THE EDUCATIONAL COMMISSION FOR FOREIGN MEDICAL GRADUATES (“ECFMG”)
Effective Date: June 27, 2018
ECFMG is committed to protecting the privacy and security of your personal information. This ECFMG Privacy Notice (the “Privacy Notice”) describes how we may collect, use and disclose your personal information in connection with the programs and services offered by ECFMG, including any personal information received through third parties acting on your behalf and any personal information collected through ECFMG websites or mobile applications or otherwise.
Acceptance of Privacy Notice
By using ECFMG programs and services, including its websites and mobile applications, you signify your acceptance of this Privacy Notice. If you do not agree to the terms of this Privacy Notice, please do not use ECFMG’s programs and services. Your continued use of ECFMG programs and services following the posting of changes to this Privacy Notice will mean that you accept those changes.
Personal Information We Collect
ECFMG processes personally identifiable information (“PII”) received from a range of sources, including but not limited to medical students/graduates, medical schools, medical licensing authorities, graduate medical education programs, credentialing agencies and other third parties in connection with the programs and services offered by ECFMG. This information may include, but is not limited to, your name, gender, date of birth, e-mail address, postal address, telephone number, credit card or electronic check information, social security or national identification number, citizenship, family status and information related to your employment and medical education, training and registration/licensure.
ECFMG also collects PII from job applicants in connection with completing an application for employment. This information may include, but is not limited to, your name, e-mail address, postal address, telephone number, employment history, and list of references. In general, applicants are required to respond to all of the questions on our application forms. Candidates for employment are not required to provide information regarding ethnicity.
Where provided by you, with your consent as described herein, we may also collect, store and use information considered to be a “special category” of more sensitive personal information. More specifically, certain PII we collect may reveal racial or ethnic origin. This PII may include your citizenship at birth and birth country, your passport, your photograph, and your native language.
ECFMG also collects your IP address and web log data.
Use of and Purposes for Processing Personal Information
ECFMG processes your PII in order to comply with legal and regulatory obligations, contractual obligations, requests by you or on your behalf to provide our programs and services to you, and for other purposes for which ECFMG has a legitimate interest or other lawful basis, including but not limited to: (i) providing ECFMG programs and services for you; (ii) maintaining or administering the programs and services, performing business analyses, or for other internal purposes to improve the quality of our business and the programs and services we offer; (iii) prevention of fraud to protect the public; (iv) communicating with you concerning the programs or services consistent with ECFMG’s obligations to provide these services or otherwise; (v) participating in litigation, investigations, regulatory or governmental enquiries or for other legal or regulatory purposes involving ECFMG applicants who use or have used ECFMG services and programs or other third parties; (vi) research; and (vii) satisfying other legitimate business interests.
If you provide your e-mail address, we may use your e-mail address to send you administrative and promotional e-mails. If you wish to opt out of promotional e-mails, you may do so by following the “unsubscribe” instructions in the e-mail.
Disclosure of Personal Information
ECFMG will not sell, rent, license, or trade your PII with third parties for their own direct marketing use.
ECFMG will share certain PII about applicants for its programs and services with (i) any U.S. or international governmental department or agency, including regulatory authorities with a legitimate interest in the PII; (ii) any organization with your approval; (iii) any other organization where ECFMG has a legitimate interest in doing so, including but not limited to where ECFMG needs to verify information relating to applicants; (iv) any other organization or individual if ECFMG is satisfied that the third party has a legitimate interest in such information, including but not limited to where there is a need for those third parties to update and maintain their databases, to provide services to or for applicants, or conduct research or analyses of the international medical graduate (IMG) workforce; and for (v) other purposes in support of ECFMG’s mission.
Disclosures to Third Parties Assisting in Our Operations. We may share your PII under confidentiality agreements and any required data processing agreements with other companies that work with, or on behalf of, ECFMG to provide products and services, such as but not limited to those who provide (i) e-mail or mail solutions; (ii) payment processing solutions, such as PayPal and TeleCheck; (iii) cloud hosting services; (iv) analysis of usage of ECFMG websites; (v) support and maintenance services for ECFMG websites; (vi) services to assist us in processing employment applications; (vii) services to assist with credentialing operations; including but not limited to identity verification, translations services, and investigative firms; and (viii) surveys, such as SurveyMonkey. We also may share your PII with our legal, regulatory, audit and other professional advisors. These companies may use your PII to assist us in our operations consistent with our legitimate business interests. However, these companies do not have any independent right to share this information.
