ECFMG|FAIMER Privacy Notice
Last Updated: August 9, 2021
ECFMG®|FAIMER® is committed to protecting the privacy and security of your Data, including Personally Identifiable Information (“PII”) (collectively “Data”). For purposes of this Privacy Notice (“Privacy Notice”), ECFMG|FAIMER refers to: Educational Commission for Foreign Medical Graduates (“ECFMG”), Foundation for Advancement of International Medical Education and Research (“FAIMER”), and Clinical Skills Evaluation Collaboration (“CSEC”) (hereinafter referred to collectively as “ECFMG|FAIMER,” “we,” “us,” or “our”). This Privacy Notice explains how we collect, process, use, and disclose your Data (i) in connection with, and in support of, our programs and services; (ii) in connection with your participation in ECFMG|FAIMER-related educational and professional forums and collaborations; (iii) in support of our research endeavors; and/or (iv) in connection with an application for employment with ECFMG|FAIMER.
Acceptance of Privacy Notice
Your use of the ECFMG|FAIMER websites, programs and services, mobile applications, and related administrative processes signifies your understanding and acceptance of the terms of this Privacy Notice. If you do not agree to the terms of this Privacy Notice, please do not submit your PII or any PII you are responsible for to ECFMG|FAIMER or use its websites, programs and services, and mobile applications. Further, your continued use of ECFMG|FAIMER websites, programs and services, and mobile applications following our posting amendments to the Privacy Notice signifies your acceptance of the Privacy Notice as amended.
Nature of Services Provided
ECFMG|FAIMER provides programs and services to individuals and to organizations including certification, professional verification, credentialing, training, educational opportunities, and visa sponsorship. ECFMG|FAIMER also collaborates in research, publications, and educational opportunities and makes employment opportunities available to individuals seeking to join our teams.
PII and Other Data We Collect
We collect PII and other Data either directly from you, through automatic technologies, and from third parties or publicly available sources, as follows:
Data Collected from You
- Users in Connection with and in Support of Our Programs and Services. We collect the following PII directly from individuals in order to provide our programs and services including some PII that may be considered sensitive PII under the applicable law in the jurisdiction where you reside. The PII we collect may include but is not limited to an individual’s: name, image, address(es), e-mail address, birth date, birth country, passport and visa information, national identification numbers, medical license number and medical licensing jurisdiction, gender, ethnicity, citizenship, birth certificate, marriage certificate, relevant information about any claimed disability, driver’s license information, financial information, and educational and work experience. For those Users seeking visa sponsorship, we collect PII of family members and dependents (including minors) also seeking sponsorship (under a J-2 Visa), as follows: name, gender, date of birth, birth city, passport number, country(ies) of citizenship, country of legal personal residence, e-mail address, Student and Exchange Visitor Information System (SEVIS) number, and United States Medical Licensing Examination® (USMLE®) number (where applicable). Copies of passports, marriage certificates, and birth certificates must also be provided in support of sponsorship.
In order to facilitate payment for our programs and services, we use third-party payment services through PayPal and Telecheck, which directly collect your financial Data (for example, your bank account information or credit card details); the financial Data you submit electronically is not collected, processed, or retained by ECFMG|FAIMER. The use of your financial Data is governed by the Privacy Policies of those entities.
In very limited instances, our programs and services permit Users to submit payment by providing financial Data directly to us using a paper form. In the event you elect to make a payment in this manner, your financial Data will be processed only for purposes of payment and will be deleted within one year of collection.
- Users Supporting ECFMG|FAIMER or Participating in Educational and Professional Forums. PII is also collected from individuals working for organizations assisting ECFMG|FAIMER to fulfill its services, donors, and individuals attending and/or presenting at ECFMG|FAIMER educational and professional forums. The PII collected from such Users includes but is not limited to: name, title, address(es), date of birth, birth country, e-mail addresses, phone numbers, and professional credentials.
- Users Seeking Employment Opportunities. ECFMG|FAIMER generally collects the following PII from Users seeking professional opportunities with ECFMG|FAIMER: name, address(es), e-mail address, phone numbers, gender, ethnicity, veteran status, disability status, education history, employment history, professional references, required background clearance data, and other job-related information.
In most instances, collection of this PII is required for ECFMG|FAIMER to provide the requested opportunities and/or programs and services, or in other instances may be required by law. Non-provision of certain information may bar our ability to provide you with these opportunities and/or the requested programs and services.
