Effective date: January 1, 2025

This Privacy Policy describes how VitalTalk (“we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you visit or use vitaltalk.org (the “Site”), register for courses or events, contact us, or otherwise interact with VitalTalk. By using the Site or providing personal information to VitalTalk, you agree to the practices described in this policy.

1. Information we collect

We collect information you provide directly and information collected automatically.

  • Information you provide directly:
  • Contact details: name, email address, phone number, professional title, organization, postal address.
  • Account and course information: registration details, credentials, course preferences, payment and billing details (processed by our payment processor), professional credentials (e.g., role, licensure), and any materials you submit (surveys, feedback, written assignments).
  • Communications: messages you send to us, customer support requests, and other correspondence.
  • Affiliation verification: where applicable, proof of institutional affiliation (for example, Dana‑Farber email) and any documentation you provide to confirm eligibility.
  • Information collected automatically:
  • Usage data: pages visited, time spent on pages, links clicked, course participation data, and other analytics.
  • Device and technical data: IP address, browser type and version, operating system, device identifiers, and connection information.
  • Cookies and similar technologies: information collected via cookies, web beacons, pixels, and local storage to support functionality, analytics, and advertising preferences.

2. How we use information

We use personal information for the following purposes:

  • Provide and maintain services: process course registrations, manage accounts, deliver content, administer events and training, and process payments through third‑party payment processors.
  • Communications: send confirmations, course details, administrative messages, updates, promotional messages (where you have consented), and responses to inquiries.
  • Eligibility and verification: confirm professional affiliation and enforce exclusive access restrictions (for example, requiring a Dana‑Farber email for certain products).
  • Improvement and research: analyze usage to improve the Site, course content, and user experience; generate aggregated, de‑identified research and reports.
  • Security and fraud prevention: detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activity.
  • Legal and compliance: comply with legal obligations, respond to lawful requests, and enforce our terms and policies.

3. Legal bases for processing (if you are in the EEA/UK)

If you are located in the European Economic Area (EEA) or the UK, we rely on the following legal bases to process personal data:

  • Performance of a contract: processing necessary to provide the services you request (e.g., course registration and delivery).
  • Legitimate interests: processing for purposes such as site operation, fraud prevention, and improvement of our services, where those interests are not overridden by your rights.
  • Consent: where we obtain your explicit consent (for example, for marketing communications).
  • Legal obligation: processing necessary to comply with applicable laws.

4. Sharing and disclosure of information

We may share personal information with:

  • Service providers and vendors: third parties who perform services on our behalf, such as payment processors, hosting and infrastructure providers, analytics providers, email and communications platforms, CRM systems, and event and registration platforms.
  • Professional partners: organizations we collaborate with to deliver courses or research, when necessary and subject to confidentiality and data‑sharing agreements.
  • Legal and safety purposes: where required by law, legal process, or to protect rights, safety, or property.
  • Business transfers: in connection with a merger, acquisition, reorganization, or sale of assets, subject to reasonable assurances regarding data protection.
  • Aggregated and de‑identified data: we may share or publish aggregated, anonymized data that does not reasonably identify individual users.

We do not sell your personal information in exchange for money. Where the definition of “sale” under applicable law differs, we will indicate any such activity in supplemental notices.

5. Cookies and tracking technologies

We and our service providers use cookies and similar technologies to operate the Site, provide features, and analyze usage.

  • Types of cookies used:
  • Essential cookies: required for site functionality and security.
  • Performance and analytics cookies: used to understand site usage and improve the experience.
  • Functional cookies: remember preferences and personalize content.
  • Advertising/targeting cookies: used only where you have consented or as permitted by law.
  • Managing cookies:
  • You can manage cookie preferences through your browser settings and any cookie consent tool presented on the Site. Disabling certain cookies may affect Site functionality.

6. Third‑party links and platforms

The Site may contain links to third‑party sites and services. This policy does not apply to third‑party websites. We recommend reviewing the privacy policies of those sites before providing personal information.

7. Data retention

We retain personal information as long as necessary to provide services, fulfill the purposes in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and purpose; when feasible, we delete or de‑identify information that is no longer needed.

8. Data security

We maintain administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, alteration, and disclosure. While we strive to protect your data, no system can be guaranteed to be 100% secure; please use caution when transmitting information online.

9. Your rights and choices

Depending on your location, you may have rights regarding your personal information, including:

  • Access: request access to personal data we hold about you.
  • Correction: request correction of inaccurate or incomplete data.
  • Deletion: request deletion of your personal data, subject to legal exceptions.
  • Restriction or objection: request restriction of processing or object to certain processing (including marketing).
  • Data portability: request a copy of your personal data in a commonly used, machine‑readable format.
  • Withdraw consent: withdraw consent where processing is based on consent.
  • Opt‑out of marketing: unsubscribe from marketing communications using the link in emails or by contacting us.

To exercise rights, contact us at the address below. We may need to verify your identity before fulfilling requests. We will respond in accordance with applicable law.

10. International transfers

VitalTalk is based in the United States. Personal information may be processed and stored in the U.S. and other countries. Where data is transferred outside your country, we implement appropriate safeguards (such as contractual protections) to protect personal information.

11. Children’s privacy

The Site is not directed to children under 16. We do not knowingly collect personal information from children under 16. If we learn we have collected data from a child under 16, we will take steps to delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When changes are material, we will provide notice via the Site or by other means (for example, email) prior to the change taking effect. The “Effective date” at the top indicates when this policy was last updated.