This Privacy Notice describes how and why the NPCP collects, uses, and stores Personal Data, and what rights you have in relation to the NPCP’s “processing” of your Personal Data. “Processing” means any operation, whether automated, that is performed on Personal Data or data sets, e.g., collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. The NPCP is both a “processor” and “controller” of Personal Data, meaning that the NPCP not only collects and uses Personal Data, but also it determines the purposes and means of “processing” it.
Who is Responsible for your Personal Data?
The Personal Data We May Collect from You and How We Use It
The NPCP collects information: (1) automatically when you use Our Websites, (2) directly from you, or (3) from third parties that handle transactions or applications related to the NPCP. Apart from information collected automatically when you access Our Websites, the type of Personal Information we collect about you depends on the nature of your interaction with the NPCP. Personal Data may be provided by you electronically on a web form, via email, fax, or otherwise.
I. Information That We Collect Automatically
When you visit Our Websites, we use (or may use in the future) various tools to collect information:
Personal Data Collected
Facebook Pixels: We may use Facebook Pixels in order to track users who have visited Our Websites through Facebook advertising. When users visit Our Websites as the result of clicking on a Facebook advertisement, Facebook Pixels allow us to track what actions users take on Our Websites, what links they click on, whether they put something in a shopping cart, where they go if they abandon it, whether they change devices or resume viewing later a different device, and other website usage information. This information, together with your Facebook ID, is sent back to Facebook where it is analyzed.
The information that we obtain through Google Analytics measures traffic and usage trends, which provide us with information that can help us improve Our Websites, outreach, and advertising. Facebook Pixels allow us to gauge the effectiveness of our advertisements and to create “lookalike” audiences for our advertisements, thereby broadening our outreach. Abandoned Cart Reports allow us to analyze why a purchase transaction might not have been accepted.
We set user and event data collected by Google Analytics for automatic deletion after 26 months. The information collected by using Facebook Pixels tracks “conversions” in response to a Facebook advertisement. A “conversion” is an action by a customer such as a purchase or adding something to a shopping cart. Conversion data is automatically deleted after 28 days.
II. Information that Users Provide to Us
Applicants for Certification are requested to provide their full name and address, telephone numbers, email address, and name of the school where the applicant trained. This Personal Data will be provided by the applicant to the NPCP’s test administration company, and that company will share that Personal Data with us.
The NPCP uses Personal Data from applicants and certificants to administer the Program, which may include activities such as addressing issues regarding verification of training, granting continuing education credits, administering exams, enforcing the Scope of Practice and Code of Ethics, publishing the names of certificants on the NPCP website, and gathering and analyzing statistics regarding certification.
The NPCP maintains an online certificant registry on its website. It is the policy of the program to provide only information necessary to demonstrate a certificant’s active status.
The only individuals that have access to certificant data are the Executive Director, Certification Manager, and the Certification Coordinators charged with the maintenance of the database and the monthly data transfers from PSI.
The following is considered confidential information:
- Application status
- Certification exam score
- Phone number(s), email and residential address(s).
The following is NOT considered confidential information and is held in the public domain:
- Certification status
- Certification number
- Country and City
Confidentiality, Security and Retention
All sensitive exam data is kept in a secure password protected directory on a media server and a backup server. All certification data is retained indefinitely in the iMIS database.
The NPCP and its test administration company have in place electronic and technical safeguards, managerial processes, and organization measures to prevent unauthorized access or disclosure, maintain data integrity, and ensure the appropriate use of Personal Data.
“Do Not Track” Signals (under California Online Privacy Protection Act (CalOPPA)
Our Websites do not support Do Not Track ("DNT") signals, so Our Websites do not behave differently when a DNT request is received. DNT is a preference you can set in your web browser to inform websites that you do not want to be tracked. However, there is currently no industry-standard way to handle these requests.
Your Data Protection Rights Under General Data Protection Regulation (GDPR)
- The right to access, update or to delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact the NPCP as provided below to assist you.
- The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
- The right to object. You have the right to object to our processing of your Personal Data.
- The right of restriction. You have the right to request that we restrict the processing of your Personal Data.
- The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
- The right to withdraw consent. You also have the right to withdraw your consent at any time where the NPCP relied on your consent to process your Personal Data.
Please note that the NPCP may ask you to verify your identity before responding to such requests.
You may have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
Our Websites do not address anyone under the age of 18 ("Minors"). Except as provided above with respect to research and Case Reports, we do not knowingly collect Personal Data from Minors. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from any minor without verification of parental consent, we will take steps to remove that it from our servers.
By email: [email protected]