An identified or identifiable natural person is one who is or can be identified, directly or indirectly, by reference to information such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, cultural, or social identity of that natural person. Information that pertains to a company is not Personal Data, but the name and address of a company officer or employee is that person’s Personal Data.
Who is Responsible for Your Personal Data?
The Personal Data We May Collect from You and How We Use It
The NPCP collects information:
automatically when you use our websites
directly from you or through third parties that handle applications related to the NPCP
Apart from information collected automatically when you access our websites, the type of Personal Information we collect about you depends on the nature of your interaction with the NPCP. Personal Data may be provided by you electronically on a web form, or data transfer related to an application for certification.
I. Information That We Collect Automatically
When you visit our websites, we use (or may use in the future) various tools to collect information:
Facebook Pixels: We may use Facebook Pixels to track users who have visited our websites through Facebook advertising. When users visit Our Websites as the result of clicking on a Facebook advertisement, Facebook Pixels allow us to track what actions users take on Our Websites, what links they click on, whether they put something in a shopping cart, where they go if they abandon it, whether they change devices or resume viewing later a different device, and other website usage information. This information, together with your Facebook ID, is sent back to Facebook where it is analyzed.
The information that we obtain through Google Analytics measures traffic and usage trends, which provide us with information that can help us improve our websites, outreach, and advertising. Facebook Pixels allow us to gauge the effectiveness of our advertisements and to create “lookalike” audiences for our advertisements, thereby broadening our outreach. Abandoned Cart Reports allow us to analyze why a purchase transaction might not have been accepted.
II. Information That Users Provide To Us Or Through Online Applications
Users include applicants for certification, renewal, and continuing education approvals. Users are requested to provide their full name, address, telephone numbers, email address, and in the case of certification applicants, the name of the school where they trained.
The NPCP uses Personal Data from applicants and certificants to administer the Program, which may include activities such as addressing issues regarding verification of training, granting continuing education credits, administering exams, enforcing the Scope of Practice and Code of Ethics, publishing the names of certificants on the NPCP website, and gathering and analyzing statistics regarding certification.
The NPCP and its test administration company have in place electronic and technical safeguards, managerial processes, and organization measures to prevent unauthorized access or disclosure, maintain data integrity, and ensure the appropriate use of Personal Data.
The NPCP maintains an online certificant registry on its website. It is the policy of the program to provide only information necessary to demonstrate a certificant’s active status.
The only individuals that have access to certificant data are the Executive Director, and the Certification Coordinator charged with the maintenance of the database and the monthly data transfers from PSI.
The following is considered confidential information:
- Application status
- Certification exam score
- Phone number(s), email and residential address(s).
The following is NOT considered confidential information and is held in the public domain:
- Certification status
- Certification number
- Country and City
“Do Not Track” Signals Under the California Online Privacy Protection Act (CalOPPA)
Our website does not support Do Not Track ("DNT") signals, so our website does not behave differently when a DNT request is received. DNT is a preference you can set in your web browser to inform websites that you do not want to be tracked. However, there is currently no industry-standard way to handle these requests.
Your Data Protection Rights Under General Data Protection Regulation (GDPR)
The right to access, update or to delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact the NPCP as provided below to assist you.
The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
The right to object. You have the right to object to our processing of your Personal Data.
The right of restriction. You have the right to request that we restrict the processing of your Personal Data.
The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, and commonly used format.
The right to withdraw consent. You also have the right to withdraw your consent at any time where the NPCP relied on your consent to process your Personal Data.
Please note that the NPCP may ask you to verify your identity before responding to such requests.
You may have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
Our website does not address anyone under the age of 18 ("Minors"). We do not knowingly collect Personal Data from Minors. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from any minor without verification of parental consent, we will take steps to remove that data from our database.
User and event data collected by Google Analytics are set for automatic deletion after 26 months.
Conversion data collected by Facebook Pixels is automatically deleted after 28 days.
Personal Data that users provide to us or via email are deleted daily. Deleted emails are set to remain available for retrieval and reference for 5 years after which they are permanently deleted.
We do not destroy or amend Personal Data. Personal Data is kept indefinitely in the IMIS database unless a change request is received from a certificant, following the parameters set by this Confidentiality Policy.
By email: [email protected]