GAITS Security and Privacy Policy

Introduction

Guidance and Impact Tracking System (GAITS) websites (“Sites”) are CIMIT (sometimes referred to as “we,” “us,” or, “our”) hosted sites which are made available to you by CIMIT or an affiliated organization (“Sponsor”) to help accelerate a healthcare innovation into practice. “You,” “your,” or “Authorized End User” (“AEU”), refers to an individual who has access to the private side of any of a Site and “Guests” who may visit a public side of any Site.

A Site may disclose personal information (see the Personal Information section) of an AEU when required by law or in the good-faith belief that such action is necessary to conform to the edicts of the law or comply with a legal process involving the Site.

Collection and Use of your Personal Information

  1. Personal Information

This Site's registration form requires you to provide some limited Personal Information which will be used to identify you as a User. Such information may include your: full name, screen name, email address, and password. (“Personal Information”). You may also choose to provide optional information, such as address, gender, birthday, occupation, company, photos, or personal comments as part of your profile. You may update any of this information at any time by accessing your profile by clicking the "My Account” and selecting “Account Settings” in the navigation menu (“Menu” tab in upper right-hand corner). You may opt out of receiving email communications from any Site Application (such as Message Boards) by unsubscribing.

  1. Access to Personal Information

We provide Sponsors approved site administrators (“Admins”) with reasonable access to an individual’s Personal Information maintained within our System. In addition to your ability to update Personal Information within your profile; you can contact us for inquiries to correct, amend, or delete inaccurate Personal Information. However, we may deny access to Personal Information when providing such access is considered unreasonably burdensome, expensive, or as otherwise permitted under the Privacy Shield principles. See the Contacting the Site section for details on Sponsors resting access to an individual’s Personal Information.

  1. Use and Disclosure of Personal Information

Our Services helps Sponsors advance fundamental engagement to you as a Constituent. In support of our Sponsors, we collect demographic data, such as your first and last name, email address, and other contact information (postal address and telephone number) to authenticate and enhance targeted communication to meet the Sponsor’s objectives. Additionally, we will aggregate your Personal Information in an anonymous manner to compile statistical and performance information related to the operation of our System (“Aggregated Anonymous Data”). Aggregated Anonymous Data is used to create product and Service enhancements; provided, that such information does not incorporate any of our Sponsor’s data, your Personal Information, or additional data you and our Sponsors provide. Our use of your Personal Information and Aggregated Anonymous Data is strictly limited to the extent necessary to perform the Services for our Sponsors.

EU and Swiss individuals have rights to access their Personal Information, and limit use and disclosure such Personal Information. Unless authorized by you; we will not use or disclose your Personal Information or other data identifiable to you that are outside the original intent necessary for our Site. As noted in the Access Personal Information Section above; individuals have the ability request access, limit our use or disclosure (opt out) through Customer Support (see Contacting the Site section). We will work with your Sponsor for any individual inquiry or opt out request received. Additionally, we may disclose your Personal Information if we are required to do so under applicable law, public authorities, enforceable government request, meet national security, or when we believe disclosure is necessary to prevent harm or financial loss or in connection with suspected or actual illegal activity.

As noted in our Personally Identifiable Information section below, we do not collect sensitive personal information; including, but not limited to, government issued identifications, medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or other sensitive information as defined by the Privacy Shield framework.

  1. Cookies

This Site uses cookies to recognize you and allow you to automatically log in without re-entering your username and password each time you visit our Site. The cookies are encrypted and do not save any personally identifiable information about you, such as your username, password, or email address (see the Personally Identifiable Information section for further details). If cookies are disabled in your browser, you can still use the Site, but you will be required to enter your password each time you visit.

  1. Personal Profile and Directory Information

Your Personal Profile features information you may wish to share with other Site AEUs on your Profile Page. Only people who are AEUs of this Site can view other AEUs’ Profile Pages. The only information automatically displayed on your Profile Page is your first name, last name, email, and additional information you select. Additional information fields from your Personal Profile information — including comments and other personal information you choose to share, along with any photos — will appear only if you have opted to provide those items and have also selected to have those fields in your Profile Page View.

