is necessary for one or more legitimate business purposes and to comply with legal obligations.
Limits who has access to the personal data in our possession to only those who need it for a legitimate business purpose.
Protects personal data through security measures tailored to the sensitivity of the personal data we hold.
Communicates with our employees, customers, suppliers, business partners and others about how we intend to use personal data in our day-to-day operations.
Takes reasonable steps to ensure personal data is accurate and up-to-date.
Integrates privacy in the design of our activities that involve the use of personal data.
For residents of the EU or the EEA, we are the controller of the processing of your data and our processes relating to your personal data are governed by the General Data Protection Regulation ("GDPR"). If you have any questions or inquiries,
contact us at firstname.lastname@example.org.
Types of personal data we collect and why
Membership accounts on our website: name, email address, medical certification designations, mailing address, city, state, postal code, historical account information, country of residence, professional affiliations, certification
number and year of certification, memberships or fellowship information that verify applications for membership.
Registration to events, courses, conferences and the annual meeting: Professional status, name, affiliation, contact details, accommodation preferences, and payment details.
Physician Resource Center: name, email address, membership level, activity log, exam results, and purchases.
Contact Us form: name, address, email address, phone, and information provided in the message.
Marketing activities: name, email address, and information about the interaction with our communications (such as IP addresses, email open and click-through data). We may also send surveys and collect responses to these surveys
that include demographic and professional/practice information.
Comment boards: username, any information provided in the comments.
Publications: name, email or delivery address, payment information.
Donations and Sponsorships: name, tax ID, payment information.
Information collected automatically: There is other information that we collect automatically when you visit our site using cookies or similar technologies such as your IP address, mouse activity, browser type, access times, and
page views. We use Google Analytics: https://support.google.com/analytics/answer/6004245?hl=en. See our Cookies Notice for more information on AOFAS.org.
Annual Meeting Lead Retrieval: name, email address, mailing address, badge scanning activity.
Our policy towards children
We do not knowingly collect personal data from children. We may incidentally process personal data of children, for instance where participants to our events travel with family. If a parent or guardian becomes aware that his or her child
has provided us with personal data without their consent, please contact us. If we become aware that a child has registered for our services and has provided us with personal data without the consent of their parent or guardian, we will delete such
information from our files.
Disclosures to Third Parties
At times, AOFAS engages third party contractors, service providers, and other vendors to help us accomplish our business objectives. There are other circumstances where we are required by law to disclose personal data to third parties such as public bodies
or judicial authorities. We engage with our agents, representatives, contractors, service providers or other third parties for the following services:
Website hosting (based in the United States),
authorization of credit card transactions (based in the US),
order fulfillment (based in the US);
cloud storage (based in the US);
broadcast emails (based in the US);
online surveys (based in the US)
software for conference registration, abstract submissions, and mobile applications;
mailing services for AOFAS journals, publications, and promotional pieces;
Learning Management System (Physicians Resource Center);
Exhibitor Lead Retrieval
Notwithstanding the foregoing, AOFAS may disclose personal data when it has a good-faith belief that such disclosures is necessary to: (a) comply with law; (b) protect and/or defend AOFAS’s rights or property (including without limitation intellectual
property); (c) enforce AOFAS’s Legal Notice; or (d) protect the interests of other users.
In addition to the above, AOFAS may be compelled to provide personal data to governmental authorities. Such compelled disclosures include a court order, subpoena, or to cooperate with a law enforcement investigation. AOFAS reserves the right
to report to law enforcement agencies any activities that we believe in good faith to be unlawful.
Legal basis for personal data collection and use
AOFAS is committed to processing personal data of users in the EU or EEA lawfully and to facilitating the exercise of such rights grants granted by GDPR. You may contact us at email@example.com to discuss your privacy
AOFAS only collects and uses personal data of EU or EEA residents when there is a fair and legal basis and/or when you have consented to our collection or use of such personal data. For example, we collect personal data necessary to become a member of
AOFAS or for the legitimate interest of sending marketing materials. More specifically:
Membership accounts on our website: Collection is based on the necessity to enter into, or for the performance of, a contract between you and AOFAS to be a member and AOFAS legitimate interest in providing membership services;
Registration to events, courses, conferences and the annual meeting: Collection is based on the necessity to enter into, or for the performance of, a contract between you and AOFAS to attend the events or courses and AOFAS's legitimate
interest in providing event-related services to all attendees;
Physician Resource Center: Collection is based on the necessity to enter into, and for the performance of, a contact between you and AOFAS to view content located within the learning management system and provide educational resources
for all participants;
Contact Us form: Collection is based on consent;
Marketing activities: Collection is allowed where you provide consent for email marketing, and collection for marketing conducted other than through email or phone call is based on our legitimate interests;
Comment boards: Collection is based on consent;
Publications: Collection is necessary to perform a contract between you and AOFAS for your subscription and AOFAS's legitimate interest in the publication and distribution process;
Donations and Sponsorships: Collection is necessary to perform a contract between you and AOFAS to effectuate the contribution and AOFAS's legitimate interest in facilitating donations and sponsorship programs;
Information collected automatically: Collection is allowed where you have given AOFAS your consent;
Lead retrieval: Collection is allowed where you have given AOFAS your consent.
What rights you have over your personal data
Under the GDPR, you have the following rights:
Transparency and the right to information: We provide notice to all of our members, website users and other third parties who interact with us about how we use personal data in our day-to-day activities at the time of collecting
Right to access, rectification, restriction of processing, erasure, and data portability: If you are based in the EU or EEA, we provide you with access to your own personal data. In addition, for EU or EEA residents, when requested
in writing by you, we will rectify any errors in your personal data when it is incorrect or inaccurate, and we will ensure the right to erasure, portability and to restriction of processing when these rights are not incompatible with other
Right to object and withdraw consent at any time: For all marketing materials, you can opt-out anytime, and free of charge. The right to object for other processing activities will be balanced to ensure that it is not incompatible
with local regulations or our legitimate interests.