Disclosures Under Special Circumstances. We may provide information about you, including PII, to respond to subpoenas, court orders, legal processes, regulatory authority investigations, or governmental regulations or inquiries, or to establish or exercise our legal rights or defend against legal claims, or where we believe it is necessary to share such information in order to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law or to protect the public.
Other Parties with Your Consent or at Your Direction. In addition to the disclosures described in this Privacy Notice, we may share information about you with third parties when you expressly consent to or request such sharing.
Retention of Personal Information. If the services provided are intended to protect the public, for example through the assurance of an individual’s qualification through ECFMG’s verification services, ECFMG has a legitimate interest in retaining this information and will do so in accordance with its Data Retention and Erasure Policy. For other services, ECFMG will retain your PII only for as long as is reasonably necessary to achieve the purposes for which it is collected. When we delete any information, it will be deleted from our active databases but may remain in our archives.
Automatically Collected Information and Anonymous Information
Each time you visit ECFMG websites, ECFMG, its partners, and/or vendors collect information to improve the overall quality of your on-line experience.
- All Other ECFMG Websites: The following descriptions of automatically collected and anonymous information pertain to all internally hosted ECFMG websites.
Aggregated Data. ECFMG collects data for internal reporting and counts, tracks, and aggregates the visitor’s activity for the purpose of analysis of general traffic flow and feature usage related to ECFMG websites. To these ends, ECFMG may include information about you into aggregated group data. ECFMG may remove personal identifiers from PII or may use pseudonymization to disassociate the individual from the PII, allowing statistically accurate analysis over data without exposing any individual’s identity. Such anonymous data may be shared with ECFMG’s affiliates, business partners, service providers and/or vendors; if it does so, ECFMG will not disclose your individual identity.
Web Server Logs and IP Addresses. An Internet Protocol (“IP”) address is a number that automatically identifies the computer or device you have used to access the Internet. The IP address enables our server to send you the web pages that you want to visit, and it may disclose the server owned by your Internet Service Provider. ECFMG may use IP addresses to conduct analysis and performance reviews and to administer the websites, and may also use other information provided by you or your browser for purposes such as enabling support for applications and services being used.
Web Beacons. Some of the websites’ web pages may use web beacons in conjunction with cookies to compile aggregate statistics about the websites’ usage. A web beacon is an electronic image (also referred to as an “action tag,” “single-pixel,” or “clear GIF”) that is commonly used to track the traffic patterns of users from one web page to another in order to maximize web traffic flow and to otherwise analyze the effectiveness of the websites. Some web beacons may be unusable if you elect to reject their associated cookies.
Response to “Do-Not-Track” Signals. Some web browsers may transmit "do-not-track" signals to the websites with which the user communicates, although web browsers incorporate and activate this functionality in different ways, and it is not always clear whether users intend for these signals to be transmitted. There currently is disagreement, including among participants in the leading Internet standards-setting organization, concerning what, if anything, websites should do when they receive such signals. ECFMG currently does not take action in response to these signals, but, if and when a standard is established and accepted, we may reassess how to respond to these signals.
Children’s Privacy Protection
Under Age 13. ECFMG does not directly collect PII from persons under 13 years of age, from websites or otherwise. Any person who provides their personal information to ECFMG represents that they are 13 years of age or older. As a result, the ECFMG websites do not directly solicit or collect PII on-line from children under the age of 13. If we learn that a child under the age of 13 (or such legally required higher age) has submitted personally identifiable information on-line without parental consent, we will take all reasonable measures to delete such information from our databases and to not use such information for any purpose (except where necessary to protect the safety of the child or others as required or allowed by law). If you become aware of any PII we have collected from children under 13, please contact us at firstname.lastname@example.org.