Use of our Site and Services

  1. Fraudulent Behavior

This is a resource that has a great deal of AUE input. This Site cannot guarantee the accuracy of information presented. However, anyone demonstrated to have engaged in fraudulent behavior may be subject to (but not limited to) loss of privileges as an AEU as well as face prosecution to the fullest extent of the law.

  1. Email Subscription Opt-Out

The Site provides you with the opportunity to choose to receive email communications about this Site and the groups you are registered with, as well as emails from other AEUs. In all email communications you receive — except confirmation emails such as for event registrations— you are provided an unsubscribe option to opt out of the specific email communication type.

  1. Photo, Blog, and other Personal Content Policy

This Site retains the right to remove or reject any content that it deems obscene, objectionable, or has been reported as such by other AEUs. In addition, the Sponsor of a Site can at any time deem content to be objectionable and can remove it from the Site. This Site does not endorse any user generated content that is posted on the Site. AEUs will not post copyrighted content without permission from the owner. AEUs understand content — whether it be text, graphic, or audio visual — is the sole responsibility of the person from which such content originated. This Site is no way responsible for the accuracy, integrity, or quality of such content.

Compliance and Security

  1. Security

We treat the security of data with utmost importance. We take many precautions at the infrastructure and software layers to deliver the highest industry standard level of protection for your Personal Information and other additional data provided by you or our Sponsors. We subscribe to Amazon Web Services to operate the database and web servers that host Sponsors' Sites and, stores Sponsor and User data, including your Personal Information. These servers are protected by securely configured firewalls that prevent data from being accessed via the Internet. Each of our Sponsor's data, Personal Information, and other additional data are stored in a dedicated database; this prevents the intrusion or corruption of data. In addition, our Sponsors' data catalogs cannot see or access each other's data.

  1. SSL

Measures have been taken to make transactions secure for AEUs on our Sites and transaction pages. Login, electronic commerce, and administrative activity are transmitted over an industry standard Secure Socket Layer (“SSL”). All commerce transactions encrypt your Personal Information including name, address, and credit card number to prevent unauthorized access as the information travels over the Internet. Sponsors can elect to have site activity data transmitted securely by adding full site SSL certification as an additional service.

  1. Logins and Passwords

Strong passwords are required for each login, and they are stored in a format that cannot be read by administrators or employees. Multiple failed logins or lost login requests are challenged by reCaptcha. An administrative rights system restricts authenticated but unauthorized access to Constituent data.

  1. Personally Identifiable Information (PII)

We do not support the collection, storage, or display of sensitive personal information or personally identifiable information in our System or use of our Services. We define “Personally Identifiable Information” or “PII” as information which includes: (i) Family Educational Rights and Privacy Act (FERPA); (ii) Health Insurance Portability and Accountability Act (HIPAA); or (iii) government issued identifications, including, but not limited to, Social Security Numbers, Driver License Numbers, and Individual Taxpayer Identification Numbers.

As part of our policy, we maintain confidentiality and security features consistent with commercially reasonable industry standards which are appropriate to protect our System, as well as any data provided by you and our Sponsors. To the extent Personal Information or other additional Constituent information you provide is stored in our System, such information is treated as confidential information. Our security standards and data protection cover the data entered and maintained within the system. Sponsor’s authorized administrators are also required to follow proper guidelines and standards in the use of the data and our Services to prevent unintended access of all data we maintain within our System. Accordingly, we offer our Sponsors comprehensive product training which includes setup and configuration of the Site, as well as ongoing product support, for purposes of ensuring Sponsors adhere to our confidentiality standards and proper use of our System. However, Sponsors are responsible for process and procedures to ensure the proper use of our Services, including data provided by you and our Sponsors comply with all applicable governing laws related to your Personal Information and confidentiality.

General Inquiry and Other Policy Items

  1. Updates to This Privacy Policy

This Site has the right to make changes or additions to this policy at any time. The most recent version of the Privacy Policy is reflected by the version date located at the bottom of this Policy. If you have questions regarding this policy, please check this policy periodically or contact Customer Support.