Data Collected Automatically
ECFMG|FAIMER websites and mobile applications collect certain Data about you automatically, using certain passive technologies. Such Data includes technical information about browser type, areas of the site visited, date and time of access, and related data in order to improve the overall quality of your on-line experience. These passive technologies include:
- Web Server Logs and IP Addresses. Internet Protocol (“IP”) addresses and mobile device identifiers are numbers that identify the computer or device that you use to access the Internet. Depending on the way in which you access the Internet and where you access the Internet, your IP address may always be the same or very similar each time you access the Internet, or may change each time you access the Internet. ECFMG|FAIMER systems automatically collect IP addresses and mobile device identifiers to enable our servers to send you the web pages that you request via your Internet Service Provider. We will never use your IP address to specifically target your location, but we may use your IP address to target the general geographic area from which you are visiting our website where there is a business need and a lawful basis to do so. We may use your IP address for security purposes, administering and maintaining our websites, to support our applications and the services that you access, for calculating our website usage levels, for the prevention and investigation of fraudulent activities, and/or for other business practice improvement.
- Web Beacons. ECFMG|FAIMER web pages may use web beacons in conjunction with cookies to compile aggregate statistics about website usage. A web beacon is an electronic image (also referred to as an “action tag,” “single-pixel,” or “clear GIF”) commonly used to track User traffic patterns from one web page to another in order to maximize web traffic flow and to otherwise analyze the effectiveness of our websites. Some web beacons may be unusable if you refuse their associated cookies.
- “Do-Not-Track” Signals. Some web browsers transmit "do-not-track" signals to our websites. Although web browsers may incorporate and activate this functionality in different ways, ECFMG|FAIMER currently does not respond to these signals.
Data Collected from Third Parties
We may also use or supplement the Data we have about you with information provided by other sources, such as the USMLE program, National Board of Medical Examiners® (NBME®), the National Resident Matching Program® (NRMP®), American Medical Association (AMA), Federation of State Medical Boards (FSMB), Association of American Medical Colleges (AAMC), Accreditation Council for Graduate Medical Education (ACGME), the Department of State (DOS), the Department of Homeland Security (DHS), medical schools, graduate medical education and training programs, current and former employers, licensing and regulatory authorities, professional organizations, and other organizations with which we collaborate in the provision of our programs and services. Where such information is received, ECFMG|FAIMER will only use that data for the limited purposes for which it was provided to us.
How We Use Personal Information
ECFMG|FAIMER may use your PII to:
- establish the applicable User account in our systems (e.g., as an applicant for our programs and services or as an applicant for job opportunities);
- process and fulfill requests for ECFMG|FAIMER programs and services and employment opportunities;
- provide administrative notices and alerts to inform you of relevant aspects of programs and services (“administrative e-mails”);
- deliver newsletters and promotional materials that support ECFMG|FAIMER’s mission and mandate (“promotional e-mails”);
- provide customer service in connection with our programs and services and employment opportunities;
- respond to legitimate business inquiries;
- support professional work and educational opportunities;
- confirm the identity of officials who verify credentials at verifying organizations;
- perform analyses and other internal assessments to administer our business and to improve the quality of ECFMG|FAIMER business and service offerings;
- provide information and donor opportunities to support ECFMG|FAIMER’s work and mission;
- facilitate engagement by alumni from our educational programs, including but not limited to alumni of our FAIMER regional institutes;
- address legal and regulatory inquiries made in the interests of serving the public;
- maintain permanent records of Users of ECFMG programs and services as necessary to prevent fraud and serve the interests of the public;
- complete regulatory audits and compliance investigations;
- respond to inquiries from governmental and regulatory authorities;
- conduct statistical research and analysis that support our programs and services, mission, and other business interests;
- monitor for fraud and security threats; and/or
- fulfill any other purpose for which it was collected or provided to us, as stated at the time of collection, or as otherwise implied based on the context of the collection.
ECFMG|FAIMER uses e-mail addresses collected for administrative and promotional purposes. Administrative e-mails are necessary to keep Users informed about critical aspects of programs and services. These must be received by Users in a timely manner. Therefore, the option to unsubscribe from administrative e-mails and alerts is not available to Users. However, if you wish to opt-out of promotional e-mails, please follow the unsubscribe instructions provided within individual newsletters and/or promotional e-mails.
ECFMG|FAIMER reserves the right to aggregate PII provided by Users for statistical analysis and on-going research in accordance with our mission. To this end, ECFMG|FAIMER compiles PII into aggregated data groups. ECFMG|FAIMER may de-identify or pseudonymize the PII for statistically accurate data analysis without risking exposure of PII. Such data groups may then be shared with business partners, service providers, and/or vendors of ECFMG|FAIMER or published on our website, in academic journals, or in presentations.
