The ClinicalPosters store is hosted on Shopify Inc. They provide the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application on a secure server behind a firewall.
This page details the measures ClinicalPosters has in place to protect visitor and customer data. As a USA company, ClinicalPosters is bound by Federal and state laws affecting user privacy and taxation. Other parties cooperating to deliver the unique browsing experience reside in other parts of the world. ClinicalPosters endeavors to handle customer data as securely and responsibly as possible. For specifics, see topics below.
SECTION 1 - What we do with your information
Cookies, or little bits of text, that help this website interact with visitors are saved on your computer. You may adjust built-in browser privacy settings but cookie duration is automatically set to optimize your browsing experience on this site. Shopify cookies are disclosed in a separate document.
Like most sites, ClinicalPosters uses Google Analytics for aggregating site activity based on visitor IP addresses. This reveals the number of visits, page views, sales, types of devices for specified time periods, and total visits from various regions. A Google option to use visitor cookie data for marketing on other websites and platforms is disabled.
Local tracking during site visits helps protect user data from unauthorized access and determine whether there are clear paths to customer checkout.
For the purpose of Pinterest conversion tracking, information will be shared with third parties to measure ad effectiveness. You may opt out of most advertiser tracking through your browser’s Do Not Track feature or your social media settings.
As you browse our store, we automatically receive your computer’s Internet protocol (IP) address to help us learn about your browser and operating system. This allows pages to be formatted correctly and for individual preferences or shopping cart contents to be preserved.
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address. A basic Customer Account is created to securely preserve this information. Contact information and recent order history are accessible during customer login.
How is data secured? +
ClinicalPosters is hosted behind multiple firewalls on an e-commerce platform that is compliant with Payment Card Industry Data Security Standard (PCI DSS) and GDPR. Admin data access requires password by individuals with appropriate security clearance. A dynamic audit trail of record access and edits is maintained. Programmers work around the clock to provide admin with realtime status updates. Suspicious user agent and IP patterns are monitored both dynamically and against blacklists.
How is my credit card information secured? +
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with an AES-256 encryption, meeting all 6 categories of PCI standards:
- Maintain Secure Network
- Maintain Vulnerability Management Program
- Regularly Monitor and Test Networks
- Protect Cardholder Data
- Implement Strong Access Control Measures
- Maintain an Information Security Policy
How long is data stored? +
In accordance with local tax laws, ClinicalPosters retains customer order history at least 5 years. Third-party processors may maintain data for as short as 6 months for EU customers to 18 months. Most do not retain any personal information.
To facilitate reorders and customer logins, customer account data is retained indefinitely by ClinicalPosters or until deletion request is received. During customer login, addresses and phone numbers may be added or edited. Use the Contact form to request copies of invoices or verified email changes.
When and how will I be notified in the event of a data breach? +
ClinicalPosters does not have direct access to credit card data, which has additional layers of security. In the unlikely event of a breach, third parties (those that actually store financial data) or ClinicalPosters will prioritize email notification of identified European customers within 72 hours of discovery with a status report.
SECTION 2 - Consent
Age of consent? +
This website is not intended for minors. Measures taken to minimize exposure of inappropriate content to minors are not foolproof. By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
How is my email captured? +
Email addresses are voluntarily submitted within subscription links, through a specific email field at the bottom of ClinicalPosters website pages, when subscribing to ClinicalPosters blogs or recurring services, and during checkout on this website, Pinterest or eBay.
Names and email addresses within Contact form message are not automatically added to our mailing list and do not create a Customer Account unless specifically expressed within the message.
In what ways is my email address used? +
We use email to respond to any feedback or support emails you send us. We also notify you of important account-related matters, such as security or billing problems. Emails generally fall into two categories:
- Transactional email is required for customer login, and communication regarding pending or recent orders. This is the preferred method of communication for security announcements.
- Our marketing email includes the monthly A Bit More Healthy newsletter that summarizes recent ClinicalPosters News and Health articles. Opting out of marketing (unsubscribing) blocks these newsletters but not other transactional communication.
Email marketing (A Bit More Healthy newsletter): With your permission, we may send you emails about our store, new products and other updates. When an order is fulfilled or historical data is transferred (to another company or hosting service), you may receive notification regardless of marketing preferences.