  1. Contacting the Site

If you have any questions about this privacy statement, the practices of this Site, or your dealings with this Site, please contact Customer Support by e-mail at admin@GAITS.org.

GAITS Terms of Service

Introduction

Welcome to CIMIT’s portfolio of GAITS websites built on the Liferay Digital Experience Platform, with each being a “Site” and collectively referred to as “Sites”. The Sites are hosted in secure servers conforming with US and EU data policies and implemented to be GDPR compliant. Please e-mail admin@GAITS.org for more information.

CIMIT maintains these Sites as a service to its members, affiliates and collaborators. By using any of our Sites as an Authorized End User, you agree to, will comply with, and be bound by the following Terms of Service. Please review the following terms carefully. If you do not agree to these terms, you should not accept these terms nor use any Site.

  1. Acceptance of Agreement.

You agree to the terms and conditions outlined in this Terms of Service Agreement ("Agreement") with respect to our Site(s). This Agreement constitutes the entire and only agreement between us and you, and supersedes all prior or contemporaneous agreements, representations, warranties and understandings with respect to the Site(s), the content, products or services provided by or through the Site, and the subject matter of this Agreement. This Agreement may be amended at any time by us from time to time without specific notice to you. The latest Agreement will be posted on the Site(s), and you should review this Agreement prior to using any Site.

  1. Security & Privacy Policy.

Our Security & Privacy Policy (LINK) was created to demonstrate our commitment to privacy and to comply with industry standard security practices as well as relevant laws such as GDPR in the EU.  It describes the information-gathering and dissemination practices for the Site or any use of our Services. It may change from time to time and is a part of this Agreement.

  1. Copyright.

The content, organization, graphics, design, compilation, magnetic translation, digital conversion and other matters related to any Site are protected under applicable copyrights, trademarks and other proprietary (including but not limited to intellectual property) rights. The copying, redistribution, use or publication by you of any such matters or any part of a Site, except as allowed by Section 5 (Limited Right to Use), is strictly prohibited. You do not acquire ownership rights to any content, document or other materials viewed through a Site. The posting of information or materials on a Site does not constitute a waiver of any right in such information and materials.

  1. Limited Right to Use.

The viewing, printing or downloading of any content, graphic, form or document from the Site grants you a limited, nonexclusive license for your use, but not for resale or redistribution.

  1. Availability.

CIMIT shall use reasonable efforts to ensure that the Sites are available twenty-four (24) hours per day, seven (7) days per week, excluding: (1) scheduled downtime for system maintenance, upgrades, and operations reconfigurations; (2) unscheduled downtime caused by (i) force majeure events or other forces beyond the control of CIMIT, (ii) the Internet, (iii) hardware failures, (iv) use of or access to any Site in a manner prohibited or not contemplated by this Agreement, or (v) emergency maintenance activities including, but not limited to, actions required to protect the security of the systems.

  1. Service Marks.

Products and names mentioned on any Site may be trademarks of their respective owners.

  1. Editing, Deleting, and Modification.

We reserve the right in our sole discretion to edit or delete any documents, information or other content appearing on a Site.

  1. Indemnification.

You agree to indemnify, defend and hold us and our partners, attorneys, staff, advertisers, product and service providers, and affiliates (collectively, "Affiliated Parties") harmless from any liability, loss, claim and expense, including reasonable attorney's fees, related to your violation of this Agreement or use of a Site.

  1. Nontransferable.

Your right to use the Site is not transferable. Any password or right given to you to obtain information or documents is not transferable.