Basis for Processing PII
Applicable law in certain countries, including but not limited to countries in the European Economic Area, require that we collect and process PII only where we have an identified lawful basis to do so under applicable law. Depending on the program and service and/or opportunity provided and/or the processing activity involved, we collect and process your PII only where we have one of the following lawful bases to do so:
- You Provide Your Consent: You provide us with consent to collect and process your PII for a specific purpose;
- We Must Do So to Perform Our Contract with You: We process your PII to fulfill your request to provide programs and services or other opportunities;
- We Have a Legitimate Interest: We have a legitimate interest to process your PII that is not overridden by your interests, fundamental rights, or freedoms; and/or
- We Must Do So to Comply with Legal Obligations: We process your PII if it is necessary for us to comply with our legal obligations.
Where we process “special” or “sensitive” categories of PII, as defined by the General Data Protection Regulation, we do so only: (i) where you have given us your explicit consent to carry out such processing; or (ii) as otherwise permitted by law.
Personal Information of Minors
Except as noted below, minors (i.e., persons under 18 years of age) are not eligible for participation in ECFMG|FAIMER programs or services, and/or employment opportunities. Therefore, ECFMG|FAIMER does not intentionally collect PII from minors. If ECFMG|FAIMER identifies that a minor has submitted PII, we will take all reasonable steps necessary to delete the PII from our databases and not use or retain it for any purpose. Further, if you believe a minor has submitted PII to ECFMG|FAIMER, please contact us at: privacy@ECFMG.org or privacy@FAIMER.org.
ECFMG|FAIMER provides visa sponsorship for authorized foreign national physicians and unmarried, minor dependents of such authorized foreign national physicians under the age of 21. Under such sponsorship and to meet J-1/J-2 visa requirements, ECFMG|FAIMER must collect PII of minor dependents for U.S. government agencies; however, such information is collected from the authorized foreign national physician, not the minor dependent.
Data Retention and Destruction
ECFMG|FAIMER retains your Data for as long as necessary to fulfill the purposes we collected it for, for the duration of our business relationship with you, and in accordance with our Data Retention and Destruction Policy. ECFMG|FAIMER may maintain a lawful basis for retaining certain PII indefinitely, for example, where ECFMG|FAIMER services are benefiting the public interest in the area of public health, such as through verification of professional credentials. PII deleted from our active database in accordance with our Policy may be retained in de-identified format for research, data aggregation, and statistical purposes.
How We Disclose and Share PII
We may disclose and share your PII with third parties, as follows:
To Parties Authorized by Users
Fulfillment of ECFMG|FAIMER’s programs and services or other opportunities often requires disclosure of PII to third parties. In such instances, Users provide explicit consent to such ECFMG|FAIMER-defined uses and disclosures, and ECFMG|FAIMER discloses limited and necessary PII about Users. Such disclosures may be made to the following, as applicable:
- organizations assisting ECFMG|FAIMER to fulfill its programs and services including but not limited to verifying institutions (such as medical schools and post-graduate training institutions), identity verification providers, translation providers, test providers, USMLE, ACGME, NBME, NRMP, and the FSMB;
- other organization(s) or individual(s) in order to facilitate on-going services;
- U.S. or international governmental agencies and other organizations, including medical and other regulatory authorities; and/or
- any other individual, organization, or government or regulatory authority that a User specifies should receive the information.
There may be circumstances where you would like information in your ECFMG|FAIMER records to be disclosed to a third party, such as a friend or family member. We will not disclose your information to such individuals unless you have authorized us to do so.
ECFMG|FAIMER may also disclose PII to third parties, such as hospitals or medical regulatory authorities, where you have given such third parties authorization to obtain such information from ECFMG|FAIMER.
To External Third Parties Under Contractual Relationships with ECFMG|FAIMER
ECFMG|FAIMER may disclose or provide access to your PII with vendors and service providers, including but not limited to the following:
- IT and systems administration services (such as cloud hosting services and e-mail or mail solutions);
- PCI-compliant payment processing solutions (e.g., PayPal, TeleCheck);
- Internet Service Providers;
- services that assist in processing employment applications;
- personnel administration services;
- vendors and services that assist with certification, credentialing, and visa sponsorship operations, including but not limited to identity verification providers, translation providers, test providers (including but not limited to English language proficiency testing providers), and investigative firms;
- professional advisors such as lawyers, bankers, auditors, and insurers; and
- program and other surveys (e.g., SurveyMonkey).
Where such disclosures are made, they are governed by agreements (such as confidentiality agreements, data sharing agreements, and data processing agreements) that require protection of your PII and that only permit use of your PII in a manner consistent with this Privacy Notice.
To Protect Our Legal Rights and Interests or Where Required by Law
ECFMG|FAIMER may disclose PII to respond to valid subpoenas, court orders, legal processes, medical or other regulatory authority inquiries and investigations, or other governmental inquiries and investigations; to exercise our own legal rights to defend against legal claims/suits; to investigate, prevent, or take action against illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person or the general public; or as otherwise required by law.
