Privacy Policy of SNOMED International Services

SNOMED International Services collects some Personal Data from its Users.

Personal Data processed for the following purposes and using the following services:

    • Analytics

      • Google Analytics with anonymized IP

        Personal Data: Cookies; Usage Data

      • Google Analytics 4

        Personal Data: number of Users; session statistics; Trackers; Usage Data

    • Backup saving and management

      • Amazon Glacier

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Contacting the User

      • Contact form

        Personal Data: company name; email address; first name; last name

      • Mailing list or newsletter

        Personal Data: email address; first name; last name

    • Content commenting

      • Comment system managed directly

        Personal Data: username

    • Displaying content from external platforms

      • Gravatar

        Personal Data: email address; Usage Data

      • Google Fonts

        Personal Data: Usage Data; various types of Data as specified in the privacy policy of the service

      • Font Awesome

        Personal Data: Usage Data

    • Hosting and backend infrastructure

      • Amazon Web Services (AWS)

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Infrastructure monitoring

      • Datadog

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Managing contacts and sending messages

      • Mailchimp and Amazon Simple Email Service (SES)

        Personal Data: email address

    • Registration and authentication

      • Google OAuth, GitHub OAuth and Linkedin OAuth

        Personal Data: various types of Data as specified in the privacy policy of the service

    • SPAM protection

      • Google reCAPTCHA

        Personal Data: Cookies; Usage Data

    • Tag Management

      • Google Tag Manager

        Personal Data: Usage Data

Further information about the processing of Personal Data

    • SNOMED International

      Your privacy is important to us, this policy is intended to provide more transparency over how we collect and use your personal data. They will also explain how to exercise your rights around the use of your personal information.

      When we refer to "SNOMED International," "we," or "us" in this policy, we mean the International Health Terminology Standards Development Organisation (IHTSDO), which controls the information we collect when you use the Services (the Data Controller). SNOMED International offers collaborative tools, including our web based tooling, and our related SNOMED CT terminology product. We also own and operate a number of websites and other related services, like support. We refer to all of these products, together with our other services and websites as "Services" in this policy.

      This Privacy Policy covers the information we collect about you when you use our products or services, or otherwise interact with SNOMED International (for example, attending SNOMED International events), unless a different privacy policy is displayed. This policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you. If you do not agree with this policy, do not access or use our Services.

      In some cases we may need to ask for your explicit consent to process your information or send you emails. In such cases we will either contact you directly or you will be asked for your consent when you next access the service. You have the right at any time to change your consent or have your details removed from our systems where applicable. Further information on how to do this can be found below.

      Information we collect about you
      We collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below.

      Information you provide to us
      We collect information about you when you input it into the Services or otherwise provide it directly to us.

      Account and Profile Information: We collect information about you when you register for an account, create or modify your profile, or set preferences through the Services. For example when you provide your name and email address. You also have the option of adding a profile photo, and other details to your profile information to be displayed in some of our Services. We keep track of your preferences when you select settings within the Services.
      Content you provide through our websites: The Services also include our websites owned or operated by us. We collect other content that you submit to these websites. For example, you provide content to us when you provide feedback or when you participate in any interactive features, surveys, activities or events.
      Information you provide through our support channels: The Services also include customer support, where you may choose to submit information regarding a problem you are experiencing with a Service. Whether you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.
      Payment Information: We collect certain payment and billing information when you register for certain paid subscription Services or Licences. For example, we ask you to designate a billing representative, including name and contact information, upon registration. You might also provide payment information, such as payment card details.

      Information we collect automatically when you use the Services
      We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services.

      Device and Connection Information: We collect information through your device about your operating system, browser type, IP address, or URLs of referring/exit pages. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services.
      Cookies and Other Tracking Technologies: SNOMED International and our third-party partners, such as our analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognize you across different Services and devices. For example our Single Sign On solution used to securely identify you when logging into our services. For more information, please see the specific details in this policy.

      How we use information we collect
      How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.

      To provide the Services and personalize your experience: We use information about you to provide the Services to you, including to process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the Services.
      To communicate with you about the Services: We use your contact information to send transactional communications via email and within the Services, including, reminding you of subscription or licence expirations, responding to your comments, questions and requests, providing customer support, and sending you technical notices, updates, security alerts, and administrative messages. These communications are part of the Services and in most cases you will have the option to unsubscribe to opt out of them.
      Customer support: We use your information to resolve technical issues you encounter, to respond to your requests for assistance, and to repair and improve the Services.
      For safety and security: We use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies.
      To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions.
      With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.
      Legal bases for processing (for EEA users): If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:
      We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
      It satisfies a legitimate interest (which is not overridden by your data protection interests), such as to control the use and access to our services, the use and licensing of SNOMED CT and to protect our legal rights and interests;
      You give us consent to do so for a specific purpose; or
      We need to process your data to comply with a legal obligation.


      If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.

      Sharing with third parties
      We sometimes share information with third parties that help us operate, provide, improve, integrate, and support our Services.

      Service Providers: We work with third-party service providers to provide website and tooling development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you. If a service provider needs to access information about you to perform services on our behalf, they do so under instruction from us, including abiding by policies and procedures designed to protect your information.
      With your consent:We share information about you with third parties when you give us consent to do so. For example, we may publicise how members or affiliates are using SNOMED CT on our public websites. With your consent, we may post your name alongside the article.

      How we store and secure information we collect

      Information storage and security:We use data hosting service providers in the United States to host the information we collect, and we use technical measures to secure your data. We have ensured that our service providers are GDPR or Privacy Shield compliant. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.

      How long we keep information:How long we keep information we collect about you depends on the type of information. After such time, we will either delete or anonymise your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.

      How to access and control your information:You have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them and any limitations. We will respond to requests about this within thirty(30) days.

      Your request and choices may be limited in certain cases. For example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we are permitted by law or have compelling legitimate interests to keep. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.

      You have the right to request a copy of your information. To object to our use of your information, to request the deletion or restriction of your information, or to request your information in a structured, electronic format. To initiate these requests, you may contact our Data Protection Team via privacy@snomed.org.

      You can request to have your data deleted, (the right to be forgotten). Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations. We will advise you if there is any reason we cannot delete your data as described above.

      You can request that we stop using your information. In some cases, you may ask us to stop accessing, storing, using and otherwise processing your information where you believe we don't have the appropriate rights to do so. For example, if you believe a Services account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this policy. Where you gave us consent to use your information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time. When you make such requests, we may need time to investigate and facilitate your request. If there is a delay or dispute as to whether we have the right to continue using your information, we will restrict any further use of your information until the request is honoured or the dispute is resolved.

      You can Opt out of communications. You may opt out of receiving communications from us by using the unsubscribe link within each email, updating your email preferences within your Service account settings menu, or by contacting us as provided below to have your contact information removed from our email list or registration database. Even after you opt out from receiving promotional messages from us, you may still receive transactional messages from us regarding our Services to allow us to operate your account or in relation to the provision or use of the Services. You can opt out of some notification messages in your account.

      You have the right to Data portability. To obtain some of your information in a format you can move from one service provider to another (for instance, when you transfer your mobile phone number to another carrier). Depending on the context, this applies to some of your information, but not to all of your information. Should you request it, we will provide you with an electronic file of your basic account information.

Contact information

    • Owner and Data Controller

      SNOMED International, 1 Kingdom Street, Paddington London, W2 6BD, United Kingdom

      Owner contact email: privacy@snomed.org