  1. Disclaimer and Limits.

THE INFORMATION FROM OR THROUGH A SITE ARE PROVIDED "AS-IS," "AS AVAILABLE," AND ALL WARRANTIES, EXPRESS OR IMPLIED, ARE DISCLAIMED (INCLUDING BUT NOT LIMITED TO THE DISCLAIMER OF ANY IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE). THE INFORMATION AND SERVICES MAY CONTAIN BUGS, ERRORS, PROBLEMS OR OTHER LIMITATIONS. WE AND OUR AFFILIATED PARTIES HAVE NO LIABILITY WHATSOEVER FOR YOUR USE OF ANY INFORMATION OR SERVICE. IN PARTICULAR, BUT NOT AS A LIMITATION THEREOF, WE AND OUR AFFILIATED PARTIES ARE NOT LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, LITIGATION, OR THE LIKE), WHETHER BASED ON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE NEGATION OF DAMAGES SET FORTH ABOVE ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN US AND YOU. THIS SITE AND THE PRODUCTS, SERVICES, AND INFORMATION PRESENTED WOULD NOT BE PROVIDED WITHOUT SUCH LIMITATIONS. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM US THROUGH THE SITE SHALL CREATE ANY WARRANTY, REPRESENTATION OR GUARANTEE NOT EXPRESSLY STATED IN THIS AGREEMENT. WE DO NOT PROVIDE LEGAL ADVICE NOR ENTER INTO ANY ATTORNEY-CLIENT RELATIONSHIP.

ALL RESPONSIBILITY OR LIABILITY FOR ANY DAMAGES CAUSED BY VIRUSES CONTAINED WITHIN THE ELECTRONIC FILE CONTAINING THE FORM OR DOCUMENT IS DISCLAIMED. WE WILL NOT BE LIABLE TO YOU FOR ANY INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES OF ANY KIND THAT MAY RESULT FROM USE OF OR INABILITY TO USE OUR SITE. OUR MAXIMUM LIABILITY TO YOU UNDER ALL CIRCUMSTANCES WILL BE EQUAL TO THE PURCHASE PRICE YOU PAY FOR ANY GOODS, SERVICES OR INFORMATION.

  1. Ownership and Use of Information.

Each Site has a private side and a public side.  The private side is to hold information confidentially for authorized members of that site as well as administers of a Site or a parent Site (“Portfolio Site”). The public side is to hold information that is intended to be shared with the public. You acknowledge that you understand what information should be kept on each site and how to access and use of that data is managed, which is outlined below:

  • Private Site Content (“Content”):
    • Content: For clarity, we define two types of Private Site Content, which are:
      • “Materials”, includes descriptive comments, text, documents, images, etc. that describe the nature of the problem and/or solution being pursued by the team as well as project plans, budgets, team members, etc. Oftentimes Content represents confidential and/or proprietary intellectual property of the team members with access to a Site.
      • “Metadata”, includes the parametric data that characterizes the progress (i.e. “Planning/Tracking” data such as when a Deliverable was planned to be completed and how long it actually took) or the impact of a project (i.e. “Impact” data, such as the Impact scores). While Metadata associated with a specific team may reveal confidential information, when aggregated and deidentified the result is a data set that can be studied to better understand the process of innovation in healthcare without disclosing any team’s confidential or proprietary intellectual property.  
    • Ownership: You retain ownership of all of your intellectual property rights in your Content. These Terms do not grant us any licenses or rights to your Content except for the limited rights needed for us to provide the Services, and as otherwise described in these Terms. Your Content includes the data you enter, the files you upload on the Private Site and any of the Impact Metrics data or files. You grant a worldwide, royalty free license to use, reproduce, distribute, modify, adapt, create derivative works, for the limited purposes of providing the Services to you and as otherwise permitted by the security and privacy policies. This license for such limited purposes continues even after you stop using our Services, though you have the ability, upon written request, to download and delete your Content from the platform at any time. This license also extends to any trusted Affiliated Parties we work with to the extent necessary to provide the Services to you. If you provide us with feedback about the Services, we may use your feedback without any obligation to you. Note, each site has one or more members listed as “Administrators”.  They each can control access to authorized users.
    • Confidentiality: CIMIT will hold Content as confidential consistent with our Security and Privacy Policy (LINK). However, CIMIT will be able to use de-identified Metadata to analyze trends and be able share those results as CIMIT wishes.
    • Restricted Information: You agree that you will not upload Protected Health Information (“PHI”).  PHI includes health records and related data and documentation of patients. PHI also includes certain individually identifiable health information as defined by the Health Insurance Portability and Accountability Act of 1996 and other related healthcare policies (“HIPAA”), which is also referred to as protected health information.
  • Rights to Public Site Submissions (“Submissions”): By submitting information on a public website, you grant CIMIT a worldwide, royalty free license to use, reproduce, distribute, modify, adapt, create derivative works, for the limited purposes of providing the Services to you and as otherwise permitted by the privacy policies. This license for such limited purposes continues even after you stop using our Services. You acknowledge that you are responsible for any Submission, and you, not CIMIT, have full responsibility for the message, including its legality, reliability, appropriateness, originality, and copyright. This license also extends to any Affiliated Parties we work with to the extent necessary to provide the Services to you.
  • Rights to Feedback (“Feedback”): All remarks, comments, suggestions, ideas, graphics, or other information communicated by you to CIMIT regarding a Site’s function through a Public Site, the Feedback tab, or otherwise (collectively “Feedback”) will forever be available to CIMIT for its use in sole discretion. CIMIT will not be liable for any ideas for its business (including without limitation, product, service or advertising ideas) and will not incur any liability as a result of any similarities that may appear in future CIMIT products, services or operations. CIMIT will be entitled to use the Feedback for any commercial or other purpose whatsoever, without compensation to you or any other person sending the Feedback.