Note that if you apply to ECFMG for J-2 visa sponsorship for your dependents, you will be required to provide to ECFMG the dependents’ personal information, including name as it appears on their passport, gender, date of birth, relationship to you, country of birth, country of citizenship, country of most recent legal permanent residence, and, if applicable, USMLE/ECFMG Identification Number. We will process such data of children in this limited circumstance whereby processing is required pursuant to our contractual obligations in providing your dependents with J-2 visa sponsorship.
Your Rights Over Your Personal Information
If the services provided are intended to protect the public, for example through the assurance of an individual’s qualification through ECFMG’s verification services, then in accordance with ECFMG policies and procedures, you may not have a right to erasure of your PII, to restrict processing of your PII, or object to the processing of your PII. For other services, in accordance with ECFMG’s policies and procedures, you have the right to request erasure of the PII that we hold about you, restrict processing of your PII, or object to the processing of your PII under certain circumstances. You may also have the right to request that we transfer your PII to another party to the extent provided for under applicable data privacy laws. If you want to review, verify, correct, or request erasure of your PII, restrict or object to the processing of your PII, or request a transfer of your PII to another party, please contact us at email@example.com.
Where you may have provided your consent to the collection and processing of your PII to receive our various newsletters or promotional e-mails, you have the right to withdraw your consent for that specific processing by individual newsletter and/or promotional e-mail list. To withdraw your consent, please contact firstname.lastname@example.org and specify the newsletter(s) and/or list(s) for which you are withdrawing consent. Your removal from our mailing list(s) will not remove records of past transactions or delete information stored in our data backups and archives.
Alternatively, if you are an existing user of ECFMG programs and services, please note that you can view and amend certain categories of your PII by accessing your account on the relevant user portal.
In addition, you have the right to make a complaint to ECFMG or a relevant supervisory authority, such as the Data Protection Commissioner in Ireland, if you have concerns about ECFMG’s handling of your PII. If you wish to raise concerns with ECFMG, please contact email@example.com.
The websites and materials available through the ECFMG websites may contain links to other websites. ECFMG is not responsible for the privacy practices or the content of those websites. Users should be aware of this when they leave our websites, and review the privacy statements of each third-party website. This Privacy Notice applies solely to information collected by ECFMG.
ECFMG understands that storing your PII in a secure manner is essential. ECFMG stores PII and other data using reasonable physical, technical and administrative safeguards to secure data against foreseeable risks, such as unauthorized use, access, disclosure, destruction or modification. Please note, however, that while ECFMG has endeavored to provide secure and reliable programs and services, including websites and mobile applications, for users, the confidentiality of any communication or material transmitted to/from ECFMG cannot be guaranteed.
Cross-Border Transfer, Use and Disclosure of Personal Information
ECFMG is located in the United States and is subject to the applicable laws of the United States (where data privacy laws are less stringent than in the European Union and some other jurisdictions). When we receive your PII, your PII may be transferred, processed and stored outside of your country of residence, including in the United States. In addition, some of the recipients of PII as specified above may be located in countries (including the United States) that do not provide a level of data protection equivalent to that set forth by the European Union and some other jurisdictions. If you choose to access or use the programs or services offered by ECFMG, you consent to the transfer, use and disclosure of information in accordance with this Privacy Notice and subject to such applicable laws.
Changes to this Privacy Notice
This Privacy Notice may be revised from time to time as we add new features and services, as laws change, and as industry privacy and security best practices evolve. If we update the Privacy Notice, we will let you know about changes we consider material by placing a note on the relevant web page you use to access the services, sending an e-mail with notification of the updated Privacy Notice, or other appropriate methods. By accessing or using the programs or services offered by ECFMG after we have placed such a notice, you consent to the new practice(s) identified in the update. The most current version of the Privacy Notice will always be available at www.ecfmg.org. You can check the "effective date" posted at the top to see when the Privacy Notice was last updated. Small changes or changes that do not significantly affect individual privacy interests may be made at any time and without notice.
If you have any questions about this Privacy Notice or about our handling of your information or if you need more information, please contact ECFMG’s Privacy Compliance Officer and ECFMG’s Data Protection Officer at firstname.lastname@example.org.