What happens if I opt-out of the mailing list? +
If you fail to opt in while providing email address during checkout, your Customer Account information will remain at ClinicalPosters, flagged not to receive marketing messages. About 70 percent of Health blog pages are only visible to logged in subscribers.
Marketing emails include an unsubscribe link. This does prevent transactional emails deemed necessary to fulfill a contract such as notification of shipping, delivery confirmation, order followup and account security information.
How is my phone number used? +
A customer phone number is recommended but optional. FedEx always requires it and USPS Priority Mail requests it for international shipments. Absence of a recipient phone number can hinder delivery. During checkout, it is possible to request SMS order updates. (Data usage rates may apply.)
Customers may periodically receive phone calls from ClinicalPosters to determine satisfaction, update account information, and share or demonstrate important site features.
How are my street addresses used? +
Billing address is a credit card validation to prevent fraud. It is included on optional printed invoices but not packing slips. ClinicalPosters currently has no postal mail marketing program but reserves this option to disseminate important transactional or promotional samples when necessary.
Shipping address is required to deliver merchandise. It may be securely validated with third-party technology against postal databases to prevent undeliverable packages. Shipping addresses are shared with some vendors to facilitate direct manufacturer product shipping if deemed most expedient. Customers have secure access to Google geolocation map while packages are in transit. Addresses are user-editable when logged into ClinicalPosters.
- Consent: The data subject has freely given consent for their information to be processed for a specific purpose.
- Contract: Processing is necessary due to the fulfillment of a contract.
- Legal Obligation: Processing is necessary to comply with the law.
- Vital Interest: Processing is necessary to save or protect an individual’s life.
- Public Tasks: Processing is necessary to perform a public interest in official functions. (Primarily applies to government agencies.)
- Legitimate Interests: Processing is necessary to legitimate interests of organization or third-party affiliate.
What are examples of unambiguous consent? +
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only. Some consent is implied by the very nature of the user action performed to capture such information.
The Checkout page and Customer Account page, accessible when logged in, include an identical summary of how private data is used along with a link to opt out of our mailing list. Below are some situations that may have obvious intent at the point of capture.
- Create account to receive newsletter —
- Create Wishlist —
- Include address on order —
- Provide phone number and request SMS updates during checkout —
- Reply to blog —
- Request to placed on mailing list during checkout —
- Write product review —
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
SECTION 3 - Third-Party Services
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
Certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which these providers will handle your personal information.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Which third parties carry out legitimate interests? +
Some vendors are granted API access to specific functions by virtue of a contract with ClinicalPosters or have legitimate interests to help fulfill contracts with customers.
Couriers and border customs officials have access to consignee name, address and, for international delivery, package contents. ClinicalPosters may use a remote incremental data backup system to preserve integrity of the site as a protection against unexpected system failures or accidental data deletion.
Do third-party vendors have appropriate security? +
Privacy and GDPR-Compliance Links for ClinicalPosters Vendors
Facebook account holders sometimes post links to ClinicalPosters pages.
ICANN is the global administrator for Internet domains for individuals and registrars. ICANN is seeking a moratorium on GDPR compliance.
USPS is a United States government agency that delivers mail throughout the world. It has not disclosed GDPR compliance.
Will this policy be modified? +
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we (ClinicalPosters) may continue to sell products to you.
Where can I find additional GDPR or privacy information? +
A link to our Privacy notice can be found within the footer of the ClinicalPosters website. Your attorney, accountant and digital security consultants can provide further assistance.
- Will Companies ‘Brexit’ EU Over GDPR? May 7, 2018 — ClinicalPosters News Blog
- Welcome to the World of GDPR Compliant Websites. May 25, 2018 — ClinicalPosters News Blog
- Why Companies Should Embrace GDPR. June 5, 2018 — ClinicalPosters News Blog
- Effects of GDPR When Launching Online Business. July 24, 2018 — ClinicalPosters News Blog
- What is Valid Consent Under the GDPR? pcounsel.com
- GDPR Final Text (PDF) Brussels, 6 April 2016, europa.eu
- Digital Advertising Alliance. optout.aboutads.info
- Shopify Terms of Service or Privacy statements. shopify.com
- Shopify Data Processing Addendum for EU residents. shopify.com
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at privacy-[at]-clinicalposters.org, use the Contact form or mail request to ClinicalPosters Privacy Compliance, PO Box 451051, Los Angeles CA 90045-8509.