These requests should be submitted as follows:
Opt-out of marketing communications: You can exercise your right to object and opt-out anytime by following the opt-out instructions in our commercial emails or contacting us at firstname.lastname@example.org.
You will still continue to receive emails relevant to course registrations or purchases (e.g. registration confirmations or purchase receipts) or necessary to your continued membership in the AOFAS (e.g. dues notices). If you believe that
SPAM has been sent from us, please contact us at email@example.com so that we can investigate and rectify the situation.
To exercise the rest of your rights: You should send a communication in writing to firstname.lastname@example.org. In order to fulfill this request, we may require you provide
us information to validate your identity and specify your request. We will attend to your request in a timely manner within 30 days after receiving your request. If for any reason we need to extend this period of time, we will contact you.
If you are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of the alleged infringement.
International transfers of personal data
If you are located outside the United States and you interact with our website or provide us personal data, then your personal data may be transferred to the United States.
We transfer your personal data to the United States whenever you interact with us. The US has not sought, nor obtained adequacy status from the European Union. The EU-US Privacy Shield framework obtained an adequacy decision. The level of protection of
your personal data is not deemed equivalent to the one in the EU, unless the receiving organization is self-certified under the EU-US Privacy Shield. As a not-for-profit organization, we are not able to adhere to the EU-US Privacy Shield Principles.
Article 49 of the GDPR permits AOFAS to transfer your personal data on the basis of the following derogations:
Explicit consent is obtained for transfers related to responding to requests to contact us, email marketing campaigns, exhibitor lead retrieval, online surveys, and information automatically collected,
Transfers are necessary to perform a contract between you and AOFAS to provide membership accounts and services, event registration, publication subscriptions, effectuation donations and sponsorships, and education content in
the Physician Resource Center,
Transfers for non-email marketing purposes, membership services, and event administration are for AOFAS's legitimate interests as a US-based operation.
As for safeguards to your personal data, we directly apply the GDPR provisions to your personal data. As a matter of principle, we do not engage in any onward transfers regarding your data, beyond the access that our processors have to your data. We carefully
select our processors.
AOFAS is committed to the security, confidentiality and integrity of your personal data. We take commercially reasonable precautions to keep all information obtained from our online visitors secure against unauthorized access and use and we periodically
review our security measures.
We care about the security of your transactions and apply industry-standard practices of like organizational methods and technologies to safeguard your credit card information. We use high-grade encryption and the secure https protocol to communicate
with your browser software, which mitigates the risk of interception of the credit card information you give us. We also employ several different security techniques to protect your personally identifiable information from unauthorized access by users
inside and outside the organization. The Web servers for AOFAS are in a secure environment, and computer systems are maintained in accordance with industry standards of like organizations to secure information. You should be aware, however, that "perfect
security" does not exist on the Internet, and third parties may unlawfully intercept or access transmissions or private communications. MIME sniffing and clickjacking are prevented on AOFAS.org. Credit card data is securely passed to our payment processor.
Security certificates are SSL with 256-bit encryption.
AOFAS's website contains links to other sites. While AOFAS strives to link only to sites that share our high standards and respect for privacy, AOFAS is not responsible for the privacy practices employed by other sites.
AOFAS MAKES NO CLAIMS, PROMISES OR GUARANTEES ABOUT THE ACCURACY, COMPLETENESS OR ADEQUACY OF THE CONTENTS OF ITS SITE, AND EXPRESSLY DISCLAIMS LIABILITY FOR ERRORS AND OMISSIONS IN THE CONTENTS OF THIS SITE. NO WARRANTY OF ANY KIND, IMPLIED, EXPRESSED
OR STATUTORY, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF NON-INFRINGEMENT, TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND FREEDOM FROM COMPUTER VIRUS, IS GIVEN WITH RESPECT TO THE CONTENTS OF AOFAS'S WEBSITE OR ITS HYPERLINKS TO
OTHER INTERNET RESOURCES. REFERENCE IN AOFAS'S WEBSITE TO ANY SPECIFIC COMMERCIAL PRODUCTS, PROCESSES OR SERVICES, OR THE USE OF ANY TRADE, FIRM OR CORPORATION NAME IS FOR THE INFORMATION AND CONVENIENCE OF THE PUBLIC AND DOES NOT CONSTITUTE ENDORSEMENT
OR RECOMMENDATION BY AOFAS.
How long we retain your personal data
AOFAS applies the storage limitation principle in order to retain personal data in our records only for the length of time required to fulfill the purpose for which the data was collected. We only keep personal data in our records as long as they are
necessary for the purposes they have been processed. The retention period depends on the context in which we process data and on specific circumstances such as regulations requiring retaining information for a certain period of time. These circumstances
may include local laws, the reasonably anticipated future business needs for the data, the benefit to the user to have the data available, legal requirements to hold the data, or similar circumstances.
AOFAS keeps contact form entries and analytics records. Member invoice data is retained indefinitely as part of your member record. We store member data provided in user profiles. All users can view, edit, or delete their personal information at any time
by logging in to the website. Website administrators and membership staff can also see and edit that information.
If you leave a comment on the AOFAS website, the comment and its metadata are retained indefinitely, unless you delete it. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
date it was revised.
Last Updated: May 9, 2019