  1. Links to Other Web Sites.

The Site contains links to other web sites. We are not responsible for the content, accuracy or opinions express in such web sites, and such web sites are not investigated, monitored or checked for accuracy or completeness by us. Inclusion of any linked web site on any of our Sites does not imply approval or endorsement of the linked web site by us. If you decide to leave our Site and access these third-party sites, you do so at your own risk.

  1. Copyrights and Copyright Agents.

We respect the intellectual property of others, and we ask you to do the same. If you believe that your work has been copied in a way that constitutes copyright infringement, please provide our Copyright Agent (mail to: admin@GAITS.org) the following information:

    1. An electronic or physical signature of the person authorized to act on behalf of the owner of the copyright interest;
    2. A description of the copyrighted work that you claim has been infringed;
    3. A description of where the material that you claim is infringing is located on the Site;
    4. Your address, telephone number, and email address;
    5. A statement by you that you have a good faith belief that the disputed use is not authorized by the copyright owner, its agent, or the law; and
    6. A statement by you, made under penalty of perjury, that the above information in your Notice is accurate and that you are the copyright owner or authorized to act on the copyright owner's behalf. Our Copyright Agent for Notice of claims of copyright infringement on a Site can be reached by directing an e-mail to the Copyright Agent at admin@GAITS.org

  1. Proposed Product and Service Offerings.

All descriptions of proposed products and services are based on assumptions subject to change and you should not rely on the availability or functionality of products or services until they are actually offered through any Site. We reserve the right in its sole discretion to determine how registration and other promotions will be awarded. This determination includes, without limitation, the scope, nature and timing of all such awards.

  1. Information and Press Releases.

The Site contains information and press releases about us. While this information was believed to be accurate as of the date prepared, we disclaim any duty or obligation to update this information or any press releases. Information about companies other than ours contained in the press release or otherwise, should not be relied upon as being provided or endorsed by us.

  1. Miscellaneous.

This Agreement shall be treated as though it were executed and performed in Massachusetts and shall be governed by and construed in accordance with the laws of the State of Massachusetts (without regard to conflict of law principles). Any cause of action by you with respect to the Site (and/or any information, products or services related thereto) must be instituted within one (1) year after the cause of action arose or be forever waived and barred. All actions shall be subject to the limitations set forth in Section 8 and Section 10. The language in this Agreement shall be interpreted as to its fair meaning and not strictly for or against either party. All legal proceedings arising out of or in connection with this Agreement shall be brought solely in Boston, MA You expressly submit to the exclusive jurisdiction of said courts and consents to extra- territorial service of process. Should any part of this Agreement be held invalid or unenforceable, that portion shall be construed consistent with applicable law and the remaining portions shall remain in full force and effect. To the extent that anything in or associated with the Site is in conflict or inconsistent with this Agreement, this Agreement shall take precedence. Our failure to enforce any provision of this Agreement shall not be deemed a waiver of such provision nor of the right to enforce such provision