In the Event of a Change in Corporate Status
In the event that ECFMG|FAIMER is involved in a merger, acquisition, sale of assets, bankruptcy, and/or reorganization, your Data may be sold or transferred as part of that transaction. Any Agreement with such new entity or receiver will include appropriate privacy protections.
No Disclosures for Direct Marketing and Advertising
At this time, ECFMG|FAIMER does not disclose, sell, rent, license, grant access to, or trade PII with third parties for direct marketing.
Cross-Border Transfers of PII
All PII collected and/or received by ECFMG|FAIMER is stored and maintained on servers in the United States, where national and state privacy laws may not afford the same level of protection as where you reside. Further, fulfillment of many of our programs and services require the cross-border transfer of PII from ECFMG|FAIMER to other countries, for example, to verify an individual’s credentials and/or to provide information to international medical regulatory authorities; similarly, the national and state privacy laws in those countries may not afford the same level of protection as where you reside. By using ECFMG|FAIMER’s programs and services, you consent to the transfer of information to countries outside your residence, including but not limited to the United States, and acknowledge that your personal information will be processed in the United States. ECFMG|FAIMER also employs cross-border transfer safeguards (including but not limited to standard contractual clauses) as applicable and appropriate to protect the privacy and security of your PII, and to use it in a manner strictly consistent with the purposes for which it is provided.
Data Privacy and Security
ECFMG|FAIMER has implemented reasonable administrative, technical, and organizational safeguards to protect against foreseeable risks of unauthorized access, use, disclosure, destruction, or modification of PII and its information systems.
Please note, however, that despite the best efforts of ECFMG|FAIMER, the confidentiality and security of information and Data transmitted to/from ECFMG|FAIMER cannot be guaranteed as completely safe from intrusion.
Please do your part to protect the personal information that you share with ECFMG|FAIMER. Keep your username, password, or other authentication information secure and limit the dissemination of your account information to third parties to those circumstances where dissemination is absolutely necessary. If you believe that your username, password, or other information associated with your ECFMG|FAIMER account has been compromised, please contact us at: privacy@ECFMG.org or privacy@FAIMER.org.
Data Protection Rights
Depending on where you reside, your local privacy laws, including but not limited to the European Union’s General Data Protection Regulation, may provide you with certain rights with respect to your PII, as follows:
Access, Review, and Rectification
Some Users may have the right to access and review their PII collected and maintained by ECFMG|FAIMER, with limited restrictions. Users can submit a formal request for access and review by contacting privacy@ECFMG.org or privacy@FAIMER.org. All such requests will be tracked and responded to in a timely manner, not to exceed 30 calendar days from the date of the request. Most ECFMG|FAIMER services include password-protected portals where Users can review, correct, and update their PII in lieu of submitting a formal request.
Erasure and Restricting Processing
Under certain circumstances, some Users may have the right to request that their PII be deleted or removed from ECFMG|FAIMER’s systems. This right is not absolute. Many of ECFMG|FAIMER’s services are intended to prevent fraud and to serve the public interest in the area of public health. As a provider of these services, ECFMG|FAIMER may have a lawful basis to refuse User requests for erasure of PII and/or to refuse User requests to restrict or object to processing PII.
Applicable Users have the right to make a complaint to ECFMG|FAIMER by contacting privacy@ECFMG.org or privacy@FAIMER.org, and/or to request that ECFMG|FAIMER direct the User to relevant supervisory authorities to file a formal complaint.
Privacy Notices of Unaffiliated Third-Party Websites
This Privacy Notice applies only to ECFMG|FAIMER and ECFMG|FAIMER’s privacy practices. The ECFMG|FAIMER website and mobile applications include links to unaffiliated third-party websites and applications whose privacy practices may be different than ours. Users clicking on these links should be aware that they are leaving the ECFMG|FAIMER website and/or application and are accessing the unaffiliated third-party website. Users should review the Privacy Notice of the unaffiliated third-party website before engaging their services or products.
Changes to This Privacy Notice
This Privacy Notice may be amended from time to time as new features, programs, and services are made available, as laws and regulations change, or as otherwise necessary and appropriate. Notice about amendments to the Privacy Notice will be communicated by administrative e-mails, posted on-line, or by other appropriate methods. User access and/or on-going use of ECFMG|FAIMER programs, services, websites, and/or mobile applications after such amendments signifies acceptance of the Privacy Notice, as amended. The most current version of the Privacy Notice is available at www.ECFMG.org and www.FAIMER.org and includes the date the Privacy Notice was last updated.
How to Contact Us
Attn: Privacy Office
3624 Market Street
Philadelphia PA 19104 USA